I got a situation here. I need to insert values into tables depending on what a user provides on the Window form.
If a good does not exist and more than is necessary is acquired the the excess must be entered into a table called "BulkAvailable" this is where a big exists in my code as when I comment this part out the code runs well.
Please find the piece of code below
try
{
SqlConnection con = new SqlConnection("Data Source=PV10\\LOCALSERVER;Initial Catalog=SmallSoftwareDB;Integrated Security=True;Pooling=False");
con.Open();
float a = float.Parse(textBox8.Text, System.Globalization.CultureInfo.InvariantCulture);
int b = int.Parse(textBox9.Text);
float c = a * b;
var T = c.ToString(System.Globalization.CultureInfo.InvariantCulture);
float x = float.Parse(textBox4.Text, System.Globalization.CultureInfo.InvariantCulture);
int z = int.Parse(textBox3.Text);
float y = x * z;
var total = y.ToString(System.Globalization.CultureInfo.InvariantCulture);
int d = b - z;
string uba = "insert into BulkSale(ProductName, ProductSource, Date, Quantity, Type, UnitPrice, Total, Nature) values('" + textBox1.Text + "', '" + textBox2.Text + "', '" + dateTimePicker1.Value + "', '" + textBox3.Text + "', '" + textBox6.Text + "', '" + textBox4.Text + "', '" + textBox5.Text + "', '"+textBox7.Text+"')";
string A = "insert into BulkInput(ProductName, ProductSource, Date, Quantity, Type, UnitPrice, Total, Nature) values('"+textBox1.Text+"','"+textBox2.Text+"','"+dateTimePicker1.Value+"','"+b+"','"+textBox6.Text+"','"+a+"','"+c+"', '"+textBox7.Text+"')";
SqlCommand cmd = new SqlCommand(uba, con);
SqlCommand X = new SqlCommand(A, con);
cmd.ExecuteNonQuery();
X.ExecuteNonQuery();
try
{
if (int.Parse(textBox9.Text) > int.Parse(textBox3.Text))
{
string B = "insert into BulkAvailable(ProductSource,ProductName,Date,Quantity,Type) values('" + textBox2.Text + "','" + textBox1.Text + "','" + dateTimePicker1.Text + "','" + d + "','" + textBox6.Text + "')";
SqlCommand Bc = new SqlCommand(B, con);
Bc.ExecuteNonQuery();
}
else
{
MessageBox.Show("You successfully Bought and Sold", " ", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
}
catch (Exception aze)
{
MessageBox.Show(aze.Message, " ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
MessageBox.Show("Operation Successfully Executed", " ", MessageBoxButtons.OK, MessageBoxIcon.Information);
con.Close();
}
catch (Exception er)
{
MessageBox.Show(er.Message, " ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
When I run the code it returns an exception message:
"String of binary data would be truncated. The statement has been terminated"
You should check your fields in database. This error means that you are tring to insert string with more length than the boundaries of the field.
So for an example if you have db field ProductName defined as varchar(50) and you try to insert value which have 52 characters in it, you will receive this error.
We can't tell you on which exact field this happen, you should check it manually. You can try to execute the query in the DB and see if the error gives you the field name, but in the past this not happen.
You should implement some validation checks about your fields, if they go over some Length show an error message or cut the string using Substring method.
Related
I've a problem with SqlConnection in C#. I do a large number of INSERT NonQuery, but in any case SqlConnection save in the database always the first 573 rows. This is the method I use for queries. In this method there is a lock because I use different thread to save the data.
public void InsertElement(string link, string titolo, string text)
{
string conString = "*****************";
using (SqlConnection connection = new SqlConnection(conString))
{
connection.Open();
text = text.Replace("\"", "");
DateTime localDate = DateTime.Now;
lock (thisLock)
{
string query = "IF (NOT EXISTS(SELECT * FROM Result " +
" WHERE Link = '" + link + "')) " +
" BEGIN " +
" INSERT INTO Result ([Titolo],[Link],[Descrizione],[DataRicerca],[FKDatiRicercheID]) " +
" VALUES('" + titolo + "', '" + link + "', '" + text + "', '" + localDate + "', 1) " +
" END";
if (connection != null)
{
SqlCommand cmd = new SqlCommand(query, connection);
cmd.ExecuteNonQuery();
}
}
}
}
This is the code of the loop that call the method InsertElement()
public void Save()
{
string[] DatiLetti;
string url = "";
while (result.Count > 0)
{
try
{
url = result.Last();
result.RemoveAt(result.Count - 1);
DatiLetti = ex.DirectExtractText(url);
if (DatiLetti[0].Length > 2)
{
ssc.InsertGare(url, DatiLetti[0], DatiLetti[1]);
}
}
catch (Exception exc)
{
logger.Error("Exception SpiderSave> " + exc);
}
}
}
Result is a volatile array that is progressively filled from other thread. I'm sure that the array contains more than 573 items.
I try to search one solution, but all the answers say that the number of database connections for SQLServer is over 32K at a time and I've already checked this number in my database. Is there anyone who can help me understand the problem?
Don't open a connection for every insert. Use one connection, then pass that connection through to your insert, like this :
public void InsertElement(string link, string titolo, string text, SqlConnection conn)
{
text = text.Replace("\"", "");
DateTime localDate = DateTime.Now;
lock (thisLock)
{
string query = "IF (NOT EXISTS(SELECT * FROM Result " +
" WHERE Link = '" + link + "')) " +
" BEGIN " +
" INSERT INTO Result ([Titolo],[Link],[Descrizione],[DataRicerca],[FKDatiRicercheID]) " +
" VALUES('" + titolo + "', '" + link + "', '" + text + "', '" + localDate + "', 1) " +
" END";
if (connection != null)
{
SqlCommand cmd = new SqlCommand(query, connection);
cmd.ExecuteNonQuery();
}
}
}
I recommend also looking at paramatizing your query, as well as using bulk inserts, and not individual inserts
If you are executing InsertElement() once for each rows of data to insert, then the execution will be too slow for large no. of rows. (Also, you are creating SqlConnection for each query execution.) Try adding many rows at once using a single INSERT query:
INSERT INTO tablename
(c1,c2,c3)
VALUES
(v1,v2,v3),
(v4,v5,v6)
...
I'm trying to write to a database and am getting the "Input String Was Not In Correct Format" error. I'm assuming it's the data types on the last two columns but I'm not sure how to change. In SQL Server, they are both of the money datatype. Code below:
string query = null;
for (int i = 0; i < result.Tables[0].Rows.Count; i++)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
query = "INSERT INTO Upload(Email, TimeStamp, EmployeeId, Name, Title, Department, Race, Gender, AnnualizedBase, AnnualizedTCC) VALUES ('"
+ System.Web.HttpContext.Current.User.Identity.GetUserId() + "', "
+ " '" + DateTime.Now + "', "
+ " '" + result.Tables[0].Rows[i][0].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][1].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][2].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][3].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][4].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][5].ToString() + "', "
+ Convert.ToInt32(result.Tables[0].Rows[i][6]) + ", "
+ Convert.ToInt32(result.Tables[0].Rows[i][7])
+ ")";
con.Open();
SqlCommand cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
con.Close();
}
The error Input string was not in correct format is most likely caused by one of the values in your column not being convertible to an int. If the datatype in SQL is money then you should try and convert to a decimal and not an int. Try this for each row:
decimal num;
if (decimal.TryParse(result.Tables[0].Rows[i][6], out num))
{
// use num because it is indeed a decimal (money in SQL)
}
else
{
// What do you want to do? Log it and continue to next row?
}
Also please read Bobby Tales and example of paratmetrized query.
The current program I am building is used to save invoices and I want to save data into a database. However instead of repeating this code shown below 20 times for each possible entry i would like to create a function with the text box name changing in the function.
All the text boxes are named with a number at the end from 1 to 20. I was wondering if there is a way to have a function that would change the number at the end and if its even worth doing compared to repeating this 20 times.
if (txtProductID1.Text.Length > 0)
{
OleDbConnection oledbconnection1 = new OleDbConnection();
oledbconnection1.ConnectionString = Con;
OleDbCommand cmd;
String strInsert = "";
//Generate SQL Statement
strInsert = "Insert into [InvoiceOrder] Values (";
strInsert += "'1', ";
strInsert += "'" + txtInvoiceNo.Text + "', ";
strInsert += "'" + txtProductDescription1.Text + "', ";
strInsert += "'" + txtOrderNo1.Text + "', ";
strInsert += "'" + cboUnit1.Text + "', ";
strInsert += "'" + txtAmount1.Text + "', ";
strInsert += "'" + txtPrice1.Text + "', ";
strInsert += "'" + txtSum1.Text + "', ";
strInsert += "'" + txtDiscount1.Text + "' ";
strInsert += ")";
try
{
oledbconnection1.Open();
cmd = new OleDbCommand();
cmd.CommandText = strInsert;
cmd.Connection = oledbconnection1;
cmd.ExecuteNonQuery();
//MessageBox.Show("Record saved");
}
catch (Exception ex)
{
MessageBox.Show("Error : " + ex.ToString());
}
finally
{
oledbconnection1.Close();
}
}
First, parameterize your query. Aside from security, the query you're building up is going to trip you up when you forget a single apostrophe somewhere.
As for iterating through the controls, perhaps Controls.Find() will work for you. The following code assumes all controls have a number from 1 to 20, and each number occurs once and only once on the form. (In your example, txtInvoiceNo does not have a number - I assume that's a typo.)
I made a few other changes too, like replacing your finally block with a using block, which will close and dispose your connection for you.
for (var i = 1; i <= 20; i++)
{
if (!String.IsNullOrEmpty(Controls.Find("txtProductID" + i, true).Single().Text))
{
using (var oledbconnection1 = new OleDbConnection())
{
oledbconnection1.ConnectionString = Con;
oledbconnection1.Open();
var insertStatement =
"Insert into [InvoiceOrder] Values ('1', #InvoiceNo, #ProductDesc, #OrderNo, #Unit, #Amount, #Price, #Sum, #Discount)";
try
{
using (var cmd = new OleDbCommand(insertStatement, oledbconnection1))
{
cmd.Parameters.AddWithValue("#InvoiceNo", Controls.Find("txtInvoiceNo" + i, true).Single().Text);
...
...
cmd.Parameters.AddWithValue("#Discount", Controls.Find("txtDiscount" + i, true).Single().Text);
cmd.ExecuteNonQuery();
//MessageBox.Show("Record saved");
}
}
catch (Exception ex)
{
MessageBox.Show("Error : " + ex.ToString());
}
}
}
}
I am getting an error while i am trying to insert a user id of my client in the ms access database.
The error i am getting is Overflow.
when i am trying to insert its getting the above error.
I am using these code.
OleDbCommand cmd = new OleDbCommand("insert into UserInfo " + "([firstname], [lastname], [gender], [occupation], [expirydate], [UserId], [phoneno]) " + " values('" + txt_FirstName.Text + "','" + txt_LastName.Text + "','" + cmb_Gender.Text + "','" + cmb_Occupation.Text + "','" + txt_expiryDate.Text + "','" + txt_HardDiskId.Text + "','" + txt_PhoneNo.Text + "');", con);
OleDbCommand cmd1 = new OleDbCommand("select * from UserInfo where (HardDiskId='" + txt_HardDiskId.Text + "')", con);
int temp = 0;
try
{
con.Open();
string count = (string)cmd1.ExecuteScalar();
if ((count == "") || (count == null))
{
temp = cmd.ExecuteNonQuery();
if (temp > 0)
{
MessageBox.Show("User ID of " + txt_FirstName.Text + " " + txt_LastName.Text + " has been added");
}
else
{
MessageBox.Show("Record not added");
}
}
else
{
MessageBox.Show("User ID of " + txt_FirstName.Text + " already exists. Try another user ID.");
}
}
Aside from being open to SQL Injection (which you should parameterize your OleDbCommand), first thought on a problem is what you are trying to store the data. Do any of the text fields have special characters or apostrophe in name which would otherwise pre-terminate your embedded .... '" + nextField + "' ..." entries and throw the balance off.
Another... don't know if the parser is picky or not... but a space after values, before open paren.... " values(" to " values (".
Third, and more probable the issue is the expiration date. If its a date field, and you are trying to put in as text, it might be failing on the data type conversion.
protected void save_Click(object sender, EventArgs e)
{
OleDbConnection conn = null;
try
{
string connString = "Provider=OraOLEDB.Oracle;Data Source=127.0.0.1;User ID=SYSTEM;Password=SYSTEM;Unicode=True";
conn = new OleDbConnection(connString);
conn.Open();
string strQuery = "update login set fname ='" + TextBox4.Text + "' and lname='" + TextBox5.Text + "' and place='" + TextBox6.Text + "' and dob='" + TextBox7.Text + "' where uname='" + Label1.Text + "'";
OleDbCommand obCmd = new OleDbCommand(strQuery, conn);
OleDbDataReader obReader = obCmd.ExecuteReader();
}
catch (OleDbException ex)
{
Response.Write("Send failure: " + ex.ToString());
}
catch (Exception exe)
{
Response.Write(exe.Message);
}
finally
{
if (null != conn)
{
conn.Close();
}
}
}
the update query syntax is wrong.
You cannot use AND while setting multiple columns. It should be seperated by comma.
string strQuery = "update login set fname ='" + TextBox4.Text + "',lname='" +
TextBox5.Text + "',place='" + TextBox6.Text + "',dob='" + TextBox7.Text +
"' where uname='" + Label1.Text + "'";
The values must be separated with a comma and there is one big problem in this code. Imagine what happens when someone puts the following into TextBox4:
' where 1 = 1 --
The result would be a table where all entries would be overwritten
update login set fname ='' where 1 = 1 --', lname='bla' ....
Use DbParameter instead:
string strQuery = #"
update LOGIN set
FNAME = :FNAME,
LNAME = :LNAME,
PLACE = :PLACE,
DOB = :DOB
where
UNAME = :UNAME
";
OleDbCommand obCmd = new OleDbCommand(strQuery, conn);
obCmd.Parameters.AddWithValue(":FNAME", TextBox4.Text);
obCmd.Parameters.AddWithValue(":LNAME", TextBox5.Text);
obCmd.Parameters.AddWithValue(":PLACE", TextBox6.Text);
obCmd.Parameters.AddWithValue(":DOB", TextBox7.Text);
obCmd.Parameters.AddWithValue(":UNAME", Label1.Text);
OleDbDataReader obReader = obCmd.ExecuteReader();
For Oracle the : should indicate a parameter (it's a # for Sybase and MS SQL). I named all params like the target columns, but you can use other names of course.