I'm building a Windows Forms Application with a connection to an SQL Database.
On start-up of my app, it will send some queries to the database to compare values:
Here is the code that generates the query:
private void CreateInsertQuery(DirectoryInfo source, string Printer)
{
foreach (FileInfo file in source.GetFiles())
{
queries.Add("EXECUTE sqlp_UpdateInsertFiles '"+ file.Name +"', '" + Printer + "'");
}
foreach (DirectoryInfo folder in source.GetDirectories())
{
queries.Add("EXECUTE sqlp_UpdateInsertFiles '" + folder.Name + "', '" + Printer + "'");
CreateInsertQuery(folder, Printer);
}
}
queries is a public List.
This is the code that sends the query to the db:
public bool InsertQueries()
{
con.Open();
using(OleDbTransaction trans = con.BeginTransaction())
{
try
{
OleDbCommand cmd;
foreach (string query in queries)
{
try
{
cmd = new OleDbCommand(query, con, trans);
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
if (ex.HResult != -2147217873)
{
MessageBox.Show(ex.Message);
}
}
}
trans.Commit();
con.Close();
return true;
}
catch (Exception ex)
{
trans.Rollback();
con.Close();
return false;
}
}
}
In my SQL database, I've created a stored procedure that gets called when the database receives the query:
AS
BEGIN
BEGIN TRANSACTION;
SET NOCOUNT ON;
BEGIN TRY
IF EXISTS
(SELECT TOP 1 fName, Printer
FROM dbo.FileTranslation
WHERE fName = #fName AND Printer = #Printer)
BEGIN
UPDATE dbo.FileTranslation
SET fName = #fName, Printer = #Printer
END;
ELSE
BEGIN
INSERT INTO dbo.FileTranslation(fName, Printer) VALUES (#fName, #Printer);
END;
COMMIT TRANSACTION;
END TRY
BEGIN CATCH
IF ##TRANCOUNT > 0
BEGIN
ROLLBACK TRANSACTION;
END
END CATCH
END;
GO
When I run my application on an empty database, then the values will get added without any problem:
.
I also do not get any error occurrences. It's only when I start my application for a second time, that the first 2 query's do not get checked on the IF EXISTS. Because it is still inserting the data into my database, 5x to be exact.
.
Which is weird as there are only 2 queries containing the data, but it gets executed every time.
I assume the id column is an sql identity column, right?
Because the first continous 7 entries are all the same I think your app is started on multiple threads which at the beginning are executing head-by-head but later their execution diverges maybe because of extra time of exception handling block. That's why only the first records are multiplied.
The problem is that your stored procedure isn't thread-safe. No locks placed on dbo.FileTranslation table by the IF EXISTS(SELECT ... which in parallel execution may result in situation where multiple executing stored procedures find the required record unexisting and will continue with the INSERT branch.
Applying the answers from https://dba.stackexchange.com/questions/187405/sql-server-concurrent-inserts-and-deletes thread this may work for you:
...
IF EXISTS
(SELECT TOP 1 fName, Printer
FROM dbo.FileTranslation WITH (UPDLOCK, SERIALIZABLE)
WHERE fName = #fName AND Printer = #Printer)
...
PS: Not related to your question but take care about #Lamu's comment on SQL injection and use try...finally or using pattern for you conn handling!
Related
I have a SQL statement I try to run in C# and Oracle but I get the OracleCommand.CommandText error.
My code creates an external table where data is loaded from a .tsv file and inserts it into my table CI_FT. Finally it drops the external table.
I don't see any reason why OracleCommand.CommandText would show.
The query is as follows:
CREATE TABLE STGMUAG.CI_FT_EXT
(FT_ID CHAR(12) DEFAULT ' ' NOT NULL ENABLE,
SIBLING_ID CHAR(12) DEFAULT ' ' NOT NULL ENABLE
)
ORGANIZATION EXTERNAL
(
DEFAULT DIRECTORY FLAT_FILES
ACCESS PARAMETERS
(
records delimited by '\\r\\n'
skip 1
fields terminated by '\\t'
)
LOCATION('STGMUAG_CI_FT.tsv')
);
INSERT INTO STGMUAG.CI_FT (
FT_ID,
SIBLING_ID
)
SELECT
FT_ID,
SIBLING_ID
FROM STGMUAG.CI_FT_EXT;
DROP TABLE STGMUAG.CI_FT_EXT;
And here is my C# script
public void ExecNonQuery(string sqlStmt, OracleConnection con, ref string currentSql)
{
try
{
var sqlArr = sqlStmt.Split(';');
foreach (string sql in sqlArr)
{
currentSql = sql;
OracleCommand cmd = new OracleCommand(sql, con);
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
bool fireAgain = false;
Dts.Events.FireInformation(0, "PSRM Execute SQL", string.Format("SQL command {0} executed successfully.", sql), "", 0, ref fireAgain);
}
}
catch (Exception e)
{
Dts.Events.FireError(0, "PSRM Execute SQL", "SQL command failed. "+ e.Message, null,0);
throw;
}
}
You could do one of:
Remove the very final semicolon from the end of the SQL string
Call sqlStmt.Trim().Split(new[]{';'}, StringSplitOptions.RemoveEmptyEntries)
Put if(string.IsNullOrWhiteSpace(sql)) continue; on the first line of the loop
The latter 2 are a bit more code, but they will stop this error creeping back in if you accidentally typo a ;; into the string one day.. Only the third option protects against a typo of ; ;
I am having a hard time figuring out which sql causes the error
Side tip, also consider something like this, perhaps:
Dts.Events.FireError(0, "PSRM Execute SQL", "SQL command failed. "+ e.Message+
" the faulting SQL was:" + currentSql, null, 0);
I have data in Database table:
Here is the method for adding data:
public static void AddRecordToDatatable(string WindowTitle, int TimeSpent,
DateTime DateToday, string Project, string Username)
{
string sql = #"INSERT INTO dbo.Log (WindowTitle,TimeSpent,DateToday,Project,Username)" +
" VALUES (#WindowTitle,#TimeSpent,#DateToday,#Project,#Username)";
// Create the connection (and be sure to dispose it at the end)
using (SqlConnection cnn = new SqlConnection(DBconnectionString))
{
try
{
// Open the connection to the database.
// This is the first critical step in the process.
// If we cannot reach the db then we have connectivity problems
cnn.Open();
// Prepare the command to be executed on the db
using (SqlCommand cmd = new SqlCommand(sql, cnn))
{
// Create and set the parameters values
cmd.Parameters.Add("#WindowTitle", SqlDbType.NVarChar).Value = WindowTitle;
cmd.Parameters.Add("#TimeSpent", SqlDbType.Int).Value = TimeSpent;
cmd.Parameters.Add("#DateToday", SqlDbType.DateTime).Value = DateTime.Now.Date;
cmd.Parameters.Add("#Project", SqlDbType.NVarChar).Value = Project;
cmd.Parameters.Add("#Username", SqlDbType.NVarChar).Value = Username;
// Let's ask the db to execute the query
int rowsAdded = cmd.ExecuteNonQuery();
if (rowsAdded > 0)
{
//MessageBox.Show("Row inserted");
}
else
{
// This should never really happen, but let's leave it here
//MessageBox.Show("No row inserted");
}
}
cnn.Close();
}
catch (Exception ex)
{
// We should log the error somewhere,
// for this example let's just show a message
MessageBox.Show("ERROR:" + ex.Message);
}
}
}
How it is possible to check for existing record before inputting data to Database table and sum on certain value if it exists?
So basically check if WindowTitle = WindowTitle and DateToday = DateToday, if these two match, then take TimeSpent and sum it to existing TimeSpent in Database Table without inputting a new row.
I have tried to test ON DUPLICATE KEY UPDATE WindowTitle = #WindowTitle, DateToday = #DateToday after INSERT but Visual Studio is giving an error in Debugger for such a command pointing to ON (Incorrect syntax near ON). Also I am not sure if ON DUPLICATE is the best approach for this kind of case.
You need to expand your SQL to check for the existence of the record you think could exist.
IF EXISTS (SELECT 1 FROM dbo.Log WHERE WindowTitle = #WindowTitle AND DateToday = #DateToday)
BEGIN
--UPDATE HERE
END
ELSE
BEGIN
-- INSERT HERE
END
Alternatively you can create a query method and call that first, before calling AddRecordToDatatable
Personally I would do all of these CRUD operations using an ORM such as EF Core or preferably, NHibernate. But this all depends on requirements, limitations etc.
I'm making a form where a user answers some questions to make a pricehold. My problem is I can't store the data from the questions into more than one sql table.
I have tried inserting the other table into the sql command (shown below) and I have tried making another sql command that basically says the same thing with a different name but splitting the name and phone number into the first one and the date created and pick up date into the second one but that only runs the first sql command and then stops so data is never stored into the second table
private void AddPhBttn_Click(object sender, RoutedEventArgs e)
{
SqlConnection furniture = new SqlConnection("Data Source=LAPTOP-F4QFMPFD\\MSSQLSERVER1;Initial Catalog=Furniture;Integrated Security=True");
furniture.Open();
SqlCommand add = new SqlCommand("insert into Customers(Name, Phone) PriceHold(DateCreated, PickUpDate) values ('" + nameTxtBox.Text + "', '" + phoneTxtbox.Text + "', '" + dateTxtBox.Text + "', '" + puDateTxtBox.Text + "')", furniture);
int i = add.ExecuteNonQuery();
if (i != 0)
{
MessageBox.Show("saved");
}
else MessageBox.Show("error");
}
As #Caius Jard said, you can't do this with an ad-hoc query.
So what is an option to do so?
Step 1: Create a Stored Procedure in the Database:
CREATE PROCEDURE usp_InsertData
#Name NVARCHAR(200),
#Phone NVARCHAR(100),
#DateCreated Date,
#PickUpDate Date
AS
BEGIN
SET NOCOUNT ON;
INSERT INTO Customers(Name, Phone) VALUES (#Name,#Phone)
INSERT INTO PriceHold(DateCreated, PickUpDate) VALUES (#DateCreated,#PickUpDate)
END
Step 2: Call above Stored procedure in C# Code:
private void AddPhBttn_Click(object sender, RoutedEventArgs e)
{
var furniture = new SqlConnection("Data Source=LAPTOP-F4QFMPFD\\MSSQLSERVER1;Initial Catalog=Furniture;Integrated Security=True");
SqlCommand add = new SqlCommand("usp_InsertData", furniture);
add.CommandType = System.Data.CommandType.StoredProcedure;
add.Parameters.AddWithValue("#Name", nameTxtBox.Text);
add.Parameters.AddWithValue("#Phone", phoneTxtbox.Text);
add.Parameters.AddWithValue("#DateCreated", dateTxtBox.Text);
add.Parameters.AddWithValue("#PickUpDate", puDateTxtBox.Text);
furniture.Open();
int i = add.ExecuteNonQuery();
if (i != 0)
{
MessageBox.Show("saved");
}
else
{
MessageBox.Show("error");
}
furniture.Dispose();
}
You can't do this in SQL
INSERT INTO
myfirsttable(column1, column2)
mysecondtable(column3, column4, column5)
VALUES(value1, value2, value3, value4)
It's flat out a syntax error. Only one table may appear in an insert. The number of values inserted must match the number of columns
If you want to insert into two tables, run two separate inserts from your c# code
Finally, have a long read of http://bobby-tables.com - your code is currently highly insecure and while this may not matter right now because it's just some small test app, it is best to avoid embarking on a learning path that includes coding in this way. As a recruiter I've turned down many job candidates who have written SQL like this and I'd never employ someone who demonstrated this style to me
When working with data in more than one table, if you want to ensure either all insert/update/delete complete successfully or none of them are applied on your data to ensure data integrity, use transactions. I think SqlTransaction is what you're after. Read about it here.
For your specific case, this is one possibility:
private void AddPhBttn_Click(object sender, RoutedEventArgs e)
{
// Necessary input validation to collect and data from input fields. Good practice to avoid SQL injection.
AddFurniture(nameTxtBox.Text, phoneTxtbox.Text, dateTxtBox.Text, puDateTxtBox.Text);
}
private void AddFurniture(string name, string phoneNumber, string createdDate, string pickupDate)
{
string connectionString = "Data Source=LAPTOP-F4QFMPFD\\MSSQLSERVER1;Initial Catalog=Furniture;Integrated Security=True"; // This should ideally come from some configuration.
using(SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = connection.CreateCommand();
SqlTransaction transaction = connection.BeginTransaction("Add Furniture");
command.Connection = connection;
command.Transaction = transaction;
try
{
connection.Open();
command.CommandText = $"insert into Customers (Name, Phone) values ({name}, {phoneNumber});";
command.ExecuteNonQuery();
command.CommandText = $"insert into PriceHold (DateCreated, PickUpDate) values ({createdDate}, {pickupDate});";
command.ExecuteNonQuery();
// Try to commit to database.
// Both the above queries are executed at this point. If any one of them fails, 'transaction' will throw an exception.
transaction.Commit();
}
catch (Exception ex1)
{
// Considering the statements executed using the 'transaction' for this 'connection',
// one of the insert operations have clearly failed.
// Attempt to roll back the change which was applied.
MessageBox.Show($"Insert failed. Trying to roll back {ex1.Message}");
try
{
transaction.RollBack();
}
catch (Exception ex2)
{
// Rollback also failed. Possible data integrity issue. Handle it in your application.
MessageBox.Show($"Roll back failed. {ex2.Message}");
}
}
}
}
I'm trying to create a stored procedure from out C# into Firebird 2.1.
The code is:
String sql = #"EXECUTE BLOCK AS BEGIN " +
"ALTER TABLE EXAMPLE ALTER FIELD1 TYPE Char(50); " +
"SET TERM ^ ; CREATE PROCEDURE name ( input_parameter_name < datatype>, ... )" +
"RETURNS ( output_parameter_name < datatype>, ... ) AS DECLARE VARIABLE variable_name < datatype>;" +
"BEGIN /* write your code here */ END^ SET TERM ; ^" +
" END";
public int Execute(string sql)
{
int result = 0;
if (this.OpenConnection() == true)
{
FbTransaction transaction = Fbconnection.BeginTransaction();
try
{
FbCommand command = new FbCommand(sql, Fbconnection, transaction);
int rc = command.ExecuteNonQuery();
result = rc;
transaction.Commit();
}
catch (Exception e)
{
globals.logfile.log(e.ToString());
globals.logfile.flush();
result = 0;
}
finally
{
this.CloseConnection();
}
}
return result;
}
The error message given is:
FirebirdSql.Data.FirebirdClient.FbException (0x80004005):
Dynamic SQL Error SQL error code = -104 Token unknown - line 1, column 24 ALTER
Must be something small, but I can't get it.
DDL is not allowed in PSQL (stored procedures, triggers, execute block), so executing an ALTER TABLE like this is rejected.
Also SET TERM is not part of the Firebird statement syntax. It is specific to query tools like isql and FlameRobin, as they use statement terminators like ; to know when they end of a statement is reached and can be sent to the server. When executing PSQL blocks those tools need to watch for a different statement terminator to prevent them from sending incomplete statements to the server. In the actual Firebird statement syntax ; is only part of PSQL blocks.
You will need to execute the ALTER TABLE and the CREATE PROCEDURE separately without an EXECUTE BLOCK.
Introduction
I'm writing a web application (C#/ASP.NET MVC 3, .NET Framework 4, MS SQL Server 2008, System.Data.ODBC for database connections) and I'm having quite some issues regarding database creation/deletion.
I have a requirement that application should be able to create and delete databases.
Problem
Application fails stress testing for that function. More specifically, if client starts to quickly create, delete, create again a database with the same name then eventually (~on 5th request) server code throws ODBCException 'Connection has been disabled.'. This behavior is observed on all machines that test has been performed on - the exact failing request may be not 5th but somewhere around that value.
Research
Googling on exception gave very low output - the exception seems very generic one and no analogue issues found. One of suggestions I've found was that my development Windows 7 might not be able to handle numerous simultaneous connections as it's not Server OS. I've tried installing our app on Windows 2008 Server - almost no change in behavior, just a bit more requests processed before exception occurs.
Code and additional comments on implementation
Databases are created using stored procedure like this:
CREATE PROCEDURE [dbo].[sp_DBCreate]
...
#databasename nvarchar(124) -- 124 is max length of database file names
AS
DECLARE #sql nvarchar(150);
BEGIN
...
-- Create a new database
SET #sql = N'CREATE DATABASE ' + quotename(#databasename, '[');
EXEC(#sql);
IF ##ERROR <> 0
RETURN -2;
...
RETURN 0;
END
Databases are deleted using the following SP:
CREATE PROCEDURE [dbo].[sp_DomainDelete]
...
#databasename nvarchar(124) -- 124 is max length of database file names
AS
DECLARE #sql nvarchar(200);
BEGIN
...
-- check if database exists
IF EXISTS(SELECT * FROM [sys].[databases] WHERE [name] = #databasename)
BEGIN
-- drop all active connections
SET #sql = N'ALTER DATABASE' + quotename(#databasename, '[') + ' SET SINGLE_USER WITH ROLLBACK IMMEDIATE';
EXEC(#sql);
-- Delete database
SET #sql = N'DROP DATABASE ' + quotename(#databasename, '[');
EXEC(#sql);
IF ##ERROR <> 0
RETURN -1; --error deleting database
END
--ELSE database does not exist. consider it deleted.
RETURN 0;
END
In both SPs I've skipped less relevant parts like sanity checks.
I'm not using any ORMs, all SPs are called from code by using OdbcCommand instances. New OdbcConnection is created for each function call.
I sincerely hope someone might give me clue to the problem.
UPD: The exactly same problem occurs if we just rapidly create a bunch of databases. Thanks to everyone for suggestions on database delete code, but I'd prefer to have a solution or at least a hint for more general problem - the one which occurs even without deleting DBs at all.
UPD2: The following code is used for SP calls:
public static int ExecuteNonQuery(string sql, params object[] parameters)
{
try
{
var command = new OdbcCommand();
Prepare(command, new OdbcConnection( GetConnectionString() /*irrelevant*/), null, CommandType.Text, sql,
parameters == null ?
new List<OdbcParameter>().ToArray() :
parameters.Select(p => p is OdbcParameter ? (OdbcParameter)p : new OdbcParameter(string.Empty, p)).ToArray());
return command.ExecuteNonQuery();
}
catch (OdbcException ex)
{
// Logging here
throw;
}
}
public static void Prepare(
OdbcCommand command,
OdbcConnection connection,
OdbcTransaction transaction,
CommandType commandType,
string commandText,
params OdbcParameter[] commandParameters)
{
if (connection.State != ConnectionState.Open)
{
connection.Open();
}
command.Connection = connection;
command.CommandText = commandText;
if (transaction != null)
{
command.Transaction = transaction;
}
command.CommandType = commandType;
if (commandParameters != null)
{
command.Parameters.AddRange(
commandParameters.Select(p => p.Value==null &&
p.Direction == ParameterDirection.Input ?
new OdbcParameter(p.ParameterName, DBNull.Value) : p).ToArray());
}
}
Sample connection string:
Driver={SQL Server}; Server=LOCALHOST;Uid=sa;Pwd=<password here>;
Okay. There may be issues of scope for OdbcConnection but also you don't appear to be closing connections after you've finished with them. This may mean that you're reliant on the pool manager to close off unused connections and return them to the pool as they timeout. The using block will automatically close and dispose of the connection when finished, allowing it to be returned to the connection pool.
Try this code:
public static int ExecuteNonQuery(string sql, params object[] parameters)
{
int result = 0;
try
{
var command = new OdbcCommand();
using (OdbcConnection connection = new OdbcConnection(GetConnectionString() /*irrelevant*/))
{
connection.Open();
Prepare(command, connection, null, CommandType.Text, sql,
parameters == null ?
new List<OdbcParameter>().ToArray() :
parameters.Select(p => p is OdbcParameter ? (OdbcParameter)p : new OdbcParameter(string.Empty, p)).ToArray());
result = command.ExecuteNonQuery();
}
}
catch (OdbcException ex)
{
// Logging here
throw;
}
return result;
}