I have a label for that i have to assign object value which is returned by stored procedure.my code as following
object returnvalue;
SqlConnection con = new SqlConnection("Data Source=vela21; Initial Catalog=MilkDb;Integrated Security=True");
con.Open();
string sa;
sa = textBox1.Text;
SqlCommand cmd = new SqlCommand("custname", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("Cid", SqlDbType.Int).Value = sa;
cmd.Parameters.Add("cname", SqlDbType.NVarChar, 20);
cmd.Parameters["cname"].Direction = ParameterDirection.Output;
returnvalue = cmd.ExecuteNonQuery();
label3.Text = Convert.ToString(returnvalue);
con.Close();
can anyone help me? plz........
label3.Text = Convert.ToString(cmd.Parameters["cname"].Value);
Yeah. Andrey is right...
I had the same answer...
label3.Text = Convert.ToString(cmd.Parameters["cname"].Value);
Related
I'm using the flowing code to call the oracle function with the return value,
but it returns null always
OracleCommand cmd = new OracleCommand();
using (OracleConnection cnn = new OracleConnection("Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=321352427544)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=test)));User ID=abc;Password=123;"))
{
cmd.Connection = cnn;
cmd.CommandText = "GetEmp";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("P_EMP_ID", OracleDbType.Int32).Value = 4241;
cmd.Parameters.Add(new OracleParameter("return_value", OracleDbType.Int32)).Direction = ParameterDirection.ReturnValue;
cnn.Open();
cmd.ExecuteNonQuery();
string Count = (string)cmd.Parameters["return_value"].Value;
cnn.Close();
}
the problem was solved in two ways by
add cmd.BindByName = true;
add the return parameter in the first: cmd.Parameters.Add(new OracleParameter("return_value", OracleDbType.Int32)).Direction = ParameterDirection.ReturnValue;
it always show an error Incorrect syntax near ')'.
I didnt see any wrong inputs
See my code below
byte[] content = ImageToStream(fName);
cnn.Open();
string sql = "update tblbarangayofficials set pic=#pic,fname=#fname,mname=#mname,lname=#lname,position=#position,startterm=#startterm,endterm=#endterm where id=#id)";
SqlCommand cmd1 = new SqlCommand(sql, cnn);
cmd1.Parameters.AddWithValue("#pic", SqlDbType.Image).Value = content;
cmd1.Parameters.AddWithValue("#fname", SqlDbType.VarChar).Value = txtfirstname.Text;
cmd1.Parameters.AddWithValue("#mname", SqlDbType.VarChar).Value = textBox1.Text;
cmd1.Parameters.AddWithValue("#lname", SqlDbType.VarChar).Value = txtlastname.Text;
cmd1.Parameters.AddWithValue("#position", SqlDbType.VarChar).Value = comboBox2.Text;
cmd1.Parameters.AddWithValue("#startterm", SqlDbType.DateTime).Value = dateTimePicker2.Value.Date;
cmd1.Parameters.AddWithValue("#endterm", SqlDbType.DateTime).Value = dateTimePicker1.Value.Date;
cmd1.Parameters.AddWithValue("#id", SqlDbType.Int).Value = int.Parse(ID.Text);
cmd1.ExecuteNonQuery();
cnn.Close();
MessageBox.Show("successfully updated");
dataGridView1.DataSource = db.sp_viewofficials();
it should save to sql server my save works
Your update statement has extra ending bracket which is not needed.
"update tblbarangayofficials set pic=#pic,fname=#fname,mname=#mname,lname=#lname,position=#position,startterm=#startterm,endterm=#endterm where id=#id"
This question already has answers here:
Fetch scope_identity value in C# code from stored procedure in 3 tier architecture
(2 answers)
Closed 4 years ago.
I have a stored procedure that will return the SCOPE_IDENTITY() which is the ID for the row just added.
I have run the procedure from my C# application and adds the correct data to the database. What I need is for this returned value to be stored as a string in C~ so I can populate a text box in the UI.
SqlConnection con = new SqlConnection(connectionString);
con.Open();
SqlDataAdapter aa = new SqlDataAdapter("sp_insert_order", con);
aa.SelectCommand.CommandType = CommandType.StoredProcedure;
aa.SelectCommand.Parameters.Add("#customer_id", SqlDbType.VarChar, (50)).Value = comboBox1.SelectedItem;
aa.SelectCommand.ExecuteNonQuery();
con.Close();
Changed to
SqlConnection con = new SqlConnection(connectionString);
con.Open();
SqlDataAdapter aa = new SqlDataAdapter("sp_insert_order", con);
aa.SelectCommand.CommandType = CommandType.StoredProcedure;
aa.SelectCommand.Parameters.Add("#customer_id", SqlDbType.VarChar, (50)).Value = comboBox1.SelectedItem;
object oString = aa.SelectCommand.ExecuteScalar();
string myString = "";
if (oString != null)
{
myString = oString.ToString();
textBox1.Text = myString;
}
Textbox1 is still blank. :(
Ok, we're assuming your SProc is returning properly. Try assigning an output parameter as follows:
SqlConnection cnx = new SqlConnection(WebConfigurationManager.ConnectionStrings["yourConnName"].ConnectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = cnx;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.CommandText = "testSProc";
cmd.Parameters.AddWithValue("name", "test Name");
SqlParameter outputParam = cmd.Parameters.Add("outID", SqlDbType.Int);
outputParam.Direction = ParameterDirection.Output;
object oString;
cnx.Open();
cmd.ExecuteNonQuery();
cnx.Close();
TextBox1.Text = outputParam.Value.ToString();
I'm having some 8 text boxes and one submit button. I just want to insert only one text box value into db when I press submit. So, I must press submit button 8 times to enter all the text box values into the db.
SqlConnection conn = new SqlConnection();
conn.ConnectionString = #"Data Source=Sadiq;Initial Catalog=rafi;Integrated Security=True";
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "student1";
int studid = Convert.ToInt32(TextBox1.Text);
string name = TextBox2.Text;
int age = Convert.ToInt32(TextBox3.Text);
string school = TextBox4.Text;
string clas = TextBox5.Text;
int marks = Convert.ToInt32(TextBox6.Text);
string grade = TextBox7.Text;
cmd.Parameters.Add(new SqlParameter("#stud_id", studid));
cmd.Parameters.Add(new SqlParameter("#name", name));
cmd.Parameters.Add(new SqlParameter("#age", age));
cmd.Parameters.Add(new SqlParameter("#school", school));
cmd.Parameters.Add(new SqlParameter("#class", clas));
cmd.Parameters.Add(new SqlParameter("#marks", marks));
cmd.Parameters.Add(new SqlParameter("#grade", grade));
cmd.Connection=conn;
cmd.ExecuteNonQuery();
conn.Close();
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection();
SqlCommand cmd = new SqlCommand();
SqlDataAdapter da1 = new SqlDataAdapter();
DataSet ds1 = new DataSet();
cn.ConnectionString = #"Data Source=BOPSERVER;Initial Catalog=Project;Integrated Security=True";
cn.Open();
string n = Convert.ToString(txtfid.Text);
cmd.CommandText = "select * from Personal_det where FID=" + n + "";
cmd.CommandType = CommandType.Text;
cmd.Connection = cn;
da1.SelectCommand = cmd;
da1.Fill(ds1, "Personal_det");
double dn = ds1.Tables["Personal_det"].Rows.Count;
if (dn == 0)
{
DateTime sdt = DateTime.Today;
SqlCommand cmd3 = new SqlCommand();
cn.Close();
cn.Open();
cmd3.CommandText = "insert into Personal_det(FID,Name,DOB,MobileNo,EmailId,add1,add2,add3,Pincode) values(#FID,#Name,#DOB,#MobileNo,#EmailId,#add1,#add2,#add3,#Pincode)";
cmd3.CommandType = CommandType.Text;
cmd3.Connection = cn;
cmd3.Parameters.Add("#FID", SqlDbType.VarChar,50);
cmd3.Parameters["#FID"].Value = this.txtfid.Text;
cmd3.Parameters.Add("#Name", SqlDbType.VarChar, 50);
cmd3.Parameters["#Name"].Value = this.txtname.Text;
cmd3.Parameters.Add("#DOB", SqlDbType.DateTime, 8);
cmd3.Parameters["#DOB"].Value = Convert.ToDateTime(this.txtdob.Text);
cmd3.Parameters.Add("#MobileNo", SqlDbType.Decimal, 18);
cmd3.Parameters["#MobileNo"].Value = this.txtmbl.Text;
cmd3.Parameters.Add("#EmailId", SqlDbType.VarChar, 50);
cmd3.Parameters["#EmailId"].Value = this.txtmail.Text;
cmd3.Parameters.Add("#add1", SqlDbType.VarChar, 50);
cmd3.Parameters["#add1"].Value = this.txtadd1.Text;
cmd3.Parameters.Add("#add2", SqlDbType.VarChar, 50);
cmd3.Parameters["#add2"].Value = this.txtadd2.Text;
cmd3.Parameters.Add("#add3", SqlDbType.VarChar, 50);
cmd3.Parameters["#add3"].Value = this.txtadd3.Text;
cmd3.Parameters.Add("#Pincode", SqlDbType.Decimal, 18);
cmd3.Parameters["#Pincode"].Value = this.txtpin.Text;
cmd3.ExecuteNonQuery();
cn.Close();
This is my C# code..Actually what i have done is previously i had FID as int now i converted it as varchar(50),because of some needs,i have already changed the datatype in sql..Personal_det is the table where in FID is a primary key constraint and foriegn key for other tables..Now When i am going to execute the code..it gives the error shown in the Image
Do not create CommandText using strings concatenation - such a bad practice make your sql queries vulnerable for sql-injections.
You can use SqlParameter also for "select" queries, like this.
cmd.CommandText = "select * from Personal_det where FID=#fid";
...
cmd.Parameters.Add(new SqlParameter("#fid", fidValue))
since FID is string you need to use '' as below
cmd.CommandText = "select * from Personal_det where FID='" + n + "'";
above will avoid your exception but it is not safe
You need to use parameters like you did on second case