DB Exception Error converting data type varchar to numeric

haleemasher

i want to submit data in a database using a button (submit) while entering data i got an exceptionDB Exception Error converting data type varchar to numeric plz chk this code and help me that where i is the error.these are its data type CouponTypeID tiny int TransactionDate datetime TransactionTypeID numeric(18,0) description text CafeMenu nvarchar(50) SerialEnd Bigiint SerialStart Bigint Price int TotalSale int

protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
ErrorMessage.Text = "";

string query = "insert into CouponTransaction(CouponTypeID,TransactionDate,TransactionTypeID,Description,CafeMenu,SerialStart,SerialEnd,Price,

TotalSale)values('" + ddlCType.SelectedValue.ToString() + "','"+ TxtbxDate.Text

+"','"+ddlTtype .SelectedValue .ToString ()+"','"+TxtDes .Text +"',

'"+ddlMenu .SelectedValue+"','"+txtSFrom .Text +"','"+TxtEnd .Text +"','"+Txtprice .Text +"','"+TxtSale .Text +"')";

DAL helper = new DAL();
helper.ConnectionString = ConfigurationManager.AppSettings["ConnectionString"].ToString();
int result = helper.ExecuteNonQuery(CommandType.Text, query, null);
if (result == 1)
ErrorMessage.Text = "Records inserted successfully";
else
ErrorMessage.Text = "Records could not be inserted";
cnx.Close();
}
catch (Exception ex)
{
ErrorMessage.Text = ex.Message;
}
}

Christian Graus

This is horrible code. I hope you're just experimenting to teach yourself, because if someone is paying for this code, they are being robbed. You should choose a more simple project to experiment with while you are just learning. There's too much going wrong here, too many things to address. Some basic points: 1 - I can erase the database on your website whenever I like, because you have NO security. You need to buy some books and read them, and you need to google injection attacks, there's at least one great article here on CP 2 - you also need to buy a book on ADO.NET and read it. Also, you need to read your error messages, which are in plain english, and either google them, or at least stop to think what they may mean. The issue here, is that you are placing your number in quotes, which means it becomes a string, hence the (very explicit and clear ) error message you are getting 3 - Given that you're accepting numbers in text boxes, are you doing anything to deal with the possibility of someone entering text ? I doubt it, I thnk your code will just blow up 4 - You should write simplified error messages to an end user, not give them an exception verbatim. Log the real error for your own use 5 - your data layer is crap. If it was a real data layer, you would not be writing SQL in the presentation layer, or looking up a connection string. In fact, I can't see what your so called data layer is doing at all. There's nothign wrong with learning. As I said, if you are doing this for money, you are a liar and a cheat, you have no idea how to program yet. But, if you're learning, then experimenting AND buying books/reading articles is the way to go. Choose something simpler to learn from, get some decent resources, and you will be fine. You're at least a year from writing anything that anyone in their right mind would pay for, however.

Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.

haleemasher

Its now working. Thread end

Christian Graus

What a weird response. So, do you mean that you fixed all the security holes and other bugs in your software, or just that you removed the quotes in your SQL ?

Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.

haleemasher

Thanx 4 ur kind suggestions. I will try my best to work on the issues u have mentioned in ur reply.