I created a small application that queries a db2 database and returns information. I created a windows form that accepts input and returns the information from the query. My closing statement is a:
finally
{
conn.close();
}
I was curious -- does the connection (conn) actually close when I hit the little red box on the form? I searched the other questions here and the web but could not really find a definitive answer.
Here's the full try-catch-finally block (with some info obfuscated --> *****):
`try
{
conn.Open();
string queryString = String.Format("SELECT * " +
"FROM ***** " +
"WHERE USERPRF LIKE '%{0}%' " +
"ORDER BY TIMESTMP DESC " +
"FETCH FIRST 1 ROWS ONLY", userNameInput);
using (OdbcCommand com = new OdbcCommand(queryString, conn))
{
using (OdbcDataReader reader = com.ExecuteReader())
{
if (reader.Read())
{
string ***** = reader["*****"].ToString();
string ***** = reader["*****"].ToString();
string user = reader["USERPRF"].ToString();
string timeStamp = reader["TIMESTMP"].ToString();
listBox1.Items.Clear();
listBox1.Items.Add("Username: " + user);
listBox1.Items.Add("*****" + *****);
listBox1.Items.Add("*****: " + *****);
listBox1.Items.Add("Last Changed: " + timeStamp);
}
else
{
listBox1.Items.Clear();
listBox1.Items.Add("There was no data to return! Try again.");
}
}
}
}
catch (Exception ex)
{
string errorMessage = ex.Message;
}
finally
{
conn.Close();
}`
If the connection is owned by the application, then yes - it should close.
It is generally bad practice to leave a connection open for long duration's as it constitutes a security risk. (Someone could inject code into your application to reuse the open the connection, to do dodgy stuff)
using (SqlConnection cn = new SqlConnection(strConnectString))
{
// Stuff
}
I would make sure that you handle the onClosing event of your windows form, and tell it to dispose of the SqlConnection explicitly, or at least attempt to do so.
Better safe than sorry.
Note - I have heard some talk that SqlConnections can be shared in the SQLConnectionPool. If this is the case, you can modify your connection string to disable or enable ConnectionPooling.
Related
I'm having an issue with an if statement in my code which for the life of me I can't figure out why the condition isn't coming back true.
private bool ValidationFunction(string UserName, string Password)
{
bool returnBool = false;
var strConnection = ConfigurationManager.ConnectionStrings["BankConnectionString"].ConnectionString;
SqlConnection sqlConnection = new SqlConnection(strConnection);
string query = "SELECT " + COLUMN_ID + ", " + COLUMN_MACHINEPIN + " FROM " + PERSON_TABLE + " WHERE " + COLUMN_ID + " = \'" + UserName + "\' AND " + COLUMN_MACHINEPIN + " = \'" + Password + "\'";
SqlCommand command = new SqlCommand(query, sqlConnection);
SqlDataReader rdr;
sqlConnection.Open();
rdr = command.ExecuteReader();
while(rdr.Read())
{
if (UserName == rdr["Id"].ToString() & Password == rdr["MachinePin"].ToString())
{
returnBool = true;
}
return returnBool;
}
rdr.Close();
return returnBool;
}
I have tried using both the name of the column and the constant I used in the query but neither works and I can't quite get it work. Any help would be appreciated
EDIT: Turns out that the data I was retrieving from the database had extra white space because I had used an nchar so I had to use the trim function.
You should use && not &.
& is a bit-wise "AND", meaning that it works on the bit level, whereas && is a logical "AND" meaning it works at boolean (true/false) level.
I'd also clean up your code a bit. By not parameterizing your inputs, you are opening yourself up to SQL Injection attacks.
You can also wrap your disposable objects in using blocks. It will make your code cleaner and more readable.
using (var conn = new SqlConnection("your connection"))
{
using (var cmd = new SqlCommand(sql, conn))
{
conn.Open();
using (var rdr = cmd.ExecuteReader())
{
...
}
}
}
Try this:
var username = rdr["Id"].ToString()
var password = rdr["MachinePin"].ToString())
Debugger.Break();
At the debugger statement open up the immediate windows and manually type in the comparisons until you determine root cause.
UserName==username;
Password = password;
Debuging Tips
Do you know how to open the Immediate Window? Go to Debug/Windows/Immediate. It allows you to type in C# statement at the debug point.
No Data can be read
If rdr["Id"] cannot be read e.g InvalidOperation etc. Then you have one of the following issues:
Connection string never opened connection
Wrong Database/Table
Incorrect Field Name
Security failure.
You should check status codes for each of your steps, if you are not seeing anything then this is most likely a security issue because banks don't advertise what went wrong (makes sense don't tell hackers anything).
Security Issue
If it's security issue you have to drop down to wire level. Take a trace and look at the Return codes. The other side will Fin the session first. You should see a security layer handshake prior to open communications, if that handshake doesn't work the session is immediately terminated with no further detail.
Tracing
Wireshark is simple to use, quick to download and shows everything on the wire. Use Wireshark to further dive into things the application layer cannot see.
Try the below:
if ((UserName == (string)rdr["Id"]) && (Password == (string)rdr["MachinePin"]))
{
returnBool = true;
}
What I need to do is basically take the users name (which is already stored as a variable) and their score (which is also a variable) and store it in my database when they press 'submit'. Here is the code I have for the button click.
private void btnSubmitScore_Click(object sender, EventArgs e)
{
string connStr = "server=server; " +
"database=databasename; " +
"uid=username; " +
"pwd=password;";
MySqlConnection myConn = new MySqlConnection(connStr);
}
Obviously i have changed the login details etc. I have had a look around and have only managed to find confusing codes about how to display data from a database in a form (i will do this later), but for now, i need to know how to add sName and iTotalScore into the database. (Fields are called 'Name' and 'Score' in DB)
You are going to use a combination of SqlConnection, SqlCommand and their properties. the connection is essentially the stuff of your code. The command is a literal SQL statement, or a call to a stored procedure.
A common C# idiom is to form your code around the very first line as shown here:
using (SqlConnection myConnection = new SqlConnection()) {
string doThis = "select this, that from someTable where this is not null";
SqlCommand myCommand = new SqlCommand(dothis, myConnection);
try {
myCommand.Connection.Open();
myReader = myCommand.ExecuteReader(); //pretend "myReader" was declared earlier
} catch (Exception myEx) {
// left to your imagination, and googling.
}
finally {
myCommand.Connection.Close();
}
}
// do something with the results. Your's to google and figure out
The general outline is
Using a connection
instantiate and configure an SqlCommand
Use try/catch as shown.
The "using" block gives use behind the scenes cleanup/disposal of all those objects we don't need anymore when we're done; in particular the SqlConnection object.
You must learn more about these Sqlxxxxx classes, there's lots of ways to configure them to do what you want.
I am not familiar with the MySql connector, but the code should be something along the lines of:
private void Insert()
{
string connStr = "server=server; " +
"database=databasename; " +
"uid=username; " +
"pwd=password;";
string query = "INSERT INTO TableName('Name','Score) VALUES (#name, #score);";
using(MySqlConnection connection = new MySqlConnection(connStr))
{
MySqlCommand insertCommand = new MySqlCommand(connection,command);
insertCommand.Paramaters.AddWithValue("#name",sName);
insertCommand.Paramaters.AddWithValue("#score",iTotalScore);
connection.Open();
command.ExecuteNonQuery();
connection.Close();
}
}
As I can read from SQLite FAQ it supports multiple processes reading (SELECT) and only one process writing (INSERT, UPDATE, DELETE) database at any moment in time:
SQLite uses reader/writer locks to control access to the database.
When any process wants to write, it must lock the entire database file
for the duration of its update. But that normally only takes a few
milliseconds. Other processes just wait on the writer to finish then
continue about their business
I'm using System.Data.SQLite adapter via c#.
Could someone expalin me plz, how exactly this process is going on?
Will this process work automatically and writing SQLiteCommand will simply wait if there is another writing SQLiteCommand already executing over the same database?
Or maybe it will throw an exception? What kind of it?
Sorry but I found no information about this mechanics :)
Thank you.
UPDATE:
I've found post saying that exception will be raised with a specific errorcode
Is that statement correct?
I've investigated it by myself:
I created a sample SQLite database c:\123.db with one table Categories containing two fields: ID (uniqueidentifier) and Name (nvarchar).
I then wrote some multi-thread code to emulate multiple write access to the database (don't forget to add a System.Data.SQLite reference to your project if you use this code):
using System;
using System.Data.SQLite;
using System.Threading.Tasks;
namespace SQLiteTest
{
class Program
{
static void Main(string[] args)
{
var tasks = new Task[100];
for (int i = 0; i < 100; i++)
{
tasks[i] = new Task(new Program().WriteToDB);
tasks[i].Start();
}
foreach (var task in tasks)
task.Wait();
}
public void WriteToDB()
{
try
{
using (SQLiteConnection myconnection = new SQLiteConnection(#"Data Source=c:\123.db"))
{
myconnection.Open();
using (SQLiteTransaction mytransaction = myconnection.BeginTransaction())
{
using (SQLiteCommand mycommand = new SQLiteCommand(myconnection))
{
Guid id = Guid.NewGuid();
mycommand.CommandText = "INSERT INTO Categories(ID, Name) VALUES ('" + id.ToString() + "', '111')";
mycommand.ExecuteNonQuery();
mycommand.CommandText = "UPDATE Categories SET Name='222' WHERE ID='" + id.ToString() + "'";
mycommand.ExecuteNonQuery();
mycommand.CommandText = "DELETE FROM Categories WHERE ID='" + id.ToString() + "'";
mycommand.ExecuteNonQuery();
}
mytransaction.Commit();
}
}
}
catch (SQLiteException ex)
{
if (ex.ReturnCode == SQLiteErrorCode.Busy)
Console.WriteLine("Database is locked by another process!");
}
}
}
}
The result on my Core2Duo E7500 is that Exception is never raised!
Looks like SQLite is optimised enough for my needs (locking/unlocking is really fast and normally only takes a few milliseconds as SQLite FAQ tells us) - Great!
Note that there is no need to retrieve an integer ErrorCode for an SQLiteException - you can use a special enum ReturnCode field instead. All codes are described here.
Hope this information will help somebody.
I created a connection with a Microsoft sql database and am trying to add basic informastion as part of an exercise but get the following error.
Object reference not set to an instance of an object
This is how I connect to the database
SqlConnection sqlConn;
protected void butConnect_Click(object sender, EventArgs e)
{
try
{
string connectionString = "Data Source=.\\SQLEXPRESS;Initial Catalog=lrmg;Integrated Security=True;";
sqlConn = new SqlConnection(connectionString);
sqlConn.Open();
labMessage.Text = "a connection to your database was established";
}
catch (SqlException sqlE)
{
labMessage.Text = sqlE.Message;
}
catch (Exception exe)
{
labMessage.Text = exe.Message;
}
Here is where I get the error
protected void butSubmit_Click(object sender, EventArgs e)
{
try
{
string name = txtName.Text;
string date = txtDate.Text;
**SqlCommand cmd = sqlConn.CreateCommand();**
cmd.CommandText = "INSERT INTO Canditate(Name, Doj) VALUES('" + name + "'," + date + ")";
cmd.ExecuteNonQuery();
labMessage.Text = "The value was inserted into your database";
}
catch (SqlException sqlE)
{
labMessage.Text = sqlE.Message;
}
catch (Exception exe)
{
labMessage.Text = exe.Message;
}
}
I am under the impression that the sql connection was opened so why the exception?
You are getting the error because reference variable sqlConn is null - that is happening probably because
From you code snippet, connection is getting created and opened in
connect button click. So you need to hit connect before submit
Most likely cause is probably different assuming that this ASP.NET code - in such case, every request is served by different instance of page class - so if you open connection on one request (connect click), it (that variable) won't be available in next request (submit click). The remedy is simple - create and open connection when you need it i.e. in submit click. On the other hand, you probably need to understand mode about web programming models to avoid such mistakes.
You use two different events to do your work on the database. Why? Have you ever heard of connection pooling?
Probably between the first event (open connection) and second event (db insert) something happens and change your global variable SqlConn to null and you get the error. (Of course I am assuming that you press that button to open the connection before trying to insert anything)
With connection pooling this kind of programming pattern is no more necessary, instead, when you need to update/insert/delete/select something you open the connection, do your work and close immediately the connection without keeping it open and consuming resources on the server and client side.
try
{
string connectionString = "Data Source=.\\SQLEXPRESS;" +
"Initial Catalog=lrmg;Integrated Security=True;";
using(SqlConnection sqlConn = new SqlConnection(connstring))
{
SqlCommand cmd = sqlConn.CreateCommand();**
cmd.CommandText = "INSERT INTO Canditate(Name, Doj) VALUES(#name, #dt)";
cmd.Parameters.AddWithValue("#name", txtName.Text);
cmd.Parameters.AddWithValue("#dt", Convert.ToDateTime(txtDate.Text));
cmd.ExecuteNonQuery();
labMessage.Text = "The value was inserted into your database";
}
}
catch (SqlException sqlE)
{
labMessage.Text = sqlE.Message;
}
catch (Exception exe)
{
labMessage.Text = exe.Message;
}
Notice also that your code is subject to Sql Injection attacks because you use string concatenation to build your sql text. This is a bad practice that should be avoided at all costs
You should have a dedicated method to open the connection, that you'd invoke every time you're using the connection. With your current setup, butConnect_click MUST be called before butSumbit_Click in the same request. So add the call to butConnect in butSubmit.
Hey guys, I'm just doin' practise Program to read,write data to Access DB in C# and i'm having a problem in writing data to Access DB though i'm able to read data i.e fetchin' is working fine but when i insert data my "ExecuteNonQuery" is working fine i mean without ne error but when open the Access DB the data is not there.... here is the code what m tryin' to do...
//// Function For ExecuteNonQuery
public static bool ExecuteNonQuery(string Query)
{
OleDbCommand oledbCommand = new OleDbCommand(Query, connection);
if (connection.State == ConnectionState.Open)
connection.Close();
try
{
connection.Open();
if (oledbCommand.ExecuteNonQuery() > 0)
return true;
else
return false;
}
catch (Exception)
{
return false;
}
finally
{
connection.Close();
}
}
This below code is for Adding Data which gets fired on "Add" Button Press
private void btnAdd_Click(object sender, EventArgs e)
{
simOperator.aim_network_name = txtAimNetNm.Text;
simOperator.network_id = txtOxiNetID.Text;
simOperator.network_name = txtNetName.Text;
simOperator.pack_id = txtPackID.Text;
simOperator.pack_name = txtPackName.Text;
SimOperator.Add(simOperator);
fillText();
}
public void fillText()
{
txtResult.Text = "";
SimOperator[] simOperatorList = SimOperator.GetAllOperators();
foreach (SimOperator sm in simOperatorList)
{
txtResult.Text += Program.operator_id + " " + sm.aim_network_name + " " + sm.network_name + " " + sm.network_id + " " + sm.pack_id + " " + sm.pack_name + "\r\n";
}
}
Here's the "Add" Function
string Query = string.Format("insert into {0}({2}) values({1});", calledObject.Name, PropertyValue,PropertyName);
ExecuteNonQuery(Query);
Actuall SQL query is:
insert into SimOperator(aim_network_name,network_id,network_name,pack_id,pack_name) values('FiveNet','2563','FiveNet-Kurla','1236','5236');
Yeah and My Connection String
static OleDbConnection connection = new OleDbConnection(System.Configuration.ConfigurationSettings.AppSettings["ConnectionString"]);
App.config file contains string as
add key="ConnectionString" value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\AutoMobileRecharge.mdb;User Id=; Password=;Persist Security Info=True"
The thing m not getting is I have put a Text-Area just beside all the inside fields textboxes so that i can see what is getting inserted, so when insert data that text-area shows the data perfectly but when i open the access db, then theres no data in that, when i close my application and again i ran it then that text-area is empty...this sounds wierd to me.. Any one outthere have faced this kind a problem please help me out here..
Are you doing it during debug ? in that case look if there's an mdf file inside debug folder and if it contains the data you've just inserted. Vs copy some file to debug folder when you run the app in that mode. If i remember correctly there's an option to tell vs not to copy files when debugging