I'm writing a program using MySQL and WinForm. In my program there's an option to select a VAT Number from a combobox that is retrieve from a table in database. After selecting a VAT Number user have to enter 2 different values into 2 different textbox. After entering those values, the sql query will execute. And show the result in another textbox.
Application form
My sql queries are working fine.
using(MySqlConnection con = new MySqlConnection(cs))
{
con.Open();
//string command;
string command = #"SELECT * FROM `db_liq_blnd_calc_sys`.`tbl_vat_12_spirit_sa` WHERE DIP = '" + txt_Calc_BULK_DIP.Text + "' AND SLIDE = '" + txt_Calc_BULK_SLIDE.Text + "'";
MySqlDataAdapter da = new MySqlDataAdapter(command, con);
DataTable dtable = new DataTable();
DataSet ds = new DataSet();
da.Fill(ds);
DataRow[] returnrow = ds.Tables[0].Select("DIP = '" + txt_Calc_BULK_DIP.Text + "' AND SLIDE = '" + txt_Calc_BULK_SLIDE.Text + "'");
int result = returnrow.Length;
DataRow dr = returnrow[0];
txt_Calc_BULK_BULK.Text = (dr["BULK"].ToString());
con.Close();
}
What I wanna do is, there are 15 table in my database that has same table structure but different data in it. I want to change the sql query that execute by selecting different VAT Number from the combobox.
Since all tables have the same structure, I recommend making one big table for them all and add a VAT Number column to it. Then, to set the values in your combobox, select distinct VAT Numbers from this table. Finally, add the a VAT Number condition to your query.
On a side note, use "Parameterized Query" instead of concatenating values to your query, this would help against SQL Injection Attacks.
Related
I have a webform where I can display data from a mysql database on a page with a gridview. I have placed a Textbox on the webform, which I would like to search among database records.
string mysqlconnectionstring = "Server=server;Database=dataser;Uid=user;Pwd=passw;CharSet=utf8";
MySqlConnection MyConnection = new MySqlConnection(mysqlconnectionstring);
string query = "select * from Tools where NameofTool like '" + Search_txt.Text + "%'";
MySqlDataAdapter da = new MySqlDataAdapter(query, MyConnection);
DataSet ds = new DataSet();
da.Fill(ds);
GridView1_0.DataSource = ds;
GridView1_0.DataBind();
So, if I understand the problem of extracting all the data from a datasource at the beginning, and then I want to give it the search. Of course I can interpret it wrong, sorry.
So the goal would be to get data from a DataSource, run it out with a GridView, then update the GridView according to the results.
Thanks :)
dt2.Rows.Clear();
cn.Open();
string comm = "SELECT * From Ansprechperson WHERE Name LIKE '%'+ #Firma + '%' AND KundenNr LIKE #KundenNr";
cmd = new SqlCeCommand(comm, cn);
cmd.Parameters.Add("#Firma", SqlDbType.NVarChar, 100).Value = editContactFilter.Text;
cmd.Parameters.Add("#KundenNr", SqlDbType.NVarChar, 100).Value = KundenNr;
using (adapt = new SqlCeDataAdapter(cmd))
{
adapt.Fill(dt2);
}
dataGridView2.DataSource = dt2;
cn.Close();
This is an example that worked for me. Please look into parameters to make your application SQL-Injection safe. Why Parameters protect you from SQL-Injection.
dt2 is a DataTable:
DataTable dt2 = new DataTable();
ideal approach would be search precise data from sql insdead first get all the data in data set and go for an other search.
kindly dont use inline queries like
string query = "select * from Tools where NameofTool like '" + Search_txt.Text + "%'";
instead use stored procedures. these inline queries are prone to sql injection.
so your ans would be "create a stored procedure with filter parameter"
and then bind GridView with returned data.
I am creating tables by c# code from sql server. For that i have created one dynamic table creation function in which i have passed some parameters.One of the parameter is datatable in which i am getting column detail.Everything is working fine but the one minor issue is if there is table in sql with identity(1,1)
i am getting that column's seed value as 0 in c# and hence the data is inserting with id value 0.
For getting table's defintion from database, i am using simple query like
select * from tablename
Tell me if any further details or any extra code needed then i can provide it here.
Ok i have updated my question with how i am filling my datatable.
sqlcmd = new SqlCommand("select * from item.TableName", connSource);
dt = new DataTable();
dt.Load(sqlcmd.ExecuteReader());
Please try below query in C# code and pass tablename to get Seed and Step:
SqlCommand sqlcmd = new SqlCommand("SELECT IDENT_SEED(TABLE_NAME) AS
Seed,IDENT_INCR(TABLE_NAME) AS Increment FROM INFORMATION_SCHEMA.TABLES
WHERE OBJECTPROPERTY(OBJECT_ID(TABLE_NAME), 'TableHasIdentity') = 1 AND
TABLE_TYPE = 'BASE TABLE' AND TABLE_NAME = '" + tableName + "'",
srcConStr);
SqlDataReader readercmd = sqlcmd.ExecuteReader();
while (readercmd.Read())
{
sqlsc += " IDENTITY(" + readercmd["Seed"].ToString() + "," +
readercmd["Increment"].ToString() + ") ";
}
readercmd.Close();
I am building an extension to an existing Access database and an accompanying front end programmed in C#. The original Access database was not designed very well and certainly not designed with future expansion in mind. For simplicity's sake, lets say the legacy DB has 2 tables: tblEmployee [empId(AutoNumber), empName(Text)] and tblProjects [prjId(AutoNumber), prjName(Text), prjEmps(Number/Lookup)]. Both tables have an AutoNumber primary key. The Projects table has a multi-value lookup field that allows users to assign multiple employees to a project. When I query the tblProjects table in Access SELECT prjId, prjName, prjEmps FROM tblProject;, the prjEmps field lists all the employees' names separated by commas. However, the problem is when I use the same query in C#, the prjEmps returns a string version of a number that is not the empId of the employee(s). I am not sure if it makes a difference, but I am using the System.Data.OleDb and System.Data namespaces in C#. Here is the gist my C# code:
string connStr = #"Provider = Microsoft.ACE.OLEDB.12.0; " +
#"Data Source=" + dbFilePath;
string query = "SELECT prjId, prjName, prjEmps FROM tblProject;";
OleDbConnection dbConn = new OleDbConnection(connStr);
OleDbCommand Cmd = new OleDbCommand(query, dbConn);
OleDbDataAdapter adp = new OleDbDataAdapter(query, dbConn);
DataTable dt = new DataTable();
adp.Fill(dt);
dbConn.Close();
foreach (DataRow row in dt.Rows)
{
int prjId = row.Field<int>("prjId");
string prjName = row.Field<string>("prjName");
string prjEmps = row.Field<string>("prjEmps");
MessageBox.Show("Project ID: " + prjId.ToString() + "\n" +
"Project Name: " + prjName + "\n" +
"Employees: " + prjEmps);
}
I would be happy if I could just get the concatenated list of names, but I would prefer an array of integer keys or the like. Any ideas on how to fix this?
Use ODBC provider, OLEDB does not supports multi-value lookup field and you get garbage values if you use it to read multi-value lookup field , using ODBC you will get ";" separated values which can then be split into individual values or replace with ",".
I have a weird problem. My query in C#/ASP.NET returns results 5 times. I tried brakepoint-ing but I can't find the error. I have 2 related tables. One table loads on PAGE_LOAD and when the user click on a cell, it shows the content from another table related to that cell. It's very simple.
//PAGE LOAD
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
OleDbConnection myConnection = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + dbpath + "/secure_user/data/data.mdb");
OleDbDataAdapter adapter = new OleDbDataAdapter("SELECT Project,Manager,Customer,Deadline FROM projects WHERE Username='" + uname + "'", myConnection);
DataTable table = new DataTable();
adapter.Fill(table);
adapter.Dispose();
GridView1.DataSource = table;
GridView1.DataBind();
}
}
It loads projects table to the GridView. Now when I click a certain project, it displays more information about that project:
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
{
GridViewRow row = GridView1.SelectedRow;
Label1.Text = row.Cells[1].Text;
OleDbConnection myConnection = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + dbpath + "/secure_user/data/data.mdb");
OleDbDataAdapter adapter = new OleDbDataAdapter("SELECT tasks.Task,tasks.Priority,tasks.Done,taska.Hours FROM projects,tasks WHERE tasks.Username='" + uname + "' AND tasks.Project='" + Label1.Text + "'", myConnection);
DataTable table = new DataTable();
adapter.Fill(table);
adapter.Dispose();
GridView2.DataSource = table;
GridView2.DataBind();
GridView2.Visible = true;
}
It displays with no error, but it does 5 times no matter what project I select from GridView1, it always displays GridView2 (second table) content 5 times in a row. What could be the problem?
Looks like you have something wrong in your query. Try using INNER JOIN instead of ,.
Instead of this:
SELECT tasks.Task, tasks.Priority, tasks.Done, tasks.Hours
FROM projects, tasks
WHERE tasks.Username='" + uname + "' AND tasks.Project='" + Label1.Text + "'
Try this:
SELECT tasks.Task, tasks.Priority, tasks.Done, tasks.Hours
FROM projects INNER JOIN tasks ON projects.ID = tasks.ProjectID --> may not be correct depends on your table structure
WHERE tasks.Username='" + uname + "' AND tasks.Project='" + Label1.Text + "'
Another thing: building a SQL query like that is prone to SQL Injection attack.
You are doing cross join between the projects table and the tasks table, so you are joining every project with each task for the project that you selected. As you have five projects you get each task five times.
Use a join to specify the relation between the projects table and the tasks table:
OleDbDataAdapter adapter = new OleDbDataAdapter(
"SELECT tasks.Task,tasks.Priority,tasks.Done,taska.Hours "+
"FROM projects "+
"INNER JOIN tasks ON tasks.Project = projects.Project "+
"WHERE projects.Username='" + uname + "' AND projects.Project='" + Label1.Text + "'", myConnection);
Note:
Notice that I used the Username field in the projects table rather than the tasks table. Either you have redundancy in the tables, or the fields mean different things. If some other user can add tasks to your project you would need a condition for the tasks.Username field also if you only want to see the tasks that you added yourself.
Could be that this query is returning multiple records; can you list primary keys in the used tables
In your second query you have a join, of sorts. You never return anything in the SELECT from the projects table, but it is referenced in the query. I'm guessing that you have 5 projects.
Also, you are injecting data into the query. This is bad as it becomes very easy for an attacker to mount a SQL Injection attack against your code and database, especially as you are using data directly from controls. You should consider using at least parameterised queries.
You try adding to your query DISTINCT clause. Because if it is not presented, your query did a cartesian product.
OleDbDataAdapter adapter = new OleDbDataAdapter("SELECT DISTINCT tasks.Task,tasks.Priority,tasks.Done,taska.Hours FROM projects,tasks WHERE tasks.Username='" + uname + "' AND tasks.Project='" + Label1.Text + "'", myConnection);
I have a program written in c# visual studio 2008 with SQL server 2005 (.mdf) database.
Here is part of the code:
...
SqlCommandBuilder cb;
cb = new SqlCommandBuilder(dataAdapter);
String[] dataList =new String [8];
...
DataTable resultTable = new DataTable();
FillDataList(data);
dataAdapter = new SqlDataAdapter("insert into ProcessData values('" + dataList[0] + "','" + dataList[1] + "','" + dataList[2] + "','" + dataList[3] + "','" + dataList[4] + "','" + dataList[5] + "','" + dataList[6] + "','" + dataList[7]+"')", con);
dataAdapter.Fill(resultTable);
...
My questions are:
1) Where is the data I added in those lines stored?
2) Why is it that when I Right-Click with the mouse in the Server Explorer->Data Connections->Tables->ProcessData (my table's name)->"show Table Data", I don't see the data but just NULL in the columns, and how can i see the data there?
3) Why when I present this data in a DataGridView sometimes it shows the data and sometimes it doesn't?
Many Thanks!
Without seeing more info on the datalist object and its construction, it's impossible to say. However, you're using the Fill and SQLDataAdapter incorrectly. The FILL relies on the SQLDataAdapter having a SelectCommand property set, which is what your code is bunging the INSERT statement into (that's what the SQLDataAdapter's constructor does). So...your Fill returns nothing as there's no SELECT where there should be.
Your INSERT should be part of the dataadapter's InsertCommand, and you'll need to write a separate SELECT statement to get anything into your resultTable.
I think you need to read some basic documentation on ADO.NET before you write any more code. You're passing an INSERT statement to the SqlDataAdapter constructor, which takes a SELECT statement. You're using the Fill method of SqlDataAdapter where you should be using the Update method. You're building a SQL string with hard-coded values in it where you should be using SqlParameters with references to the DataTable Columns. And is the fact that your DataTable is called "data" but that SQL string is using indexed properties from "dataList" just a typo? Because if it is, DataTable doesn't have an indexed property.
Try doing it like this (you need to fill in the correct connection string though):
// Get the db connection
SqlConnection dbCon = new SqlConnection("connection string");
// Select the data from the database table into a DataSet (even if it's empty)
DataSet myData = new DataSet();
SqlDataAdapter dbAdapter = new SqlDataAdapter("select * from ProcessData", dbCon);
dbAdapter.Fill(myData);
myData.Tables[0].TableName = "ProcessData"; // Keeps the table name consistent for the DataMember property
// Use the command builder to add insert, delete, update commands to your adapter
// You must have a primary key on the table for these to work, though
SqlCommandBuilder dbComBuilder = new SqlCommandBuilder(dbAdapter);
dbAdapter.InsertCommand = dbComBuilder.GetInsertCommand();
dbAdapter.DeleteCommand = dbComBuilder.GetDeleteCommand();
dbAdapter.UpdateCommand = dbComBuilder.GetUpdateCommand();
// Bind the data set to the GridView for viewing / editing
yourGridControl.AutoGenerateColumns = true; // Optional, if you haven't manually added the columns
yourGridControl.DataSource = myData;
yourGridControl.DataMember = "ProcessData";
// Use the db adapter to update the database (by calling those commands) with
// changes made to the DataSet through the grid. This would go in a different
// form event, like a Save Button click.
dbAdapter.Update();
If you don't have a primary key in the ProcessData table, you can directly insert values using this command:
// Insert the data directly with a command
SqlCommand dbInsCommand = new SqlCommand("insert into ProcessData values (" + val1 + "," + val2 + ")", dbCon);
dbInsCommand.ExecuteNonQuery();