How to print a recording

OriginalGriff

For starters, never do this:

string txtQuery = "insert into InfoCode (Code, DateCode, PriceCode) values ​​('" + lblDisplay.Text + "', '" + dateTimePicker1.Text + "', '" + txtAfficePrice.Text + "')";

Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. When you concatenate strings, you cause problems because SQL receives commands like:

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

DROP TABLE MyTable;

A perfectly valid "delete the table" command

--'

And everything else is a comment. So it does: selects any matching rows, deletes the table from the DB, and ignores anything else. So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you? That won't solve your problem, but it's a major risk that you need to address immediately. For the problem you have found, start with the debugger. Put a breakpoint on the line

dataGridView1.DataSource = DT;

and run your app. When it hits the breakpoint, have a close look at DT and see exactly what has been returned. How many columns? How many rows? What is in the actual cells? As an aside, you need to look at your naming conventions:

private void ExecuteQuery (String txtQuery)
{
SetConnection ();
sql_con.Open ();
sql_cmd = sql_con.CreateCommand ();
sql_cmd.CommandText = txtQuery;
sql_cmd.ExecuteNonQuery ();

In any code review, a method called ExecuteQuery which calls ExecuteNonQuery would be at target for abusive language! :laugh:

Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!

ago2486

Thank you for all these tips for me will be a pulse to my learning. it's in my research that I found but what do you recommend to me?
I correct this error before talking about printing or after?

OriginalGriff

I'd correct it first - if only because once you fix the other problem you probably won't "get around to it" otherwise! :laugh:

Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!

ago2486

Frankly thank you for giving me your time. give me a few minutes just the time for me to redo my connection and I come back to you.

OriginalGriff

Not a problem!

Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!

ago2486

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.OleDb;
using System.Data.SQLite;

namespace Acode
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();

    }
    private SQLiteConnection sql\_con;
    private SQLiteCommand sql\_cmd;
    private SQLiteDataAdapter DB;
    private DataSet DS = new DataSet();
    private DataTable DT = new DataTable();

    private void setConnection()
    {
    sql\_con = new SQLiteConnection(@"Data Source=DBcode.db; Version=3;New=;Compress=True;");
    }

    private void LoadData()
    {
        setConnection();
        sql\_con.Open();
        sql\_cmd = sql\_con.CreateCommand();
        sql\_cmd.CommandText = "select \* from InfoCode";
        DB = new SQLiteDataAdapter(sql\_cmd.CommandText, sql\_con);
        DS.Reset();
        DB.Fill(DS);
        DT = DS.Tables\[0\];
        dataGridView1.DataSource = DT;
        sql\_con.Close();
    }

    private void Form1\_Load(object sender, EventArgs e)
    {
        LoadData();

    }

    private void ExecuteQuery()
    {
    setConnection();
    sql\_con.Open();
    sql\_cmd = sql\_con.CreateCommand();
    //sql\_cmd.CommandText = txtQuery;
    //sql\_cmd.ExecuteNonQuery();
    sql\_con.Close();
    }

    public static string randomstring(int length)
    {
        const string chars = "ABCDEFGHIJKLMNOPQRSTUVWYZ0123456789";
        Random random = new Random();
        return new string(Enumerable.Repeat(chars, length).Select(s => s\[random.Next(s.Length)\]).ToArray());
    }
    private void btnGenerer\_Click(object sender, EventArgs e)
    {
       
        lblAffichage.Text = randomstring(4);
        txtAffichPrix.Text = "100";
    }

    private void button1\_Click(object sender, EventArgs e)
    {
        lblAffichage.Text = randomstring(5);
        txtAffichPrix.Text = "300";
    }

    private void button2\_Click(object sender, EventArgs e)
    {
        lblAffichage.Text = randomstring(6);
        txtAffichPrix.Text = "500";
    }

   
    private void btnEnregistrer\_Click(object sender, EventArgs e)
    {
        if (lblAffichage.

OriginalGriff

No, when I meant was "Don't concatenate strings" and "Parameterized queries" are teh important bit:

sql_cmd.CommandText = "insert into InfoCode (Code, DateCode, PrixCode) values('" + lblAffichage.Text + "' , '" + dateTimePicker1.Text + "' , '" + txtAffichPrix.Text + "')";

Is extremely dangerous, not the "wrong name" bit! :laugh:

Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!

ago2486

but what should I do? since you asked me to correct the error. can you tell me more so that I can understand

OriginalGriff

Have a google for Parameterized queries - there is a lot out there. But basically:

        using (SqlConnection con = new SqlConnection(strConnect))
            {
            con.Open();
            using (SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con))
                {
                cmd.Parameters.AddWithValue("@C1", myValueForColumn1);
                cmd.Parameters.AddWithValue("@C2", myValueForColumn2);
                cmd.ExecuteNonQuery();
                }
            }

Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!

ago2486

i will do it aisin and come back to you, thanks for your help

ago2486

private void btnAdd_Click(object sender, EventArgs e)
{
if (lblAffichage.Text == "")
{
MessageBox.Show("Merci de bien vouloir générer le code");
}
else
{
using (SQLiteConnection con = new SQLiteConnection(sql_con))
{
con.Open();
using (SQLiteCommand cmd = new SQLiteCommand("INSERT INTO InfoCode (Code, DateCode, PrixCode) VALUES (@Code, @DateCode, @PrixCode)", con))
{
cmd.Parameters.AddWithValue("@Code", lblAffichage.Text);
cmd.Parameters.AddWithValue("@DateCode", dateTimePicker1.Text);
cmd.Parameters.AddWithValue("@PrixCode", txtAffichPrix.Text);
cmd.ExecuteNonQuery();
}
LoadData();
MessageBox.Show("Enregistrement effectué avec succès");
lblAffichage.Text = "";
groupBoxGenerer.Enabled = false;
btnEnregistrer.Enabled = false;
this.Refresh();
}
}
}
Thank you very much for your help ... it works

ago2486

Hello sir I was able to find a solution to print, I'm going through a DataSet: I connected the DataSet to my database

:thumbsup:

ago2486

here is the code: {
setConnection();
sql_con.Open();
sql_cmd = sql_con.CreateCommand();
string CommandText = "select * from InfoCode";
DB = new SQLiteDataAdapter(CommandText, sql_con);
DS.Reset();
CrystalReportImprimCode x = new CrystalReportImprimCode();
DBset dt = new DBset();
DB.Fill(dt.InfoCode);
x.SetDataSource((DataTable)dt.InfoCode);
crystalReportViewer1.ReportSource = x;
crystalReportViewer1.Refresh();
sql_con.Close();
}