Made insertion into an oracle database but found nothing - c#

I have tried as much to insert into an oracle database. but i found nothing in the database when i queried it. yet it returns no of isertions made into the database on every executenonquery.please find my code below
queryString = "INSERT INTO btable (CH_CODE, ME_NUM, CY_CODE, ER_CODE, SUB_CODE, _LIM, LIM__DATE)" +
" VALUES ('" + int.Parse(rows["ch_code"].ToString()) + "','" + int.Parse(rows["me_numb"].ToString()) + "','" + int.Parse(rows["cy_code"].ToString()) + "','" + int.Parse(rows["er_code"].ToString()) + "','" + int.Parse(rows["Sub_code"].ToString()) + "','" + double.Parse(rows["_limit"].ToString()) + "'," + "to_date('" + usedate +"','dd/mm/yyyy')" + "')";
command = new OracleCommand(queryString, conn);
command.Connection = conn;
if (command.Connection.State == ConnectionState.Closed)
{
command.Connection.Open();
}
//command.Connection.Open();
command.ExecuteNonQuery();
if (command.ExecuteNonQuery() > 0)
{
intResult++;
}
The connection string is
<add key="OraConnString" value="Data Source=testdr.world;Persist Security Info=False;user id=****;password=****"></add>
It was called in the program as
OracleConnection conn = new OracleConnection(ConfigurationManager.AppSettings["OraConnString"]);
OracleCommand command;
The database is an oracle database

Related

Incorrect Syntax error when inserting values into SQL database from Windows form

I want to connect a Windows Form app with SQL Server and insert values from the app textboxes to a database. When the button is clicked, I receive an error:
Incorrect syntax near the keyword "Group".
What is the problem? How can I insert this data?
private void button1_Click(object sender, EventArgs e)
{
try
{
string myconnection = #"Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=StudBase;Integrated Security=True";
string Query = "Insert Into StudentInfo (StudentID, Name,Surname,Group,Course,City,Sector,Average rating) values('" +this.textBox1.Text+"','" + this.textBox2.Text + "','" + this.textBox4.Text + "','" + this.textBox6.Text + "','" + this.textBox8.Text + "','" + this.textBox3.Text + "','" + this.textBox5.Text + "','" + this.textBox3.Text + "');";
SqlConnection Myconn = new SqlConnection(myconnection);
SqlCommand Mycom = new SqlCommand(Query, Myconn);
SqlDataReader Reader1;
Myconn.Open();
Reader1 = Mycom.ExecuteReader();
MessageBox.Show("Save data");
while (Reader1.Read())
{
}
Myconn.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}

Use this for your query statement -
string Query = "Insert Into StudentInfo (StudentID,[Name],Surname,[Group],Course,City,Sector,[Average rating]) values('" +this.textBox1.Text+"','" + this.textBox2.Text + "','" + this.textBox4.Text + "','" + this.textBox6.Text + "','" + this.textBox8.Text + "','" + this.textBox3.Text + "','" + this.textBox5.Text + "','" + this.textBox3.Text + "');";
Use [] for reserved keywords in SQL. Also the last column Average rating was not covered with [], as this column name has space then it should be quoted in [].

save informations in a data base and getting the id sql server c#

It's my first time working with SQL Server and I can't find a helpful tutorial. I am trying to get information from the UI (infos about a contact) and save it to the database (localdb in Visual Studio) then I'd like to get the id of the added contact. I use the following code:
SqlConnection con = new SqlConnection("Data Source = (LocalDB)\\MSSQLLocalDB; AttachDbFilename = E:\\c#\\contact2\\contact2\\contactbase.mdf;Integrated Security=True");
String query = "INSERT INTO contacts(Nom,Adresse,Tel,Email,Sweb) output Inseted.Id_Contact VALUES ('" + contact.Text + "','" + adr.Text + "','" + tlphn.Text + "','" + mail.Text + "','" + site.Text + "')";
con.Open();
SqlCommand cmd = new SqlCommand(query, con);
int id = 0;
id = (int)cmd.ExecuteScalar();
if (con.State == System.Data.ConnectionState.Open)
{
con.Close();
}
But it's not working, I get this exeption:
{"The multi-part identifier \"Inseted.Id_Contact\" could not be bound."}
and I don't know how to fix it.
Remark: there's is an auto_incrment for the id could you help me please

It should be output Inserted.Id_Contact ,in your code has a spelling mistake on Inserted
INSERT INTO contacts(Nom,Adresse,Tel,Email,Sweb) output Inserted.Id_Contact VALUES ('" + contact.Text + "','" + adr.Text + "','" + tlphn.Text + "','" + mail.Text + "','" + site.Text + "')";

Couldn't save to MS Access database from C#

The values staring vith cmb is a combo box. When I click the save button, it throws an error.
My code is here:
cn.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = cn;
command.CommandText = "insert into TblProductDetails(ProductID, ProductName, Category, Section, UOM, CostPrice, SellingPrice1, SellingPrice2, DiscountPercentage, DiscountAmount, MinimumPrice, Vendor, Stock) values ('" + txtProductID.Text + "','" + txtName.Text + "','" + category + "','" + section + "','" + uom + "','" + txtCostprice.Text + "','" + txtSellingPrice1.Text + "','" + txtSellingPrice2.Text + "','" + txtDiscountpercentage.Text + "','" + txtDiscountAmount.Text + "','" + txtMinimumPrice.Text + "','" + vendor + "','" + txtBeginingStock.Text + "')";
command.ExecuteNonQuery();
cn.Close();

System.Data.OleDb.OleDbConnection conn = new
System.Data.OleDb.OleDbConnection();
conn.ConnectionString = #"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Your DataBasePath";
conn.Open();
System.Data.OleDb.OleDbCommand cmd = new System.Data.OleDb.OleDbCommand();
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = "INSERT INTO TblProductDetails (ProductID, ProductName, Category, Section, UOM, CostPrice, SellingPrice1, SellingPrice2, DiscountPercentage, DiscountAmount, MinimumPrice, Vendor, Stock) VALUES(#ProductID, #ProductName, #Category, #Section, #UOM, #CostPrice, #SellingPrice1, #SellingPrice2, #DiscountPercentage, #DiscountAmount, #MinimumPrice, #Vendor, #Stock)";
cmd.Parameters.AddWithValue("#ProductID", comboBox1.Text);
cmd.Parameters.AddWithValue("#ProductName", textBox1.Text);
cmd.Parameters.AddWithValue("#Category", textBox2.Text);
cmd.Parameters.AddWithValue("#Section", textBox2.Text);
cmd.Parameters.AddWithValue("#UOM", textBox4.Text);
// continue Your Code its just example
cmd.Connection = conn;
cmd.ExecuteNonQuery();
conn.Close();

It could be many things. See comment from Steve. But you also want to check the values in the text boxes for the " ' " character (apostrophe) as if the text box contains that character then that could also cause syntax issues, check out SQL injection for more information on that. Thought this was worth a mention. You could use a DataTableAdapter for this kind of thing too, or Entity Framework just to clear that up a little (I would do).

How to delete previous table transaction if next table transaction fails

I'm inserting some data to tables one by one. I've two tables adjustment_header and adjustment_grid.
First I'll insert data to adjustment_header table then I'll insert data to adjustment_grid table. If adjustment insertion fails, previously inserted data in adjustment_header table should be delete automatically.
Is there any query for this kind of problem?
SqlCommand sqlcmd1 = new SqlCommand("INSERT INTO adjustment_header values('"+TextBox1.Text+"','"+TextBox2.Text+"','"+TextBox3.Text+"','"+TextBox4.Text+"')",conn);
conn.Open();
sqlcmd1.ExecuteNonQuery();
conn.Close();
//adjustment grid row 1
if (itemno1.SelectedItem.Text != "please select")
{
SqlCommand cmd1 = new SqlCommand("INSERT INTO adjustment_grid values('"+TextBox1.Text+"','" + itemno1.SelectedItem.Text + "','" + adj1.SelectedItem.Text + "','" + store1.SelectedItem.Text + "','" + qty1.Text + "','" + cost1.Text + "')", conn);
conn.Open();
cmd1.ExecuteNonQuery();
conn.Close();
}
//adjustment grid row 2
if (itemno2.SelectedItem.Text != "please select")
{
SqlCommand cmd2 = new SqlCommand("INSERT INTO adjustment_grid values('" + TextBox1.Text + "','" + itemno2.SelectedItem.Text + "','" + adj2.SelectedItem.Text + "','" + store2.SelectedItem.Text + "','" + qty2.Text + "','" + cost2.Text + "')", conn);
conn.Open();
cmd2.ExecuteNonQuery();
conn.Close();
}
//adjustment grid row 3
if (itemno3.SelectedItem.Text != "please select")
{
SqlCommand cmd3 = new SqlCommand("INSERT INTO adjustment_grid values('" + TextBox1.Text + "','" + itemno3.SelectedItem.Text + "','" + adj3.SelectedItem.Text + "','" + store3.SelectedItem.Text + "','" + qty3.Text + "','" + cost3.Text + "')", conn);
conn.Open();
cmd3.ExecuteNonQuery();
conn.Close();
}
In this code first I'm inserting data into adjustment_header table then I'm inserting into adjustment_grid table 3 times, in 3 transactions in adjustment_grid table any of one fails previously inserted data should be delete automatically.

Wrap the entire block in a SqlTransaction, and don't open/close your connection for each statement:
conn.Open();
using(SqlTransaction tran = conn.BeginTransaction("Adjustment"))
{
SqlCommand sqlcmd1 = new SqlCommand("INSERT INTO adjustment_header values('"+TextBox1.Text+"','"+TextBox2.Text+"','"+TextBox3.Text+"','"+TextBox4.Text+"')",conn, tran);
sqlcmd1.ExecuteNonQuery();
//adjustment grid row 1
if (itemno1.SelectedItem.Text != "please select")
{
SqlCommand cmd1 = new SqlCommand("INSERT INTO adjustment_grid values('"+TextBox1.Text+"','" + itemno1.SelectedItem.Text + "','" + adj1.SelectedItem.Text + "','" + store1.SelectedItem.Text + "','" + qty1.Text + "','" + cost1.Text + "')", conn, tran);
cmd1.ExecuteNonQuery();
}
//adjustment grid row 2
if (itemno2.SelectedItem.Text != "please select")
{
SqlCommand cmd2 = new SqlCommand("INSERT INTO adjustment_grid values('" + TextBox1.Text + "','" + itemno2.SelectedItem.Text + "','" + adj2.SelectedItem.Text + "','" + store2.SelectedItem.Text + "','" + qty2.Text + "','" + cost2.Text + "')", conn, tran);
cmd2.ExecuteNonQuery();
}
//adjustment grid row 3
if (itemno3.SelectedItem.Text != "please select")
{
SqlCommand cmd3 = new SqlCommand("INSERT INTO adjustment_grid values('" + TextBox1.Text + "','" + itemno3.SelectedItem.Text + "','" + adj3.SelectedItem.Text + "','" + store3.SelectedItem.Text + "','" + qty3.Text + "','" + cost3.Text + "')", conn, tran);
cmd3.ExecuteNonQuery();
}
tran.Commit();
}
You should also use parameters instead of string concatenation, but that's a separate issue...
I would ALSO not reference your controls directly. Put this type of logic in a separate class in a function that has parameters for the various options. That way you can decouple it from the UI and reuse it later if necessary.

Insert record(s) DB from Form

I have an Access DB connected to my form with that code ( C# ) :
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection();
conn.ConnectionString = #"Provider=Microsoft.Jet.OLEDB.4.0;Data source= Z:\Tempesta\Area Progetto\Area_Progetto_20_02_2014\Area_Progetto_DATA_MAGAZINE\Data_Magazine\Data_Magazine\DB\DataMG.mdb";
try
{
System.Data.OleDb.OleDbCommand cmd = new System.Data.OleDb.OleDbCommand();
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = "INSERT into Prodotti ([Codice],[Descrizione],[Marchio],[Deposito],[Note],[NumeroProdotti],[PrzListinoBase_Aq],[PrzListinoBase_Ve],[Categoria],[Posizione],[Disponibilita],[QtaVenduta],[QtaAcquistata]) VALUES ('" + this.Codice.Text + "','" + this.Descr.Text + "','" + this.Marchio.Text + "','" + this.Deposito.Text + "'," + this.Note.Text + "," + this.NumProd.Text + "," + this.PrzListAcq.Text + "," + this.PrzListVen.Text + ",'" + this.Categ.Text + "','" + this.Posiz.Text + "'," + this.Disp.Text + "," + this.QtaVen.Text + "," + this.QtaAcq.Text + ")";
cmd.Connection = conn;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
// MessageBox.Show("Connessione Fallita!");
conn.Close();
}
finally
{
conn.Close();
}
The error I get when i click the buttton is this one :
Any ideas?

You are missing single quotations in Insert Statement where you are assigning values to columns. Your code is vulnerable so should avoid this here is a useful link.
Are Parameters really enough to prevent Sql injections?
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection();
conn.ConnectionString = #"Provider=Microsoft.Jet.OLEDB.4.0;Data source= Z:\Tempesta\Area Progetto\Area_Progetto_20_02_2014\Area_Progetto_DATA_MAGAZINE\Data_Magazine\Data_Magazine\DB \DataMG.mdb";
try
{
System.Data.OleDb.OleDbCommand cmd = new System.Data.OleDb.OleDbCommand();
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = "INSERT into Prodotti (Codice,Descrizione,Marchio,Deposito,Note,NumeroProdotti,PrzListinoBase_Aq,PrzListinoBase_Ve,Categoria,Posizione,Disponibilita,QtaVenduta,QtaAcquistata) VALUES('" + this.Codice.Text + "','" + this.Descr.Text + "','" + this.Marchio.Text + "','" + this.Deposito.Text + "','" + this.Note.Text + "','" + this.NumProd.Text + "','" + this.PrzListAcq.Text + "','" + this.PrzListVen.Text + "','" + this.Categ.Text + "','" + this.Posiz.Text + "','" + this.Disp.Text + "','" + this.QtaVen.Text + "','" + this.QtaAcq.Text + "')";
conn.Open();
cmd.Connection = conn;
cmd.ExecuteNonQuery();
conn.Close();
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
// MessageBox.Show("Connessione Fallita!");
conn.Close();
}
finally
{
conn.Close();
}

I don't know italian (is that even the language? :) ) but from the look of it it could very well be a culture settings problem. If, for example, one of your fields is numeric then the database might expect a different decimal separator than the one in use in your UI.
Also your actual design seems very vulnerable to SQL Injection Attacks.
For these reasons, my suggestion is that you use the command's Parameters collection to set your values rather than trying to pass in a concatenated string.

I don't read the language you are posting the error from, however, it looks like a syntax error somewhere in your SqlCommand.
First thing I would suggest is wrapping your connection and command in using blocks to make sure they get disposed of correctly.
Then ALWAYS user parametarized SQL Commands to avoid SQL Injection:
using (var conn = new System.Data.OleDb.OleDbConnection(#"Provider=Microsoft.Jet.OLEDB.4.0;Data source= Z:\Tempesta\Area Progetto\Area_Progetto_20_02_2014\Area_Progetto_DATA_MAGAZINE\Data_Magazine\Data_Magazine\DB\DataMG.mdb"))
using (var cmd = new System.Data.OleDb.OleDbCommand())
{
cmd.CommandText = "INSERT INTO TableName (column1, column2, column3) VALUES (#Value1, #Value2, #Value3)";
cmd.Parameters.AddWithValue("#Value1", this.TextBox1.Text);
cmd.Parameters.AddWithValue("#Value2", this.TextBox2.Text);
cmd.Parameters.AddWithValue("#Value3", this.TextBox3.Text);
conn.Open();
cmd.ExecuteNonQuery();
}
Generally speaking, using parameters eliminates syntax errors because it makes the command much easier to read in it's string representation.

I think you may be missing single quotes around some of your text qualifiers in your INSERT statement.
"INSERT into Prodotti ([Codice],[Descrizione],[Marchio],[Deposito],[Note],[NumeroProdotti],[PrzListinoBase_Aq],[PrzListinoBase_Ve],[Categoria],[Posizione],[Disponibilita],[QtaVenduta],[QtaAcquistata]) VALUES ('" + this.Codice.Text + "','" + this.Descr.Text + "','" + this.Marchio.Text + "','" + this.Deposito.Text + "'," + this.Note.Text + "," + this.NumProd.Text + "," + this.PrzListAcq.Text + "," + this.PrzListVen.Text + ",'" + this.Categ.Text + "','" + this.Posiz.Text + "'," + this.Disp.Text + "," + this.QtaVen.Text + "," + this.QtaAcq.Text + ")";
Consider using a parameterized query rather than building your query string by hand. Not only is it safer, but it can help to weed out these kinds of errors which can be tedious to debug.
eg.
String StrSQL = "INSERT INTO tblLog ([Part_Number],[Quantity],[Date],[LOC_Warehouse],[LOC_Row],[LOC_Section],[LOC_Level],[LOC_Bin],[Stock_Added],[Stock_Removed],[Quarantine_Set],[Quarantine_Removed])"
+ "VALUES(#Part_Number, #Quantity, #Date, #Warehouse, #Row, #Section, #Level, #Bin, #Stock_Added, #Stock_Removed, #Quarantine_Set, #Quarantine_Removed)";
SqlConnection conn = new SqlConnection(WHITS.Properties.Settings.Default.LocalConnStr);
SqlCommand cmd = new SqlCommand(StrSQL, conn);
cmd.Parameters.AddWithValue("#Part_Number", Part_Number);
cmd.Parameters.AddWithValue("#Quantity", Quantity);
cmd.Parameters.AddWithValue("#Date", DateTime.Now);
//More Parameters... Skipped for brevity.
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();

Open your connection earlier. Also, use "using". Here's how I would do it:
try
{
string connectionString = #"Provider=Microsoft.Jet.OLEDB.4.0;Data source= Z:\Tempesta\Area Progetto\Area_Progetto_20_02_2014\Area_Progetto_DATA_MAGAZINE\Data_Magazine\Data_Magazine\DB\DataMG.mdb";
using (System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connectionString))
{
conn.Open();
string insertQuery = "INSERT into Prodotti ([Codice],[Descrizione],[Marchio],[Deposito],[Note],[NumeroProdotti],[PrzListinoBase_Aq],[PrzListinoBase_Ve],[Categoria],[Posizione],[Disponibilita],[QtaVenduta],[QtaAcquistata]) VALUES ('" + this.Codice.Text + "','" + this.Descr.Text + "','" + this.Marchio.Text + "','" + this.Deposito.Text + "'," + this.Note.Text + "," + this.NumProd.Text + "," + this.PrzListAcq.Text + "," + this.PrzListVen.Text + ",'" + this.Categ.Text + "','" + this.Posiz.Text + "'," + this.Disp.Text + "," + this.QtaVen.Text + "," + this.QtaAcq.Text + ")";
System.Data.OleDb.OleDbCommand cmd = new System.Data.OleDb.OleDbCommand(insertQuery, conn);
cmd.CommandType = System.Data.CommandType.Text;
cmd.ExecuteNonQuery();
conn.Close();
}
}
Edit: My bad... the code I was referencing was filling a DataAdapter, which doesn't require a call to connection.Open(). Regular querying does. My apologies... I have edited my suggestion.

Categories

Resources