problem to retrieve an info in a sql request / problème pour recéper une info dans une requête sql

Richard Deeming

Sorry, I posted that before I noticed that you'd commented-out the vulnerable code.

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

ago2486

thank you sir i was afraid i didn't do what you told me.

ago2486

You are right sir but frankly I don't know how to explain it to you. but once I submit the add button after filling in all the fields as it should be this is the message I receive. And nothing in the access database.

OriginalGriff

What is the message you recieve? What line does it happen on? What does the debugger show you is going on? So far, all I have is "I have an error like microsoft jet engine" which tells me nothing at all!

"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony AntiTwitter: @DalekDave is now a follower!

Lost User

But what is the error message?

ago2486

Ok, thank you sir. I removed my block of code in the try and here is the error: at the level of sql_cmd.ExecuteNonQuery ();
System.Data.OleDb.OleDbException: 'No value given for one or more of the required parameters.'

private void BtnAjouter_Click(object sender, EventArgs e)
{
int total;
decimal total_achat;
//si les champs sont vides
if (TxtDesignation.Text == "" || TxtPrixUnitaire.Text == "" || TxtQteCmd.Text == "" || TxtQteStock.Text == "" || TxtRefProduit.Text == "")
{
MessageBox.Show("Rassurez vous que tous les champs ont bien été rempli.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
//Vérifier si la valeur saisie est numeric
if (Int32.TryParse(TxtQteCmd.Text, out int value) && TxtRefProduit.Text != "")
{
//Vérifier si la commande est inferieur ou egale au stock
int a = 0;
int b = 0;
int c;

                //Convertire les textBox en int
                int.TryParse(TxtQteCmd.Text.Trim(), out a);
                int.TryParse(TxtQteStock.Text.Trim(), out b);
                int.TryParse(TxtPrixUnitaire.Text.Trim(), out c);

                if (a <= b)
                {
                    total = a \* c;
                    total\_achat = 0;

                    //try
                   // {
                        setConnection();
                        sql\_con.Open();
                       using (sql\_cmd = sql\_con.CreateCommand())
                        {
                           string txtQuery = "INSERT INTO Detail\_temp (ref\_det, qute\_det, Designation, Prix\_unitaire\_HT, Prix\_total\_HT) VALUES (@ref\_det,@qute\_det,@Designation,@Prix\_unitaire\_HT,@Prix\_total\_HT)";
                           sql\_cmd.Parameters.AddWithValue("@ref\_det", TxtRefProduit.Text);
                           sql\_cmd.Parameters.AddWithValue("@qute\_det", TxtQteCmd.Text);
                           sql\_cmd.Parameters.AddWithValue("@Designation", TxtDesignation.Text);
                           sql\_cmd.Parameters.AddWithValue("@Prix\_unitaire\_HT", TxtPrixUnitaire.Text);
                           sql\_cmd.Parameters.AddWithValue("@Prix\_total\_HT", total);
                           sql\_cmd = new OleDbCommand(txtQuery, sql\_con);

ago2486

System.Data.OleDb.OleDbException: 'No value given for one or more of the required parameters.'

OriginalGriff

Right: and what do you think that message means? Hint: What do you do immediately after you add the parameter values to sql_cmd ? (This is not a trick question)

"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony AntiTwitter: @DalekDave is now a follower!

Lost User

That cannot be true since there is no SQL command in the code you posted.

ZurdoDev

ago2486 wrote:

'No value given for one or more of the required parameters.'

That is not "some error", it tells you exactly what the problem is. You need to make sure you are submitting a value for all parameters.

Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.

ago2486

for me this message means that one of the values entered in the texbox is not loaded in the database suddenly it sees no data in the fields. I have the impression that my fields remain empty after adding

ago2486

I even tried this if, I have the same error

using (sql_cmd = sql_con.CreateCommand())
{
string txtQuery = "INSERT INTO Detail_temp (ref_det, qute_det, Designation, Prix_unitaire_HT, Prix_total_HT) VALUES (@ref_det, @qute_det, @Designation, @Prix_unitaire_HT, @Prix_total_HT)";
OleDbParameter refprod = sql_cmd.Parameters.AddWithValue("@ref_det", OleDbType.VarChar);
refprod.Value = TxtRefProduit.Text;
OleDbParameter qtecmd = sql_cmd.Parameters.AddWithValue("@qute_det", OleDbType.VarChar);
qtecmd.Value = TxtQteCmd.Text;
OleDbParameter design = sql_cmd.Parameters.AddWithValue("@Designation", OleDbType.VarChar);
design.Value = TxtDesignation.Text;
OleDbParameter prixU = sql_cmd.Parameters.AddWithValue("@Prix_unitaire_HT", OleDbType.Integer);
prixU.Value = TxtPrixUnitaire.Text;
OleDbParameter prixT = sql_cmd.Parameters.AddWithValue("@Prix_total_HT", OleDbType.Integer);
prixT.Value = total;

                           sql\_cmd = new OleDbCommand(txtQuery, sql\_con);
                           sql\_cmd.ExecuteNonQuery();
                          
                        }

OriginalGriff

Please, look closely at your code. What does this line do exactly:

sql_cmd = new OleDbCommand(txtQuery, sql_con);

Not a trick question: Here it is as multiple choice: 1) Nothing 2) Throw away the existing content of the variable and replace it with a new, empty one. 3) Catch fire and die. 4) Create a new instance and assign all the old data to it. Extra hint: It's less than (3) and greater than (1).

"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony AntiTwitter: @DalekDave is now a follower!

OriginalGriff

Look at his code and see what he does immediately after adding the parameters and their values...

"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony AntiTwitter: @DalekDave is now a follower!

Richard Deeming

Griff has already spotted the problem in the thread above, but in case it's not obvious, here's what your code is doing:

Quote:

// using (sql_cmd = sql_con.CreateCommand())
{
string txtQuery = "INSERT INTO Detail_temp (ref_det, qute_det, Designation, Prix_unitaire_HT, Prix_total_HT) VALUES (@ref_det,@qute_det,@Designation,@Prix_unitaire_HT,@Prix_total_HT)";
sql_cmd.Parameters.AddWithValue("@ref_det", TxtRefProduit.Text);
sql_cmd.Parameters.AddWithValue("@qute_det", TxtQteCmd.Text);
sql_cmd.Parameters.AddWithValue("@Designation", TxtDesignation.Text);
sql_cmd.Parameters.AddWithValue("@Prix_unitaire_HT", TxtPrixUnitaire.Text);
sql_cmd.Parameters.AddWithValue("@Prix_total_HT", total);
sql_cmd = new OleDbCommand(txtQuery, sql_con);
sql_cmd.ExecuteNonQuery();
//ExecuteQuery(txtQuery);
}

Creates a string variable to hold the query;
Adds 5 parameters to the sql_cmd variable;
Throws the sql_cmd variable away and sets it to a new OleDbCommand instance;
Attempts to execute the sql_cmd without adding any parameters to it;

This is yet another reason not to store the OleDbConnection and OleDbCommand objects in class-level fields. The first bit of your code is manipulating a command from a previous method. If the sql_cmd field hasn't been initialized, you may even get a NullReferenceException. Change your code to create and use a new OleDbCommand instance, wrapped in a using block:

using (OleDbCommand cmd = sql_con.CreateCommand())
{
cmd.CommandText = "INSERT INTO Detail_temp (ref_det, qute_det, Designation, Prix_unitaire_HT, Prix_total_HT) VALUES (@ref_det,@qute_det,@Designation,@Prix_unitaire_HT,@Prix_total_HT)";

cmd.Parameters.AddWithValue("@ref\_det", TxtRefProduit.Text);
cmd.Parameters.AddWithValue("@qute\_det", TxtQteCmd.Text);
cmd.Parameters.AddWithValue("@Designation", TxtDesignation.Text);
cmd.Parameters.AddWithValue("@Prix\_unitaire\_HT", TxtPrixUnitaire.Text);
cmd.Parameters.AddWithValue("@Prix\_total\_HT", total);

sql\_con.Open();
cmd.ExecuteNonQuery();

}

Ideally, you should change your code to create the OleDbConnection as a local variable wrapped in a using block too, and delete the sql_co

ZurdoDev

OriginalGriff wrote:

Look at his code

Ya, I know. I was more referring to the fact that three separate people asked what the error was and the OP just kept saying "some error." :doh:

Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.

ago2486

answer 4

ago2486

Thank you very much to you I try it and I come back to you

OriginalGriff

Wrong.

Quote:

Extra hint: It's less than (3) and greater than (1).

Think: What does the new keyword actually do?

"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony AntiTwitter: @DalekDave is now a follower!

ago2486

Can you explain it to me please? I'm just a beginner who learns through some tutorials