I am simply making a windows form in c# where I can insert, update and delete the data.
I want to insert data in URDU text. I am done with inserting data with following code :
SqlCommand cmd = new SqlCommand("insert into tblTeams values (#ID, #SchoolName, #TeamName)", con);
cmd.Parameters.AddWithValue("#ID", txtBoxID.Text);
cmd.Parameters.AddWithValue("#SchoolName", txtBoxSName.Text);
cmd.Parameters.AddWithValue("#TeamName", txtBoxTName.Text);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
But when trying to update data not getting any clue how to do it...
SqlDataAdapter sda = new SqlDataAdapter("update tblTeams set SchoolName='"+txtBoxSName.Text+"',TeamName='"+txtBoxTName.Text+"'where ID='"+txtBoxID.Text+"' ", con);
con.Open();
sda.SelectCommand.ExecuteNonQuery();
con.Close();
Above piece of code updates the database but not in URDU, in database only "?????" shows...
In SQL server all the insert, update and delete works but I want to do it in front end...
Form design is also attached...enter image description here
Thanks in advance!
Done with updation also and thanks for your support...
Here is the code:
SqlCommand cmd = new SqlCommand("update tblTeams set SchoolName=#SchoolName, TeamName=#TeamName where ID=#ID ", con);
cmd.Parameters.AddWithValue("#ID", txtBoxID.Text);
cmd.Parameters.AddWithValue("#SchoolName", txtBoxSName.Text);
cmd.Parameters.AddWithValue("#TeamName", txtBoxTName.Text);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
This is most likely happening because your columns don't support Unicode. You'll need to use nvarchar, or nchar in your columns.
Alternatively, your TextBox doesn't support unicode text. Try a different font, like Arial.
Don't use the update code without Parameters. It's vulnerable to SQL injection attacks. Instead, use parameters in both, like you did in the first.
Finally, you can prefix the insert values with N'urdutexthere', like this:
SqlCommand cmd = new SqlCommand("UPDATE tblTeams SET SchoolName=N'#SchoolName',TeamName=N'#TeamName' WHERE ID='#ID'", con);
cmd.Parameters.AddWithValue("#ID", txtBoxID.Text);
cmd.Parameters.AddWithValue("#SchoolName", txtBoxSName.Text);
cmd.Parameters.AddWithValue("#TeamName", txtBoxTName.Text);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
Related
As i update any record, the whole table got updated with same record (row), I am trying the following code. I had also tried concatenation but someone told me about sql injection.
con.Open();
try
{
OleDbCommand cmd = new OleDbCommand();
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = #"UPDATE emptable
SET EmpName=#EmpName, Age=#Age ,Mobile=#Mobile,
Designation=#Designation ,Salary=#Salary ,
joiningDate=#joiningDate ,Address=#Address,
AccountNo=#AccountNo,
AccountHoldersName=#AccountHoldersName,
BankName=#BankName,IFSC=#IFSC,
EmpCode=#EmpCode,UINPANNO=#UINPANNO,
Whatsapp=#Whatsapp,FathersName=#FathersName,
MaritalStatus=#MaritalStatus,Email=#Email
WHERE Mobile= Mobile";
cmd.Parameters.AddWithValue("#EmpName", EmpNametxtbx.Text);
cmd.Parameters.AddWithValue("#Age", Agetxtbx.Text);
cmd.Parameters.AddWithValue("#Mobile", Mobiletxtbx.Text);
cmd.Parameters.AddWithValue("#Designation", Designationcmbbx.Text);
cmd.Parameters.AddWithValue("#Salary", Salarytxtbx.Text);
cmd.Parameters.AddWithValue("#JoiningDate", dTP1.Text);
cmd.Parameters.AddWithValue("#Address", Addresstxtbx.Text);
cmd.Parameters.AddWithValue("#AccountNo", Accounttxtbx.Text);
cmd.Parameters.AddWithValue("#AccountHoldersName", Holderstxtbx.Text);
cmd.Parameters.AddWithValue("#BankName", Banktxtbx.Text);
cmd.Parameters.AddWithValue("#IFSC", Ifsctxtbx.Text);
cmd.Parameters.AddWithValue("#EmpCode", EmpCodetxtbx.Text);
cmd.Parameters.AddWithValue("#UINPANNO", Uptxtbx.Text);
cmd.Parameters.AddWithValue("#Whatsapp", Whatsapptxtbx.Text);
cmd.Parameters.AddWithValue("#FathersName", Fatherstxtbx.Text);
cmd.Parameters.AddWithValue("#MaritalStatus", MStatuscmbbx.Text);
cmd.Parameters.AddWithValue("#Email", Emailtxtbx.Text);
cmd.ExecuteNonQuery();
MessageBox.Show("record update");
//refresh or update table
OleDbCommand cmd1 = new OleDbCommand();
cmd1.Connection = con;
string query = "select * from emptable";
cmd1.CommandText = query;
OleDbDataAdapter da = new OleDbDataAdapter(cmd1);
DataTable dt = new DataTable();
da.Fill(dt);
dataGridView1.DataSource = dt;
}
catch (Exception ex)
{
MessageBox.Show("error " + ex);
}
// Clear();
con.Close();
Problem is a just a typo here WHERE Mobile= Mobile.
It should be WHERE Mobile=#Mobile, so Mobile is passed as parameter and not as table value. In that case infact condition is always true and so every single record gets updated!
About concatenation: never ever use concatenation to build queries!
Not only you're messing up with your code and you're ready to heavy headaches to debug if something goes wrong, but as someone told you you're risking SQL injection too!
WHERE Mobile= #Mobile
about the Sql injection you can use application | Three Tire Architecture | by connecting over a Data Access Layer and using stored procedures then encrypt your Business Layer or Controller ... But MS Access not support stored procedure you can use MS SQL Server
When you run the code, the where-condition parameter in.accb files should not have a similar value. You need to clear the privos value in your accdb file.
I want to ask that what is wrong with that code. I am running this and nothing is changed to the data source.
DataRow[] dr = this.U_dt.Select("UserName='"+user+"'");
DataRow dr1 = dr[0];
//U_ad is a dataadapter
//U_dt is a datatable. U_ad.fill(U_dt);
this.U_dt.Rows.Remove(dr1);
U_ad.DeleteCommand = new SqlCommand("Delete from [Users] where [UserName]=#User", con);
U_ad.DeleteCommand.Parameters.Add("#User", SqlDbType.NChar, 20, "[UserName]");
this.U_ad.Update(U_dt);
You try to pass, as value for the parameter #User a string "[UserName]".
This is not the value of a variable containing the user name to search for deletion, but a literal string.
Of course nothing is found in the column UserName with a literal value "[UserName]"
Try instead to use the variable user that you have applied in the Select before
SqlCommand cmd = new SqlCommand("Delete from [Users] where [UserName]=#User", con);
cmd.Parameters.Add("#User", SqlDbType.NChar, 20, user);
cmd.ExecuteNonQuery();
I have used directly the SqlCommand ExecuteNonQuery method, but this should work also using the DeleteCommand of a SqlDataAdapter
can you put your code in try catch like
try{
SqlCommand cmd = new SqlCommand("Delete from [Users] where [UserName]=#User", con);
cmd.Parameters.Add("#User", SqlDbType.NChar, 20, user);
cmd.ExecuteNonQuery();
}catch(Exception ex)
{
System.Console.WriteLine( " ERROR:" + ex.Message );
}
Also there maybe some foreign key which might cause you not to delete the entry. Its always wise to put these sql queries in try catch for safety.
This might help ADO.net simple project
i think the problem is that you remove the row you want to delete from your datatable before calling update ... the update command iterates the rows in your datatable and executes your delete command for all rows with rowstate == Deleted ... but your row has been removed from your datatable so the delete command wont get executed at all.
possible solutions would be to just execute U_ad.DeleteCommand.ExecuteNonQuery() (after settings the #User parameter) and not call DataAdapter.Update at all or to execute dr1.Delete() instead of this.U_dt.Rows.Remove(dr1) and call DataAdapter.Update
I want to update only one column in my table by ID .
I don't have any error but this don't work, it won't update. I have ID column and 7 more columns.
SqlCommand cmd1 = new SqlCommand("update table set amount=#kol where ID=#id" , con);
cmd1.Parameters.AddWithValue("#id", textbox1.Text);
cmd1.Parameters.AddWithValue("#kol", textbox2.Text );
Is your table named "table" or is that just for the example here?
Because otherwise you properbly need to change "table" to whatever table your're trying to update. or surround it with [] if it is actually called "table"
Can you please check that you have commited your work , if there is no exception then that will be the reason
and if not put setautocommit(true) - java version
you can find it for c#
please check whether table name is correct and the table which you are verifying is correct
please give some other table name than table for good practice
As long as you have con.Open and ExecuteNonQuery and have the username/password and connectionstring right your code will work.
This will work after you change the connectionstring, if not the problem is sql server.
private void UpdateTable()
{
SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=YourDataBase;Persist Security Info=True;User ID=username;Password=pass");
SqlCommand cmd1 = new SqlCommand("update YourTable set amount=#kol where ID=#id", con);
cmd1.Parameters.AddWithValue("#id", textBox1.Text);
cmd1.Parameters.AddWithValue("#kol", textBox2.Text);
con.Open();
cmd1.ExecuteNonQuery();
}
Hey I get an error saying there is something wrong with my code when inserting into a database, can't quite find it. The error suggests it is something in the INSERT statement, but appears on the line "cmd.ExecuteNonQuery();". I'm using an access database.
Error: Syntax error in INSERT INTO statement.
con.Open();
string mysql;
mysql = "INSERT INTO [User](FirstName,Surname,Age,HouseNumber,PostCode,Username,Password)
VALUES (?,?,?,?,?,?,?)";
OleDbCommand cmd = new OleDbCommand(mysql, con);
cmd.Parameters.AddWithValue("#p1", tbFirstName.Text);
cmd.Parameters.AddWithValue("#p2", tbSurname.Text);
cmd.Parameters.AddWithValue("#p3", int.Parse(tbAge.Text));
cmd.Parameters.AddWithValue("#p4", tbAddress1.Text);
cmd.Parameters.AddWithValue("#p5", tbPostCode.Text);
cmd.Parameters.AddWithValue("#p6", tbUsername.Text);
cmd.Parameters.AddWithValue("#p7", tbPassword.Text);
cmd.ExecuteNonQuery();
con.Close();
when you add parameters with value you need to convert it to matching type, if age is number then
cmd.Parameters.AddWithValue("#p3", int.Parse(tbAge.Text));
and also User is key word you can try with
"INSERT INTO [User] ([FirstName], [Surname], [Age], [HouseNumber], [PostCode], [Username], [Password]) VALUES (?,?,?,?,?,?,?)";
Have you tried replacing the ? with your parameters?
Correction: I believe you have to add OleDBParameters like so:
con.Open();
string mysql;
mysql = "INSERT INTO User(FirstName,Surname,Age,HouseNumber,PostCode,Username,Password)
VALUES (#p1,#p2,#p3,#p4,#p5,#p6,#p7)";
OleDbCommand cmd = new OleDbCommand(mysql, con);
cmd.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("#p1", tbFirstName.Text),
new OleDbParameter("#p2", tbSurname.Text),
...
});
cmd.ExecuteNonQuery();
con.Close();
I have the following code which tries to store e values form 3 textboxes into a MS Access 2007 database.
string ConnString = (#"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\\dxs.accdb");
string SqlString = "Insert Into tests( [Nam], [add], [phone]) Values (?,?,?)";
using (OleDbConnection conn = new OleDbConnection(ConnString))
{
using (OleDbCommand cmd = new OleDbCommand(SqlString, conn))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue(#"Nam", textBox1.Text);
cmd.Parameters.AddWithValue(#"add", textBox2.Text);
cmd.Parameters.AddWithValue(#"phone",textBox3.Text);
conn.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("entered");
}
}
But even though the code is correct after entering values nothing is being stored in table.
Shouldn't
cmd.Parameters.AddWithValue(#"Nam", textBox1.Text);
Be:
cmd.Parameters.AddWithValue("#Nam", textBox1.Text);
And so on for the other parameters?
When i had the similar problems, solution was:
If database is part of application it can be copied in a bin folder - and then application work with it. That is why you can`t find your changes in datatables with MS Access client.
Make sure your database exists in output(bin) folder where exists your exe file of project. If not then copy it there. After your have your database file at right place, You will be to see the changes.
Additionally, you also need few changes in your code, you have problem with your parameter.
Change Values (?,?,?) to Values (#Nam,#add,#phone)"; and #"Nam" to "#Nam". See the comments Correction1 and Correction2.
Also no need to use double slash \\ when you are using # at beginning of string
string ConnString=#"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\dxs.accdb");
string sql="Insert Into tests([Nam],[add],[phone]) Values (#Nam,#add,#phone)";
// Correction 1: Above line is changed ?,?,? to parameter names (names used by your command)
using (OleDbConnection conn = new OleDbConnection(ConnString))
{
using (OleDbCommand cmd = new OleDbCommand(sql, conn))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("#Nam", textBox1.Text);
cmd.Parameters.AddWithValue("#add", textBox2.Text);
cmd.Parameters.AddWithValue("#phone",textBox3.Text);
// Correction 2: your parameter names are changed #"xyz" to "#xyz"
conn.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("entered");
}
}
your insert statement should be like dis
string SqlString = "Insert Into tests( [Nam], [add], [phone]) Values (#Nam, #add, #phone)";
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("#Nam", textBox1.Text);
cmd.Parameters.AddWithValue("#add", textBox2.Text);
cmd.Parameters.AddWithValue("#phone",textBox3.Text);
try this