Problem at inserting a DB entry
-
Hi Guys, Below code don't allow to create entry at database with null areas and pop-up comes to warn user. I fill all fields/create entry and all fields are cleared up for new entry but once I try to add new entry, program allows me to create with empty fields. Do I need to add some code in order form to reload or something like that? What would be the way of getting rid of this issue? Thanks. note: something other than Application.Restart(). that would be great if no close&open app.
private void btnStokEkle_Click_1(object sender, EventArgs e)
{
if (txtAdi.Text == "" || txtModel.Text == "" || txtSeriNo.Text == "" || gon.Text == "" || tah.Text == "")
{
MessageBox.Show("Lütfen Tüm Alanları Doldurunuz.", "Hata", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}else vt.sqlCalistir("insert into kolon (siparis,malzeme,takip,gonder,tahmini,gercek) values ('" + txtAdi.Text + "','" + txtModel.Text + "','" + txtSeriNo.Text + "','" + gon.Text + "','" + tah.Text + "', '" + tt.Text + "')"); MessageBox.Show("İşlem Kaydı Yapıldı.", "İşlem Tamam", MessageBoxButtons.OK, MessageBoxIcon.Information); getir(); txtId.Clear(); txtAdi.Clear(); txtModel.Clear(); txtSeriNo.Clear(); gon.EditValue = " "; tah.EditValue = " "; tt.EditValue = " "; txtSeriNo.Text = Environment.UserName; } -
Hi Guys, Below code don't allow to create entry at database with null areas and pop-up comes to warn user. I fill all fields/create entry and all fields are cleared up for new entry but once I try to add new entry, program allows me to create with empty fields. Do I need to add some code in order form to reload or something like that? What would be the way of getting rid of this issue? Thanks. note: something other than Application.Restart(). that would be great if no close&open app.
private void btnStokEkle_Click_1(object sender, EventArgs e)
{
if (txtAdi.Text == "" || txtModel.Text == "" || txtSeriNo.Text == "" || gon.Text == "" || tah.Text == "")
{
MessageBox.Show("Lütfen Tüm Alanları Doldurunuz.", "Hata", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}else vt.sqlCalistir("insert into kolon (siparis,malzeme,takip,gonder,tahmini,gercek) values ('" + txtAdi.Text + "','" + txtModel.Text + "','" + txtSeriNo.Text + "','" + gon.Text + "','" + tah.Text + "', '" + tt.Text + "')"); MessageBox.Show("İşlem Kaydı Yapıldı.", "İşlem Tamam", MessageBoxButtons.OK, MessageBoxIcon.Information); getir(); txtId.Clear(); txtAdi.Clear(); txtModel.Clear(); txtSeriNo.Clear(); gon.EditValue = " "; tah.EditValue = " "; tt.EditValue = " "; txtSeriNo.Text = Environment.UserName; }Not like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead. When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment. So it does: selects any matching rows, deletes the table from the DB, and ignores anything else. So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
-
Not like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead. When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment. So it does: selects any matching rows, deletes the table from the DB, and ignores anything else. So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
Well noted OriginalGriff. As a C# beginner, I was trying to practice basic CRUD in Access db and yes backup is on. I am just stuck at solving this. so is it all about SQL commands? if I use correct commands then that click event won't save any entry with a null field?
-
Well noted OriginalGriff. As a C# beginner, I was trying to practice basic CRUD in Access db and yes backup is on. I am just stuck at solving this. so is it all about SQL commands? if I use correct commands then that click event won't save any entry with a null field?
What null field? A TextBox never contains null, if it is empty, then its .Text property returns the empty string, not null. :)
Luc Pattyn [My Articles] Nil Volentibus Arduum
-
Hi Guys, Below code don't allow to create entry at database with null areas and pop-up comes to warn user. I fill all fields/create entry and all fields are cleared up for new entry but once I try to add new entry, program allows me to create with empty fields. Do I need to add some code in order form to reload or something like that? What would be the way of getting rid of this issue? Thanks. note: something other than Application.Restart(). that would be great if no close&open app.
private void btnStokEkle_Click_1(object sender, EventArgs e)
{
if (txtAdi.Text == "" || txtModel.Text == "" || txtSeriNo.Text == "" || gon.Text == "" || tah.Text == "")
{
MessageBox.Show("Lütfen Tüm Alanları Doldurunuz.", "Hata", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}else vt.sqlCalistir("insert into kolon (siparis,malzeme,takip,gonder,tahmini,gercek) values ('" + txtAdi.Text + "','" + txtModel.Text + "','" + txtSeriNo.Text + "','" + gon.Text + "','" + tah.Text + "', '" + tt.Text + "')"); MessageBox.Show("İşlem Kaydı Yapıldı.", "İşlem Tamam", MessageBoxButtons.OK, MessageBoxIcon.Information); getir(); txtId.Clear(); txtAdi.Clear(); txtModel.Clear(); txtSeriNo.Clear(); gon.EditValue = " "; tah.EditValue = " "; tt.EditValue = " "; txtSeriNo.Text = Environment.UserName; }Hi Al Soyo, This was interesting, Please ping me on skype (tranthanhtu83) if you still not solve this issue.
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
-
Hi Al Soyo, This was interesting, Please ping me on skype (tranthanhtu83) if you still not solve this issue.
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
You've been here long enough to know that this is NOT how CodeProject works. If you want to help someone, then help them here on the site, so that others who are having the same problem can see the discussion and benefit from it.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
You've been here long enough to know that this is NOT how CodeProject works. If you want to help someone, then help them here on the site, so that others who are having the same problem can see the discussion and benefit from it.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Hi Richard Deeming, I intend to check the code and will write another comment for the root cause. Just look at the code, seems not create such problem. And I will appreciate if you can talk in more friendly way (such as: this will violate the rule, .....). We are here to learn and share friend and you are not my boss. Thanks
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
-
Hi Richard Deeming, I intend to check the code and will write another comment for the root cause. Just look at the code, seems not create such problem. And I will appreciate if you can talk in more friendly way (such as: this will violate the rule, .....). We are here to learn and share friend and you are not my boss. Thanks
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
Trying to take the discussion off-line violates the rules of this site. If you want to help people on CodeProject, then help them HERE, not in a Skype discussion. You've been here over 11 years. That's more than long enough to know the rules!
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Trying to take the discussion off-line violates the rules of this site. If you want to help people on CodeProject, then help them HERE, not in a Skype discussion. You've been here over 11 years. That's more than long enough to know the rules!
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Thank Richard Deeming,
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
-
Hi Al Soyo, This was interesting, Please ping me on skype (tranthanhtu83) if you still not solve this issue.
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
Since I'm not your boss, I need not stay friendly. There is nothing "interesting" about his "issue", and it seems like spamming. Going for a coffee before I decide whether or not to report this as spam, since your post does not contribute anything.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Since I'm not your boss, I need not stay friendly. There is nothing "interesting" about his "issue", and it seems like spamming. Going for a coffee before I decide whether or not to report this as spam, since your post does not contribute anything.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Thank Eddy Vluggen for letting me know your idea. Yeah, it was up to you. Let consider the situation, @Eddy Vluggen has a problem with his code and the code seems works fine. The problem was still there, I intend to ask him and may run the code to see any potential cause raises this problem, and may help him to fix. of course, I can write another comment about the root cause if I can found. And I was not allowed and may be reported as spammer just because someone did not see what I see: The code looks ok but not work. @Eddy Vluggen: Do you think this is the interesting point. Again, thank for let me know your idea and you can do what ever you think is right.
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
-
Thank Eddy Vluggen for letting me know your idea. Yeah, it was up to you. Let consider the situation, @Eddy Vluggen has a problem with his code and the code seems works fine. The problem was still there, I intend to ask him and may run the code to see any potential cause raises this problem, and may help him to fix. of course, I can write another comment about the root cause if I can found. And I was not allowed and may be reported as spammer just because someone did not see what I see: The code looks ok but not work. @Eddy Vluggen: Do you think this is the interesting point. Again, thank for let me know your idea and you can do what ever you think is right.
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
tranthanhtu.vn wrote:
And I was not allowed and may be reported as spammer just because someone did not see what I see: The code looks ok but not work.
The code does not look "ok". It is also not a particular complicated subject, there's literally examples on MSDN that you can copy and paste.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
tranthanhtu.vn wrote:
And I was not allowed and may be reported as spammer just because someone did not see what I see: The code looks ok but not work.
The code does not look "ok". It is also not a particular complicated subject, there's literally examples on MSDN that you can copy and paste.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Thank Eddy Vluggen, Oh, I may lack of knowledge about "Win Application". Ok, will come back and see the root cause and learn.
Best regards, TU Tran Technical Leader Blog: http://tranthanhtu.vn Mail: contact@tranthanhtu.vn Mobile: +84 90 883 884 6 Skype: tranthanhtu83 CodeProject: @techcoaching LinkedIn: tutrancoaching Github: techcoaching
