I got a gridview which is connected to a datasource getting values from there.I created a selectedindexchanged function to work when select is clicked.it shows ID , orderID,From,To and Price values and opens panel which has 4 textbox's and a dropdownlist if user wants to change those values.Everything is fine until here.When user changes some values and clicks submit nothing changes in database.I got the values using id ; " string id = orderGrid.SelectedRow.Cells[1].Text; "
here is my submit button code ;
protected void submitButton_Click(object sender, EventArgs e)
{
string id = orderGrid.SelectedRow.Cells[1].Text;
OleDbConnection con = new OleDbConnection(#"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("db.mdb") + ";Persist Security Info=False");
string query = "update ordersTable set orderID=#testID,fromLocation=#from,toLocation=#to,price=#price WHERE ID = #id ";
OleDbCommand cmd = new OleDbCommand(query, con);
cmd.Parameters.AddWithValue("#id", id);
cmd.Parameters.AddWithValue("#testID", orderBox.Text);
cmd.Parameters.AddWithValue("#from", fromText.Text);
cmd.Parameters.AddWithValue("#to", toList.SelectedItem.Text);
cmd.Parameters.AddWithValue("#price", priceBox.Text);
try
{
con.Open();
cmd.ExecuteNonQuery();
con.Close();
Response.Write("Edit Complete !");
}
catch (Exception ex)
{
Response.Write("Error : " + ex);
}
orderGrid.DataBind();
}
id string works perfectly fine in my selectedindexchanged function.
In OleDb parameters are recognized by their position not by their name.
Your parameter placeholder #ID is the last one in the query, but you add it as the first one in the collection.
This result in your WHERE condition to be totally wrong
(you search for a record whose ID is equal to the content of the priceBox)
Just move the insert of the ID as last parameter
cmd.Parameters.AddWithValue("#testID", orderBox.Text);
cmd.Parameters.AddWithValue("#from", fromText.Text);
cmd.Parameters.AddWithValue("#to", toList.SelectedItem.Text);
cmd.Parameters.AddWithValue("#price", priceBox.Text);
cmd.Parameters.AddWithValue("#id", id);
This is the primary problem, but I can see another one caused by your use of AddWithValue. This is an handy shortcut, but sometime it make you pay for it.
In your case, you pass to the #price parameter a string and, if your price field is a decimal (as it should be) then the database engine will attempt a conversion from a string to a decimal and if the decimal separator is not the same you end with a wrong value in the database. Better check the value in the priceBox and convert it yourself to a decimal.
See Can we stop to use AddWithValue already?
Related
I have used this code to display the employee's first name and last name from the provided database when an employee id number is typed into the text box and the “Find” button is clicked. But I will also need Previous and Next Button to display previous and next records respectively in textbox as well. Is there a method like MovePrevious and MoveNext sth to get it?
Here is my code :
private void button1_Click(object sender, EventArgs e)
{
string constr = #"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\\CCEMPLOYEE.mdb";
OleDbConnection con = new OleDbConnection(constr);
{
using (OleDbCommand cmd = new OleDbCommand("SELECT emp_fname, emp_lname, emp_mi FROM Employee WHERE emp_id =#ID "))
{
if (idText.Text != "")
{
cmd.Parameters.AddWithValue("#ID", int.Parse(idText.Text));
cmd.CommandType = CommandType.Text;
cmd.Connection = con;
con.Open();
using (OleDbDataReader sdr = cmd.ExecuteReader())
{
try
{
sdr.Read();
fnameText.Text = sdr["emp_fname"].ToString();
lnameText.Text = sdr["emp_lname"].ToString();
miText.Text = sdr["emp_mi"].ToString();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
else
{
MessageBox.Show("You did not enter any ID", "Enter the ID ",
MessageBoxButtons.OK);
}
con.Close();
}
}
}
You won't be able to go Next or Previous in your provided code because you only have one record in your recordset.
You will also have the problem that you haven't specified the basis for what "Previous" and "Next" mean, the framework has no idea that you mean next by emp_id (or do you mean next by alphabetical surname?)
I would suggest your Prev and Next buttons need to be aware of what "this" record is, and use that as a parameter to run a similar piece of code when they are clicked. You could add an int property to your class, have the Find button store the emp_id into that property, and then have the Next and Prev buttons call almost identical code except with the SQL adjusted to something like "SELECT TOP 1 emp_fname, emp_lname, emp_mi FROM Employee WHERE emp_id > #ID ORDER BY emp_id ASC" (note I don't have anything on me to test this at the moment, you might need to sort DESC).
The reason I've suggested TOP 1, > and ORDER By is I don't know if you have a guarantee that you have sequential emp_id - obviously if you know they're sequential and can guarantee that always you could just go "SELECT... WHERE emp_id = #ID-1" for Prev...
This answer is academic, not practical, I don't suggest this is a good solution to a production scenario - it's an answer to your question.
I am new to C#. I am trying to save the numbers into a SQL Server database table (locally) but I get an error:
Cannot insert the value NULL into column
My code:
private void SaveBtn_Click(object sender, EventArgs e)
{
try
{
SqlConnection conn = new SqlConnection(#"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\fn1965\Desktop\Work\TESTDB\NumDB.mdf;Integrated Security=True;Connect Timeout=30");
conn.Open();
string insert_query = "INSERT into [NumericTable] (Num1, Num2, Total) VALUES (#Num1, #Num2, #Total)";
SqlCommand cmd = new SqlCommand(insert_query, conn);
cmd.Parameters.AddWithValue("#Num1", textBox1.Text);
cmd.Parameters.AddWithValue("#Num2", textBox2.Text);
cmd.Parameters.AddWithValue("#Total", textBox3.Text);
cmd.ExecuteNonQuery();
MessageBox.Show("Record saved");
conn.Close();
}
catch (Exception ex)
{
MessageBox.Show("EROR:"+ ex.ToString());
}
}
Table schema
You can see in the image that the column Id is the only one that does not support null values. Since the column is not identity and as you are not providing a value on your insert, then the INSERT fail with the given exception. This code will work (only if there isn't a record with Id = 1 already):
string insert_query = "INSERT into [NumericTable] (Num1,Num2,Total, Id) Values (#Num1,#Num2,#Total, #id)";
SqlCommand cmd = new SqlCommand(insert_query, conn);
cmd.Parameters.AddWithValue("#Num1", textBox1.Text);
cmd.Parameters.AddWithValue("#Num2", textBox2.Text);
cmd.Parameters.AddWithValue("#Total", textBox3.Text);
cmd.Parameters.AddWithValue("#Id", 1);
cmd.ExecuteNonQuery();
I assume that this is obviously not the desired fuctionality. What you should do is either set the Id column to identity = true or set a value on the insert.
I also encourage you to not use AddWithValue method since it can lead you to some undesired problems. You can read more here: https://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/
That screenshot you took of your table columns design; get back to that, then click the id column, look in the Properties grid for Identity Specification (might need to expand it) and set it to Yes. Set other properties relevant to your needs and save the table.
Borrowed from another SO question:
There are ways to do this from script but they're generally longer/more awkward than using the UI in management studio.
This will (should) change th column so it auto inserts an incrementing number into itself when you insert values for other rows. Someone else has posted an answer as to how to insert values for it yourself but my recommendation to you as a learner is to use auto increment to save the additional needless complication of providing your own primary key values
This code is supposed to save some values in textboxes to a specific row. The code runs just fine with no hiccups, but refuses to actually update the database no matter what I do.
try
{
using (var con = new OleDbConnection())
{
con.ConnectionString = #"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb;";
con.Open();
using (var com = new OleDbCommand())
{
com.Connection = con;
com.CommandText = "UPDATE gym SET BMI = #bmi and Health = #health and weight_change_to_healthy_bmi = #weight WHERE ID = #id";
com.Parameters.AddWithValue("#bmi", bmi.Text);
com.Parameters.AddWithValue("#health", health.Text);
com.Parameters.AddWithValue("#weight", change.Text);
com.Parameters.AddWithValue("#id", id.Text);
com.ExecuteNonQuery();
}
}
MessageBox.Show("Saved");
}
catch (Exception ex)
{
MessageBox.Show("Not saved: " + ex.Message);
}
Any help would be much appreciated.
As Alex mentioned, SET part needs , instead of AND for multiple columns.
Check UPDATE syntax1;
UPDATE table_name
SET column1=value1,column2=value2,...
WHERE some_column=some_value;
But I wanna say a few things more;
Don't use AddWithValue as much as you can. It may generate unexpected and surprising results sometimes. Use Add method overload to specify your parameter type and it's size.
Open your connection just before you execute your command. That means, you should open your connection just before your ExecuteNonQuery line.
Based on it's name, ID column should be some numeric value instead of character. Consider to change it's type or consider to change it's column name that refers some character typed column name.
1: I know I know.. a w3school link
Setting aside the salt and hash debate. And Please reply only if you know the answer.
I am trying to create a method where a user enters their credentials with date and times are recorded automatically when logging in and out.
I have two problems
Problem 1 -
I have created a simple method just for logging in and out. When I included the date and time code I noted that these where recorded and stored for all users. I currently have two users. So if one user logins date and time are recorded and stamp for the other user.
Problem 2 -
The second problem is as the subject headers says I get a error message when the Update command parameter is in the same method as with Select.
If anyone could help me I would be grateful with both of the problems. Hopefully It is only a minor issue? If omitting date and time then I will be grateful if someone could help me on multi login function.
Access 2003 ~ Two tables. Table 1 - Named LoginTable Table 2 - Named LoginLogTable
LoginTable
FieldName DataType
UserName Text
Password Text
LoginLogTable
FieldName DataType
UserNameID Text
UserName Text
LoggedIn Date/Time
LoggedInTime Date/Time
private void btnLogin_Click(object sender, EventArgs e)
{
using (var command = myCon.CreateCommand())
{
command.CommandText = "select UserName, Password from LoginTable where WHERE STRCOMP(UserName, #UserName,0) = 0 AND STRCOMP(Password, #Password,0)=0";
command.Parameters.AddWithValue("UserName", (txtUserName.Text));
command.Parameters.AddWithValue("Password", (txtPassword.Text));
myCon.Open();
var reader = command.ExecuteReader();
{
if (reader.HasRows)
{
MessageBox.Show("Login Successful");
Form2 frm = new Form2();
frm.Show();
while (reader.Read())
{
txtUserName.Text = reader["UserName"].ToString();
txtPassword.Text = reader["Password"].ToString();
}
OleDbCommand cmd = new OleDbCommand();
cmd.Connection = myCon;
cmd.CommandText = "UPDATE [LoginLogTable] SET [LoggedInDate] = ?, [LoggedInTime] = ?";
cmd.Parameters.AddWithValue("#LoggedInDate", DateTime.Now.ToShortDateString());
cmd.Parameters.AddWithValue("#LoggedInTime", DateTime.Now.ToString("HH:mm"));
cmd.ExecuteNonQuery();
myCon.Close();
}
else MessageBox.Show("Login Falied");
}
}
myCon.Close();
myCon.Close();
}
You don't have any condition in your update query, so it will update all records in the table. Add a condition to only update a single record. I don't know what you have in your table, but something like this:
cmd.CommandText = "UPDATE [LoginLogTable] SET [LoggedInDate] = ?, [LoggedInTime] = ? where UserName = ?";
cmd.Parameters.AddWithValue("LoggedInDate", DateTime.Now.ToShortDateString());
cmd.Parameters.AddWithValue("LoggedInTime", DateTime.Now.ToString("HH:mm"));
cmd.Parameters.AddWithValue("UserName", txtUserName.Text);
You should close and dispose the first data reader and command before executing the second command.
I suppose you need a UserName column in your LoginLogTable and update table something like this
UPDATE [LoginLogTable] SET [LoggedInDate] = ?, [LoggedInTime] = ? WHERE UserName = 'YourUserName'.
And the second, I believe you no need a Reader here. You can use ExecuteScalar instead Reader. The second command can not run because a Reader has open state.
I have a button within my web page to inserts a few values into sql server columns. One of these values happens to be of data type Date. The following is my code for my asp.net page:
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd1 = new SqlCommand("insert into dbo.FillTable values ('TextBox2.Text', 'TextBox1.Text', 'FA0005')",con);
SqlDataAdapter dr = new SqlDataAdapter(cmd1);
con.Close();
DataSet dl = new DataSet();
dr.Fill(dl);
//Label5.Text = dl.Tables[0].Rows[1][9].ToString();
}
I want to be able to have the user enter the date in the format (yyyy-MM-dd), which is the date format for my sql server. "TextBox2" is the textbox that holds the date input. Whenever I simply hard code the date as for ex. '2010-01-01', '50', 'FA0005', it works well and inserts the record. However, when I code is as 'TextBox2.Text', 'TextBox1',etc. It gives me an error saying "Conversion failed when converting date and/or time from character string". Can someone help me with this? Its confusing me because having the date in 'yyyy-mm-dd' format works well, which is same as the textbox.
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd1 = new SqlCommand(string.Format("insert into dbo.FillTable values ('{0}', '{1}', 'FA0005')", TextBox2.Text, TextBox1.Text), con);
SqlDataAdapter dr = new SqlDataAdapter(cmd1);
con.Close();
DataSet dl = new DataSet();
dr.Fill(dl);
}
Now, let's break down the string.Format function. It says that if I have a string to format like this "Hello {0}!", anything I pass in at the zero index of the function will replace every occurrance of {0}. So, let's say I have this string "Hello {0}, and I say again hello {0}!" and I used it like this string.Format("Hello {0}, and I say again hello {0}!", "world"), I would get a string like this "Hello **world**, and I say again hello **world**!".
Note
However, the above solution leaves you open to SQL Injection, so if you want to protect against that then let's go this route.
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd1 = new SqlCommand("insert into dbo.FillTable values (#TextBox2Val, #TextBox1Val, 'FA0005')", con);
cmd1.AddParameterWithValue( "TextBox1Val", TextBox1.Text );
cmd1.AddParameterWithValue( "TextBox2Val", TextBox2.Text );
SqlDataAdapter dr = new SqlDataAdapter(cmd1);
con.Close();
DataSet dl = new DataSet();
dr.Fill(dl);
}
Now let's break this down. The statement sent to the SQL server is just what you see, with the #paramname in the string. But, it will send it as a prepare and prepare that statement with the values you provided in the AddParameterWithValue method. Note that here, as long as the value in the TextBox2.Text is a date you don't have to concern yourself with the format because SQL server will take care of that. Bear in mind that SQL server stores it in one format and you'll display it in another but it can convert from a myriad of formats as long as they are valid.
Now, as stated by #Willem, it would behoove you to ensure that the value in TextBox2.Text is in fact a date, so let's do that, add this snippet at the top of the function ...
DateTime theDate;
if (!DateTime.TryParse(TextBox2.Text, out theDate))
{
// throw some kind of error here or handle it with a default value
...
}
... and then modify the line with the AddParameterWithValue like this ...
cmd1.AddParameterWithValue( "TextBox2Val", theDate );
You don't quite have the mechanism of getting the text box values into the insert correct. Additionally this style of database insertion leaves you vulnerable to SQL Injection attacks. One better option would be to parameterize your SqlCommand, as follows:
SqlCommand cmd1 = new SqlCommand("insert into dbo.FillTable values (#Date1, #Date2, #SomeString)",con);
Then, you can specify parameters as follows:
cmd1.Parameters.AddWithValue("#Date1",TextBox1.Text);
cmd1.Parameters.AddWithValue("#Date2",TextBox2.Text);
cmd1.Parameters.AddWithValue("#SomeString,"FA0005");
Specifying parameters eliminates the SQL Injection risk, and also provides a clean mechanism for getting the values from your text boxes to your INSERT. Hope this helps.
You're inputting the text "TextBox2.Text" into the database, not the value of the textbox. Remove the quotes from TextBox2.Text:
SqlCommand cmd1 = new SqlCommand("insert into dbo.FillTable values
('" + TextBox2.Text + "', '" + TextBox1.Text + "', 'FA0005')",con);
As noted above, you're leaving yourself open to SQL Injection when you're appending strings like this.