How to save values in table in SQL without crashing when it is used by multiple users
-
It looks like you're part-way through rewriting your code to avoid SQL Injection. :thumbsup: As a result, you can remove all of the code that's building up the
sdatastring, since it's no longer used. The lines which callcfs.get_dataare still vulnerable, and need to be rewritten to use parameters. You need to remove the calls tocfs.singlequotconver. Based on the name, it's trying to avoid SQL Injection by "escaping" quote characters. Since you're now using parameters, you don't need to do that. You should also remove the call tocfs.sqldateconverion, which is probably converting the date to a string. Dates should be passed and stored as dates.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Thank you Mr.Ricard.These may be one of the reasons of data crashing.I will try to do modifications at my side and let you know the concerns about this.
-
- You're probably updating way more fields than the "business rule" requires; possibly fouling up foreign keys in the process. 2) Maybe a "Delete and insert" makes more sense than an "update" here. 3) It seems you're arbitrarily overwriting everything. You will probably have better success if you incorporate "versioning"; which will also make your "WHERE" clauses more intelligent instead of blindly accessing by line# only. That, and a transaction.
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
Thank you Mr.Gerry.These may be one of the reasons of data crashing.Can u please explain the point 3 briefly and give me ways to write short code for that.
-
It looks like you're part-way through rewriting your code to avoid SQL Injection. :thumbsup: As a result, you can remove all of the code that's building up the
sdatastring, since it's no longer used. The lines which callcfs.get_dataare still vulnerable, and need to be rewritten to use parameters. You need to remove the calls tocfs.singlequotconver. Based on the name, it's trying to avoid SQL Injection by "escaping" quote characters. Since you're now using parameters, you don't need to do that. You should also remove the call tocfs.sqldateconverion, which is probably converting the date to a string. Dates should be passed and stored as dates.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Here Passing a query as a parameter to get_data method.How can we use parameters here?
public string get_data(string sqlstr)
{
string strTemp = "";
try
{
double sum = 0;
if (cn.State != ConnectionState.Open) cn.Open();
TRcmd2.Connection = cn;
TRcmd2.CommandText = sqlstr;
TRdr = TRcmd2.ExecuteReader();
if (TRdr.Read())
strTemp = TRdr.GetValue(0).ToString();
TRdr.Close();
}
catch
{
try
{
if (!TRdr.IsClosed == true) TRdr.Close();
}
catch (Exception EX) { }
}
return (strTemp);
} -
Thank you Mr.Gerry.These may be one of the reasons of data crashing.Can u please explain the point 3 briefly and give me ways to write short code for that.
[rowversion (Transact-SQL)](https://msdn.microsoft.com/en-us/library/ms182776.aspx)
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
-
It looks like you're part-way through rewriting your code to avoid SQL Injection. :thumbsup: As a result, you can remove all of the code that's building up the
sdatastring, since it's no longer used. The lines which callcfs.get_dataare still vulnerable, and need to be rewritten to use parameters. You need to remove the calls tocfs.singlequotconver. Based on the name, it's trying to avoid SQL Injection by "escaping" quote characters. Since you're now using parameters, you don't need to do that. You should also remove the call tocfs.sqldateconverion, which is probably converting the date to a string. Dates should be passed and stored as dates.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
I tried all the points as you mentioned here.But still, invoice number clash happens when the multiple users save at a time.Here the invoice number is unique.But in details part we can save multiple products for a particular invoice.But here clash happens when multiple users enter data at once. for example
users-->invoice no Products
Raj 1 J,K
Tarun 2 O,MBut at the time of saving it swapped like this
users-->invoice no Products
Raj 1 J,K,M-------->Clashing taken place
Tarun 2 OPlease give me suggestions to solve this.
-
[rowversion (Transact-SQL)](https://msdn.microsoft.com/en-us/library/ms182776.aspx)
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
I tried all the points as you mentioned here.But still, invoice number clash happens when the multiple users save at a time.Here the invoice number is unique.But in details part we can save multiple products for a particular invoice.But here clash happens when multiple users enter data at once. for example
users-->invoice no Products
Raj 1 J,K
Tarun 2 O,MBut at the time of saving it swapped like this
users-->invoice no Products
Raj 1 J,K,M-------->Clashing taken place
Tarun 2 OPlease give me suggestions to solve this.
-
Here Passing a query as a parameter to get_data method.How can we use parameters here?
public string get_data(string sqlstr)
{
string strTemp = "";
try
{
double sum = 0;
if (cn.State != ConnectionState.Open) cn.Open();
TRcmd2.Connection = cn;
TRcmd2.CommandText = sqlstr;
TRdr = TRcmd2.ExecuteReader();
if (TRdr.Read())
strTemp = TRdr.GetValue(0).ToString();
TRdr.Close();
}
catch
{
try
{
if (!TRdr.IsClosed == true) TRdr.Close();
}
catch (Exception EX) { }
}
return (strTemp);
}For a start, don't store connection and command objects in fields. Instead, create them when you need them, and wrap them in a
usingblock to ensure that they're always disposed of properly. You don't need to callExecuteReaderto get the value of the first column of the first row; use ExecuteScalar[^] instead. And you need to add aparamsparameter[^] to your method to pass parameters:private static void PrepareCommand(SqlCommand command, string commandText, object[] parameters)
{
if (parameters != null && parameters.Length != 0)
{
string[] parameterNames = new string[parameters.Length];
for (int index = 0; index < parameters.Length; index++)
{
string name = "@p" + index;
parameterNames[index] = name;
command.Parameters.AddWithValue(name, parameters[index]);
}commandText = string.Format(commandText, parameterNames); } command.CommandText = commandText;}
public string get_data(string commandText, params object[] parameters)
{
using (var connection = new SqlConnection(ConnectionString))
using (var command = new SqlCommand(string.Empty, connection))
{
PrepareCommand(command, commandText, parameters);connection.Open(); object result = command.ExecuteScalar(); return Convert.ToString(result); }}
You can then pass parameters to the command using the auto-generated names:
cfs.get_data("select top 1 AVERAGE_COST from PRODUCT where PRODUCT_NO = @p0", strpcode)
or by position:
cfs.get_data("select top 1 AVERAGE_COST from PRODUCT where PRODUCT_NO = {0}", strpcode)
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
I tried all the points as you mentioned here.But still, invoice number clash happens when the multiple users save at a time.Here the invoice number is unique.But in details part we can save multiple products for a particular invoice.But here clash happens when multiple users enter data at once. for example
users-->invoice no Products
Raj 1 J,K
Tarun 2 O,MBut at the time of saving it swapped like this
users-->invoice no Products
Raj 1 J,K,M-------->Clashing taken place
Tarun 2 OPlease give me suggestions to solve this.
-
How to save values in SQL in two different columns in a table without crashing of the values in a network.
Ex: There are 20 users in my network.All wants to update one particular row at a time.
Here the crashing has been taken place.That means suppose I have taken one table in that many columns there.The user wants to update two columns a,b with their values at a time. when we click on update sometimes it swaps the data.a=10,
b=20 i want to updatebut it updated like this a=20,b=10
sometimes it has been taken null value also.
Why does it happen?If you explain how to solve this problem.It would be appreciated.
I have written this code in c# to save.But while users saving at a time one row.The swapping of column values saving taken place.
sqlstr = "Insert into invINVOICEDETAILS (comment_NAME30, PRODUCT_NO, PRODUCT_NAME, QTY, UOM, PRICE, ITEM1_NO, DISCOUNT_PC, AMOUNT, SC_NO, GL_CODE, PROJ_NO, Gp_NO, WH_NO, Sales_exempt,FACTOR," +
"Category, IMPORTED_FROM_NO, IMPORTED_FROM, GST_Amt, DISCOUNT_PC_2,Ref_No, GL_DESC, PRODUCT_NAME_LONG, CREATED_BY," +
"DATE_CREATED, Deleted, INV_NO,Transfer, TICK, ID, AC_NO, AC_NAME, ITEM10, invNo_user, AVERAGE_COST, LP_COST, STD_COST,QTY_UNFILLED,DATETIME,Batch_No," +
"Expiry_Date,PRINT_ITEM,QTY_BILLED,ITEM6_NO,ITEM7_NO,ITEM8_NO,IMPORT_KEY) values (@comment_NAME30,@PRODUCT_NO,@PRODUCT_NAME,@QTY,@UOM,@PRICE," +
"@ITEM1_NO,@DISCOUNT_PC,@AMOUNT,@SC_NO,@GL_CODE,@PROJ_NO,@Gp_NO," +
"@WH_NO,@Sales_exempt,@FACTOR,@Category,@IMPORTED_FROM_NO," +
"@IMPORTED_FROM,@GST_Amt,@DISCOUNT_PC_2,@Ref_No,@GL_DESC," +
"@PRODUCT_NAME_LONG, @CREATED_BY, @DATE_CREATED, @Deleted, @INV_NO," +
"@Transfer,@TICK,@ID,@AC_NO,@AC_NAME,@ITEM10,@invNo_user,@AVERAGE_COST," +
"@LP_COST,@STD_COST,@QTY_UNFILLED,@DATETIME,@Batch_No,@Expiry_Date," +
"@PRINT_ITEM, @QTY_BILLED,@ITEM6_NO,@ITEM7_NO,@ITEM8_NO,@IMPORT_KEY)";// cfs.Audit\_Log("Invoice", ddl\_Inv.Text, txt\_Custcode.Text, strpcode, strUom, Prodqty, true, false, false); //sqlstr = "insert into invINVOICEDETAILS (" + sfield + ") values (" + sdata + ")"; //sqlstr = "insert into invINVOICEDEHi Tarun, may b helpful to use the required isolation levels while locking the transactions. may b u could watch the video tutorial in mva site course:
Developing Microsoft SQL Server Databases
chapter 4: managing transaction if you prefer watching rather than reading link: Developing Microsoft SQL Server Databases – Microsoft Virtual Academy[^]
-
Hi Tarun, may b helpful to use the required isolation levels while locking the transactions. may b u could watch the video tutorial in mva site course:
Developing Microsoft SQL Server Databases
chapter 4: managing transaction if you prefer watching rather than reading link: Developing Microsoft SQL Server Databases – Microsoft Virtual Academy[^]
Thank you Mr.palikhelsanjeeb.I will go through this link and let you know the result if it is useful. :)
