I have a winforms app that includes the following class method:
public aSqlQuery(SqlCommand pSqlCom, string pMode = "object", bool pGetID = false)
{
try
{
string strConnection = aSystem.ConnectionString;
SqlConnection linkToDB = new SqlConnection(strConnection);
pSqlCom.Connection = linkToDB;
switch (pMode)
{
case "non query":
{
linkToDB.Open();
pSqlCom.ExecuteNonQuery();
if (pGetID == true)
{
SqlCommand sqlCom = new SqlCommand("SELECT ##IDENTITY;", linkToDB);
this.LastID = (int)sqlCom.ExecuteScalar();
}
linkToDB.Close();
}
break;
plus other switches
The pSqlCom (SqlCommand) executes fine becuase I can see the data written into the database. However the subsequent "SELECT ##IDENTITY" statement gives an invalid cast error
What am I doing wrong and how can I retrieve the new ID created by SQL within my class method?
Insert the row and get the Id it is was given with SCOPE_IDENTIY(), don't use ##IDENTITY.
You need to use SCOPE_IDENTITY() on the same connection and scope, just after the INSERT.
In your example no INSERT is performed on your connection so you can't expect to get the last generated Id.
In your example its not clear that pSqlCom performs an INSERT, if it does not any indentity function will return NULL which cannot be converted to int
EDIT
You want to use SCOPE_IDENTITY() and you want to do it in the same Command as the INSERT.
So, your statement should be somthing like
var sql =
#"INSERT <Your Data> <Your Table>;
SELECT SCOPE_IDENTIY();"
using (SqlConnection connection = new SqlConnection(strConnection))
{
using (SqlCommand command = new SqlCommand(sql, connection))
{
connection.Open();
object result = command.ExecuteScalar();
}
}
int? id = (int?)(!Convert.IsDBNull(result) ? result : null);
The correct answer it turns out was that the SELECT SCOPE_IDENTITY() statement had to form part of the same SqlCommand as the INSERT statement which preceeded it, but which I had contained in the previous SqlCommand 'pSqlCom'. Once the SELECT SCOPE_IDENTITY() was incuded as part of pSqlCom the code correctly returned the Identity.
Your call to the command should be returning something not of scalar type. Indeed you need to use Int32 instead. Chek ExecuteScalar on MSDN.
Also, I recommend you to use SCOPE_IDENTITY() instead of ##Identity. Check the following link for a detailed explanation.
Related
I am creating a WPF program where the user can create lists of products that are stored in an .sqlite database. Each product list has it's own table inside the database, who's name is chosen by the user. I need to figure out if the table already exists when I try to create them so that if they do I can ask the user to choose a different name.
I know
SELECT name FROM sqlite_master WHERE type='table' AND name='{table_name}';
is the query used to check if a table exists but how do I get this statement in boolean form using c#?
I would assume something similar to
SQLiteConnection connection = new SQLiteConnection("Data Source=filepath;Version=3");
sql = "SELECT name FROM sqlite_master WHERE type='table' AND name='{table_name}';"
SQLiteCommand command = new SQLiteCommand(sql, connection);
command.something();
But I am unsure what function of command to use to get the Boolean value of this query and how to format it.
ExecuteNonQuery() returns -1 for SELECT statements, so it would be inappropriate to use it in this case.
try using ExecuteReader(), which returns a SqliteDataReader class that contains the HasRows property, in which should be true in case of a non-empty result set.
the code:
SQLiteConnection connection = new SQLiteConnection("Data Source=filepath;Version=3");
sql = "SELECT name FROM sqlite_master WHERE type='table' AND name='{table_name}';"
SQLiteCommand command = new SQLiteCommand(sql, connection);
try
{
var result = command.ExecuteReader();
if (result.HasRows)
{
// INSERT statement here
}
}
catch (Exception e)
{
throw e;
}
I have searched for my answer only to find that there was a typo in someone's code.
I have not found why this code does not have a definition for ExecuteScalar(). I might actually need to capture Customer_Id when I actually add the row to the SQL database because it is auto increment.
Here is my code that had the problem:
if (customer_IDTextBox == null)
{
sqlConnection.Open();
string SQL = "SELECT MAX(Customer_ID) FROM Customer";
int maxId = Convert.ToInt32(SQL.ExecuteScalar());
sqlConnection.Close();
}
You need to create an instance of SqlCommand, then assign your connection and query to it.
Try this code instead. (A couple bits of advice. I've surrounded your connection and command in using statements so there's no need to close anything... they'll be disposed of. Also, always try to create connections and commands as close as possible to the point where you're going to need them.)
int maxId = -1;
if (customer_IDTextBox == null)
{
using (var sqlConnection = new SqlConnection(/* your connection string */))
{
sqlConnection.Open();
string query = "SELECT MAX(Customer_ID) FROM Customer";
using (var sqlCommand = new SqlCommand(query, sqlConnection))
{
maxId = Convert.ToInt32(sqlCommand.ExecuteScalar());
}
}
}
in my program i need to check if a record in the database already exists in the table using the if statement.
using c# i am trying to do this through an sql connection.
as i supposed that the ExecuteNonQuery(); command returns an integer value, if my supposing is true, i want to know what value is true to know that a certain record exists in the table or not. here's a sample of my code:
using (SqlConnection sqlConnection = dbUtil.GetSqlConnection(dbUtil.GetConnectionStringByName("NonConnectionString")))
{
using (SqlCommand sqlCommand = new SqlCommand("SELECT * from users where user_name like 'Adam' AND password like '123456'", sqlConnection))
{
sqlresult = sqlCommand.ExecuteNonQuery();
}
}
considering sqlresult has been initialized previously in the main as int sqlresult;
so i would like to know, that if this user 'Adam' exists in the database or not. and if he exists, then i want to proceed with an 'if' statement saying for example:
if(sqlresult == 0)
{
MessageBox.Show("Adam exists!");
}
so i just don't know the integer that it should return, and i am either not sure that this is the proper way to do it so.
thank you.
If you want to check if the user exists, you have to change your sql and use COUNT or EXISTS:
So instead of
SELECT * from users where user_name like 'Adam' AND password like '123456'
this
SELECT COUNT(*) from users where user_name like 'Adam' AND password like '123456'
Now you can use ExecuteScalar to retrieve the count of users with this username and password:
int userCount = (int) sqlCommand.ExecuteScalar();
if(userCount > 0)
// user exists ....
Note that you should use sql-parameters to prevent sql-injection:
using (SqlCommand sqlCommand = new SqlCommand("SELECT COUNT(*) from users where user_name like #username AND password like #password", sqlConnection))
{
sqlConnection.Open();
sqlCommand.Parameters.AddWithValue("#username", userName);
sqlCommand.Parameters.AddWithValue("#password", passWord);
int userCount = (int) sqlCommand.ExecuteScalar();
...
}
You should be using ExecuteScalar for cheking if the record exists. ExecuteNonQuery runs a transact-SQL statement against the connection and returns the number of rows affected for an UPDATE, INSERT, or DELETE. It doesn't apply for SELECT statements
I would use Select Top 1 Id rather than the count(*) because it can be much faster
You should do a count(1) on the table instead of a select * and then executescalar to get that integer value.
Using your existing code I would change it to be:
using (SqlConnection sqlConnection = dbUtil.GetSqlConnection(dbUtil.GetConnectionStringByName("NonConnectionString")))
{
using (SqlCommand sqlCommand = new SqlCommand("SELECT count(1) from users where user_name = 'Adam' AND password = '123456'", sqlConnection))
{
sqlresult = sqlCommand.ExecuteNonQuery();
}
}
Please note that I have used equals values instead of like values.
Also if I were do to this I would change your inline sql to use a stored procedure.
If someday you want to use EF just do:
private MyDb db = new MyDb();
public bool UserExists(string userName, string password){
return db.Users.Any(x => x.user_name.Equals(userName, StringComparison.InvariantCultureIgnoreCase)
&& x.password.Equals(password, StringComparison.InvariantCultureIgnoreCase));
}
Or do a generic method, so you can handle multiple entites:
public bool EntityExists<T>(Expression<Func<T, bool>> predicate) where T : class, new()
{
return db.Set<T>().Any(predicate);
}
Usage:
EntityExists<Users>(x => x.user_name.Equals(userName, StringComparison.InvariantCultureIgnoreCase)
&& x.password.Equals(password, StringComparison.InvariantCultureIgnoreCase));
How to properly do the following update:
using (OracleConnection conn = new OracleConnection())
using (selCmd)
{
string sql1 = "update Table1 set name = joe where id = 10;"
string sql2 = "update Table2 set country = usa where region = americas;"
string sql3 = "update Table3 set weather = sunny where state = CA;"
string sql4 = "update Table4 set engine = v8 where maker = benz;"
cmdUpdate.CommandText = sql(#);
cmdUpdate.Connection = conn;
recs = cmdUpdate.ExecuteNonQuery();
}
I am aware of all or nothing if it's a transaction but I just to see how it works with correct approach.
I'm thinking iterate an array of items [sql1,sql2,sql3,sql4] and pass sql(#) in the CommandText and perform ExecuteNonQuery each time.
If I remember correctly, it is possible to concatenate multiple SQL statements in one string separated by semi-colons (;). Otherwise, there is nothing wrong with executing multiple ExecuteNonQuery() calls.
string sql1 = "BEGIN update Table1 set name = 'joe' where id = 10;",
sql2 = "update Table2 set country = 'usa' where region = 'americas';",
sql3 = "update Table3 set weather = 'sunny' where state = 'CA';",
sql4 = "update Table4 set engine = 'v8' where maker = 'benz'; END;";
string sql = string.Format("{0}{1}{2}{3}",sql1,sql2,sql3,sql4);
using (OracleConnection conn = new OracleConnection())
using (OracleCommand cmdUpdate = new OracleCommand(sql, conn))
{
conn.Open();
recs = cmdUpdate.ExecuteNonQuery();
}
I recently came across this issue in some old code. We dynamically build chain of SQL calls (with support for Oracle and Sql Server). Since there is no current Oracle production implementation, nobody tested Oracle operation and customer bugs are not coming in. I found a code that builds chain of commands and then, for Oracle it uses String.Split(';'). Then, it uses a loop to execute each statement in transaction: rowsAffecter += ExecuteNonQuery....
I don't like this idea because without parameterization it is dangerous approach, since some data can contain ;. But even if parameterization is in place...
... one of the issues of making anonymous block for Oracle ("begin... end;") is that ExecuteNonQuery will not return number of rows (returns -1), which is sometimes needed to judge if something got updated or not.
to solve this issue I've done this
private string AppendOracleCountOrNothing(StringBuilder sql)
{
if (_myProvider == Providers.Oracle)
sql.AppendLine("rowCnt := rowCnt + SQL%ROWCOUNT;");
}
public void SomeMethod()
{
var longSqlChain = new StringBuilder(2000);
longSqlChain.Append("Insert into table...;");
AppendOracleCountOrNothing(longSqlChain);
if (someCondition)
{
longSqlChain.AppendLine("Update anotherTable...;");
AppendOracleCountOrNothing(longSqlChain);
}
// may be, add some more sql to longSqlChain here....
int rowsAffected;
if (_myProvider == Providers.Oracle)
{
longSqlChain.Insert(0, #"DECLARE
rowCnt number(10) := 0
BEGIN
").AppendLine(#":1 := rowCnt;
END;");
// Now, here we have some abstract wrappers that hide provider specific code.
// But the idea is to prepare provider specific output parameter and then parse its value
IDataParameter p = ParameterWrapper.PrepareParameter(":1", 0, ParameterDirection.Output, myProvider); // note IDataParameter
SqlExecWrapper.ExecuteNonQuery(_myProvider, CommandType.Text, sql, new[]{p});
rowsAffected = p.GetParameterValue(); // GetParameterValue is an extension on IDataParameter
}
else // sql server
{
rowsAffected = SqlExecWrapper.ExecuteNonQuery(_myProvider, CommandType.Text, sql, null);
}
}
This way we make one trip to DB and get the return number of rows affected by this call. and queries can be parameterized as well. Again, better to develop abstraction layer, so, you can call something like parameterizer.CreateParameter(10), which will add parameter to collection and generate :1, :2, :3, etc. (oracle) and #1, #2, #3, etc. (sql server), in your sql statement.
Another approach is to create a simple extension method (ExecuteMultipleNonQuery) that simply splits the string on all semicolons and executes each statement in a loop:
public static class DbCommandExtensions {
public static void ExecuteMultipleNonQuery(this IDbCommand dbCommand)
{
var sqlStatementArray = dbCommand.CommandText.Split(new string[] {";"}, StringSplitOptions.RemoveEmptyEntries);
foreach (string sqlStatement in sqlStatementArray)
{
dbCommand.CommandText = sqlStatement;
dbCommand.ExecuteNonQuery();
}
}
}
I need to retrieve a value from a field in database. I have the used following code. but the value checkOrderId (which I need) shows the SQL string instead of the value from database. I don't know why it is doing so. Could somebody help me please?
string connectionString = "Data Source = xxyyzz;Initial Catalog = xyz; Integrated Security = True";
SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
string tableName = "[GIS].[SecondaryTraffic].[PotentialBackHauls]";
string checkOrderId = "Select TOP 1 OrderID From" + tableName + "ORDER BY InsertDate DESC";
SqlCommand cmd = new SqlCommand(checkOrderId, connection);
//cmd.ExecuteNonQuery();
OpenPop.Pop3.Pop3Client popConn = new OpenPop.Pop3.Pop3Client();
if (orderIdentity == checkOrderId)
{
popConn.DeleteMessage(messageNumber);
}
connection.Close();
I am new and dont have reputation to answer my question immediately. With everybody's help, i got this one solved...Great help, thanx everybody...following is my code.
string connectionString = "Data Source = EAEDEV;Initial Catalog = GIS; Integrated Security = True";
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
string tableName = "[GIS].[SecondaryTraffic].[PotentialBackHauls]";
string checkOrderId = "Select TOP 1 OrderID From " + tableName + " ORDER BY InsertDate DESC";
SqlCommand cmd = new SqlCommand(checkOrderId, connection);
string valueReturned = (string)cmd.ExecuteScalar();
OpenPop.Pop3.Pop3Client popConn = new OpenPop.Pop3.Pop3Client();
if (orderIdentity == valueReturned)
{
popConn.DeleteMessage(messageNumber);
}
connection.Close();
}
You need to execute the query and check the results, here you are just comparing a string with the query SQL.
Please see here
http://www.csharp-station.com/Tutorial/AdoDotNet/lesson03
for a tutorial.
Your expectation of the result being set into checkOrderId is incorrect. In this instance checkOrderId is just the query to execute and not the actual result.
You need to read the value back from executing the command:
using (var connection = new SqlConnection(connectionString))
using (var comm = new SqlCommand("Select TOP 1 OrderID From [GIS].[SecondaryTraffic].[PotentialBackHauls] ORDER BY InsertDate DESC", connection))
{
connection.Open();
object result = comm.ExecuteScalar(); // This is the key bit you were missing.
if (result != null)
{
// You can cast result to something useful
int orderId = (int)result;
}
} // Both comm and connection will have Dispose called on them here, no need to Close manually.
ExecuteScalar returns the value in the first cell (ie, column 1 row 1) as an object that you can cast to a better type (depending on what type it was in the result-set schema).
If you need to read multiple values, you need to look at ExecuteReader.
There are also other ways of doing this using output parameters, but that would pollute the point of the answer.
You can add space to your query
"Select TOP 1 OrderID From " + tableName + " ORDER BY InsertDate DESC";
Nota : I suggest you to use AddWithValue method with your parameter
string checkOrderId = "Select TOP 1 OrderID From #tableName ORDER BY InsertDate DESC";
SqlCommand cmd = new SqlCommand(checkOrderId, connection);
cmd.Parameters.AddWithValue("#tableName", tableName );
Link : http://msdn.microsoft.com/fr-fr/library/system.data.sqlclient.sqlparametercollection.addwithvalue.aspx
You don't actually run your command anywhere. Instead of the commented-out cmd.ExecuteNonQuery, you should look into the ExecuteScalar method, which allows you to read back a single result value from a query - which is what your query returns.
Add
int i = (Int32) cmd.ExecuteScalar();
right after
SqlCommand cmd = new SqlCommand(checkOrderId, connection);
then the variable i will contain the order id
No, this is not correct. You are comparing the variable orderId to your query string. I doubt that's what you want to do. I imagine you'd be better off calling cmd.ExecuteScalar() to retrieve the actual OrderID value. As noted by other answers, your query string is missing a space. But most importantly, it is bad practice to construct SQL queries in code. Although I can't see a security issue with this code, if you continue to use this method you will probably write code that is vulnerable to SQL injection. I recommend you learn to either use parameters or LINQ to build your queries.