help me about insert
-
I create one appl. in C# and now i wanna insert string-text from textboxes to datagrid but it shows me one error. here is the code which i did write: The code is for InsertButton.I am not using storedProcedure. string ins = "INSERT INTO tabela(Column1,Column2,Column3,Columns4)VALUES ("+ "'"+ this.txtColumn1.Text + "'" + ","+ "'" + this.txtColumn2.Text + "'" + "," + "'" + this.txtColumn3.Text + "'" + "," + "'" + this.txtColumns4.Text + ")"; SqlConnection stringuu = new SqlConnection( "workstation id=mypc;packet size=4096;integrated security=SSPI;data source=mydatabase;persist security info=False;initial catalog="); SqlDataAdapter daa = new SqlDataAdapter(); DataSet dss = new DataSet(); daa.Fill(dss,"table"); SqlCommand inscomm= new SqlCommand(shtoje,stringuu); stringuu.Open(); inscomm.ExecuteNonQuery(); stringuu.Close(); can somebody tell me where is mistake???
-
I create one appl. in C# and now i wanna insert string-text from textboxes to datagrid but it shows me one error. here is the code which i did write: The code is for InsertButton.I am not using storedProcedure. string ins = "INSERT INTO tabela(Column1,Column2,Column3,Columns4)VALUES ("+ "'"+ this.txtColumn1.Text + "'" + ","+ "'" + this.txtColumn2.Text + "'" + "," + "'" + this.txtColumn3.Text + "'" + "," + "'" + this.txtColumns4.Text + ")"; SqlConnection stringuu = new SqlConnection( "workstation id=mypc;packet size=4096;integrated security=SSPI;data source=mydatabase;persist security info=False;initial catalog="); SqlDataAdapter daa = new SqlDataAdapter(); DataSet dss = new DataSet(); daa.Fill(dss,"table"); SqlCommand inscomm= new SqlCommand(shtoje,stringuu); stringuu.Open(); inscomm.ExecuteNonQuery(); stringuu.Close(); can somebody tell me where is mistake???
seferi wrote: can somebody tell me where is mistake??? 1. "'" is superfluous, you could just put them in with the other text. 2. None of your variable names are remotely meaningful, in your code or ( far worse ) in your database 3. You didn't tell us what the error message was 4. Why aren't you using stored procedures, if you can ? Christian Graus - Microsoft MVP - C++
-
I create one appl. in C# and now i wanna insert string-text from textboxes to datagrid but it shows me one error. here is the code which i did write: The code is for InsertButton.I am not using storedProcedure. string ins = "INSERT INTO tabela(Column1,Column2,Column3,Columns4)VALUES ("+ "'"+ this.txtColumn1.Text + "'" + ","+ "'" + this.txtColumn2.Text + "'" + "," + "'" + this.txtColumn3.Text + "'" + "," + "'" + this.txtColumns4.Text + ")"; SqlConnection stringuu = new SqlConnection( "workstation id=mypc;packet size=4096;integrated security=SSPI;data source=mydatabase;persist security info=False;initial catalog="); SqlDataAdapter daa = new SqlDataAdapter(); DataSet dss = new DataSet(); daa.Fill(dss,"table"); SqlCommand inscomm= new SqlCommand(shtoje,stringuu); stringuu.Open(); inscomm.ExecuteNonQuery(); stringuu.Close(); can somebody tell me where is mistake???
seferi wrote: string ins = "INSERT INTO tabela(Column1,Column2,Column3,Columns4)VALUES ("+ "'"+ this.txtColumn1.Text + "'" + ","+ "'" + this.txtColumn2.Text + "'" + "," + "'" + this.txtColumn3.Text + "'" + "," + "'" + this.txtColumns4.Text + ")"; Your first problem comes after your this.txtColumns4.Text. You forgot the ending "'". Like I said, that is your first problem and actually your smallest. Your biggest problem is that you are open for Sql Injection errors. You should really be using paramterized queries to prevent this. Please see http://www.codeproject.com/useritems/SqlWrapper.asp[this]