So, I'm building a C# application, using .NET and oracle 11g express. I've already connected to the database, but, for some reason, it cannot insert into the database, it keeps giving the ORA 00911 error. This is the code:
private void toolStripButton1_Click(object sender, EventArgs e)
{
string salvar;
dbConnection conn = new dbConnection();
try
{
conn.tryconection();
salvar = "INSERT INTO Client(Name, Document, City, Contact, Addr, District, Zipcode, Phone_1, Phone_2, Cel_1, Cel_2, eymael, tobar) VALUES('" + boxNome.Text + "', '" + boxDocumento.Text + "','" + boxCidade.Text + "','" + boxContato.Text + "','" + boxEndereco.Text + "','" + boxBairro.Text + "','" + boxCep.Text + "','" + boxFone1.Text + "','" + boxFone2.Text + "','" + boxCel1.Text + "','" + boxCel2.Text + "','" + boxEmail.Text + "','" + boxComment.Text + "');";
//MessageBox.Show(salvar);
conn.executaInstrucao(salvar);
//conn.executaInstrucao("commit;");
}
catch (Exception g)
{
MessageBox.Show("Problema na conexão");
}
}
This is the output string with some random values, wich works on SQL Developer and actually adds the row:
INSERT INTO Client(Name, Document, City, Contact, Addr, District, Zipcode, Phone_1, Phone_2, Cel_1, Cel_2, eymael, tobar) VALUES('asdassdsad', '15.465.465/4654-54','654654654','654654654','654654654','654654654','65465-465','(65) 4654-6546','(54) 6546-5465','(46) 54654-6546','(65) 46546-5465','4654654654','65465465465');
Someone help me, please. I have no idea of what is wrong.
PS.: All my columns are VARCHAR2.
ORA 00911 is invalid char problem. If you have ' char in your textboxes, may be it makes problem. Like comment above use SqlCommand.Parameters.AddWithValue like Soner Gönül said parameter
Related
private void btnsave_Click(object sender, EventArgs e)
{
string dbpath = #"Data Source=ABC;Initial Catalog=ApplicationForm;Integrated Security=True";
SqlConnection con = new SqlConnection(dbpath);
con.Open();
string savequerybscs="insert into bscs values('"+txtapplicantnumber.Text+"','"+txtname.Text+"','"+txtfathername.Text+"','"+txtmatrictotal.Text+"','"+txtmatricobtained.Text+"','"+txtmatricpercent.Text+"','"+txtintertotal.Text+"','"+txtinterobtained.Text+ "','"+txtinterpercent.Text+"')";
string savequerybsit ="insert into bsit values('" + txtapplicantnumber.Text + "','" + txtname.Text + "','" + txtfathername.Text + "','" + txtmatrictotal.Text + "','" + txtmatricobtained.Text + "','" + txtmatricpercent.Text + "','" + txtintertotal.Text + "','" + txtinterobtained.Text + "','" + txtinterpercent.Text + "')";
string savequerymcs ="insert into bscs values('" + txtapplicantnumber.Text + "','" + txtname.Text + "','" + txtfathername.Text + "','" + txtmatrictotal.Text + "','" + txtmatricobtained.Text + "','" + txtmatricpercent.Text + "','" + txtintertotal.Text + "','" + txtinterobtained.Text + "','" + txtinterpercent.Text + "','"+txtbachelortotal.Text+"','"+txtbachelorobtained.Text+"','"+txtbachelorpercent.Text+"')";
string savequerymit ="insert into bscs values('" + txtapplicantnumber.Text + "','" + txtname.Text + "','" + txtfathername.Text + "','" + txtmatrictotal.Text + "','" + txtmatricobtained.Text + "','" + txtmatricpercent.Text + "','" + txtintertotal.Text + "','" + txtinterobtained.Text + "','" + txtinterpercent.Text + "','" + txtbachelortotal.Text + "','" + txtbachelorobtained.Text + "','" + txtbachelorpercent.Text + "')";
SqlCommand cmd = new SqlCommand(savequerybscs,savequerymcs,bla blaa);
}
As you can see, this solution is pretty messed up. Is there any other way to handle such issues? All I want is to insert data in multiple tables simultaneously but SqlCommand only takes 1 argument.
I just learned about bulk query or bulk insertion. Can someone guide me through that? I am not clearly getting those concepts from youtube.
You can do one insert query using the comma separator between tuples for multiples rows:
insert into bsit values (field1, field2...), (field1, field2...), ...
But this insert is for one table.
Basically, you use as many SQL query as many table you want to update.
I'm not advanced but perhaps, depending on the database server, you could execute a "script" in one C# SqlCommand execute non query call, using the semilicon separator, like:
string sql = "insert into table1 values (field1, field2...), (field1, field2...), ... ; "
+ "insert into table2 values (field1, field2...), (field1, field2...), ... ;";
MySql should support that.
You should use SQL Parameters for security reason instead of adding values to the sql string itself:
string sql = "insert into table1 values (?, ?)";
var command = new OdbcCommand(sql, connection);
command.Parameters.Add("#ID", OdbcType.Text).Value = Guid.NewGuid().ToString();
command.Parameters.Add("#Name", OdbcType.Text).Value = "Test";
command.ExecuteNonQuery();
https://learn.microsoft.com/dotnet/api/system.data.sqlclient.sqlcommand.parameters
This question already has answers here:
a database error :"No value given for one or more required parameters."
(2 answers)
Closed 3 years ago.
I am trying to insert data into ms access
I have rechecked the code many times seems nothing wrong
private void registerbutton_Click(object sender, EventArgs e)
{
registerconnection.Open();
OleDbCommand insert = new OleDbCommand();
insert.Connection = registerconnection;
insert.CommandText = "insert into StudentDatabase (FirstName, LastName, DOB, City, State, Email, ContactNo, ContactNo2, Courses, Username, Password, DateRegister) values ('"+fnametextbox.Text+ "','" + lnametextbox.Text + "','" + dobtextbox.Text + "','" + citytextbox.Text + "','" + statetextbox.Text + "','" + emailtextbox.Text + "','" + ctcnotextbox.Text + "','" + ctcnotextbox2.Text + "','" + coursetextbox.Text + "','" + usernametextbox.Text + "','" + passwordtextbox.Text + "','" + registerdatetextbox.Text + "')";
insert.ExecuteNonQuery();
MessageBox.Show("Data inserted");
}
I expected it was able to insert the data but it turns out into an error
This shall help you...I did not test the code but i assume it will work.
http://dotnetsridhar.blogspot.com/2012/05/ma-access-database-for-windows-c.html
also check your textbox input value , some special character was a reserved character in SQL , example '; , if user type those special character on textbox and process by your current code logic , it may break because you try to add all string value without proper input validation handle and it may fail as a valid SQL statement...debugger will be your good friend here to diagnose further what is the "insert.CommandText" value
Good day!
I am a newbie in C#.NET (I came from VB6).
I want to Insert new record to my database using PostgreQL.
I can use a single line of code, like:
Insert into table1 values("value1","value2","value3");
But I wanted to insert new record line by line, like:
rs.open("Select * from table1",con,AdOpenDynamic, AdLockOptimistic)
rs.Fields("Field1").value = value1
rs.Fields("Field2").value = value2
rs.Fields("Field3").value = value3
rs.Update
Again, I am a newbie here. Also again, I can insert using a single INSERT statement.
But IF I have 40 Fields, the code is hard to read (for readability). If the code is line by line, it is easy to read and the code is easy to update.
Is there any way to do it? Any help will be appreciated!
Happy Coding!
Even Postgres:
Code doesn't change it still
Insert into tablename(field1,field2,field3 and so on....) values(value1,value2,value3 and so on...)
Here's the workaround:
string connectionString = "Your connection string here";
protected static int ExecuteQuery(string query)
{
using (NpgsqlConnection con = new NpgsqlConnection(connectionString))
{
con.Open();
using (NpgsqlCommand cmd = con.CreateCommand())
{
cmd.CommandText = query;
cmd.CommandType = CommandType.Text;
int result = cmd.ExecuteNonQuery();
return result;
}
}
}
To use this:
ExecuteQuery("Insert into tablename(field1,field2,field3 and so on....) values(value1,value2,value3 and so on...)")
Thanks #reds for the Answer and suggestions. I realized my only problem is the code readability, not the code itself. As you have said, Insert Query is the best workaround. That's why I came up with the following structure:
////saving
//CODE TO DATABASE
NpgsqlConnection iConnect = new NpgsqlConnection("Server=localhost;Port=5432;User ID=postgres;Password=sdferekrjsdf873()#3s;Database=DB");
iConnect.Open();
NpgsqlCommand iQuery = new NpgsqlCommand
("insert into tblstudents_secure values('" +
myModule.studID + "','" +
myModule.studFname + "','" +
myModule.studMname + "','" +
myModule.studLname + "','" +
myModule.studGrade + "','" +
myModule.studSection + "','" +
myModule.studHomeAdd + "','" +
myModule.studProvAdd + "','" +
myModule.studBday + "','" +
myModule.studAge + "','" +
myModule.studCivilStat + "','" +
myModule.studHomeContact + "','" +
myModule.studProvContact + "','" +
myModule.studBplace + "','" +
myModule.studGender + "','" +
myModule.studReligion + "','" +
myModule.studFather + "','" +
myModule.studFatherOcc + "','" +
myModule.studMother + "','" +
myModule.studMotherOcc + "','" +
myModule.studGuardian + "','" +
myModule.studGuardianOcc + "','" +
myModule.studGuardianRel + "','" +
myModule.studGuardianContact + "','" +
myModule.studOldSchool + "','" +
myModule.studOldSchoolAdd + "','" +
myModule.studOldGrade + "','" +
myModule.studOldSY + "','" +
myModule.studIsTransfer + "','" +
myModule.studHas137 + "','" +
myModule.studHas138 + "','" +
myModule.studHasGoodMoral + "','" +
myModule.studHasNSO + "','" +
myModule.studHasMed + "','" +
myModule.studRemarks + "','" +
myModule.studDateRegistered + "','" +
myModule.studEnrollmentStatus + "')", iConnect);
iQuery.ExecuteNonQuery();
iConnect.Close();
Where:
`
myModule
is a class handler of static strings studID, studFname, etc...
Happy Coding!
I have a simple user interface for an inventory database. The operation will be insert into, edit existing, view data grid, etc....There are a total of 4 fields for the inventory. The insert statement I am using works but if one of the entries does not have a value then it shows an error when trying to insert.
" Data type mismatch in criteria expression "
command.CommandText = "insert into Inventory(SerialNumber,PartNumber,ROnumber,Location)
values ('" + txtPart.Text + "','" + txtSerial.Text + "','" +
txtRO.Text + "','" + txtLocation.Text + "')";
I assume it is because the code needs a value for each field so how do I get around this issue?.
Actually when you trying to use this query you have said the First Parameter is SerialNumber and then PartNumber and when you are passing its reverse.
command.CommandText = "insert into Inventory(SerialNumber,PartNumber,ROnumber,Location)
values ('" + txtPart.Text + "','" +
txtSerial.Text + "','" +
txtRO.Text + "','" +
txtLocation.Text + "')";
Due to this reason the fields you are entering have different size May be part number is bigger in size instead of SerialNumber or vice versa. So you should change it to
command.CommandText = "insert into Inventory(SerialNumber,PartNumber,ROnumber,Location)
values ('" + txtSerial.Text + "','" +
txtPart.Text + "','" +
txtRO.Text + "','" +
txtLocation.Text + "')";
I am trying to insert Data into MS ACCESS DB. Everything is fine. Connection, DB Path etc.
There is a table CIT in it.
I am using this Insert into query
string query = "INSERT INTO CIT (GRNO:, Name, FName, CNIC, Address, ContactNO, Gender, Qualification, DOB, RegDate, Photo) VALUES ('" + txtGRNO.Text + "','" + txtName.Text + "','" + txtFName.Text + "','1234','" + txtAddress.Text + "','" + txtContact.Text + "','" + cBoxGender.Text + "','" + cBoxQual.Text + "','" + dteDOB.Text + "','" + dteReg.Text + "','" + path + "');";
I tried everything but cant seem to find what is wrong here. The datatype of fields is Text in DB, & when I execute the query , it gives the error
Your table includes 2 fields whose names are problematic: GRNO:; and Name.
Since GRNO: includes a colon, you can enclose it in square brackets so the db engine will accept it: [GRNO:]
And since Name is a reserved word, enclose that one in square brackets, too.
"INSERT INTO CIT ([GRNO:], [Name], ...
Beyond those field name issues, the standard advice is to use a parameter query for your INSERT. Note you will still need to bracket those problem names in a parameter query.
Also, Access will let you use back-ticks instead of square brackets if you prefer ...
"INSERT INTO CIT (`GRNO:`, `Name`, ...
Try:
string query = "INSERT INTO CIT (GRNO, Name, FName, CNIC, Address, ContactNO, Gender, Qualification, DOB, RegDate, Photo) VALUES ('" + txtGRNO.Text + "','" + txtName.Text + "','" + txtFName.Text + "','1234','" + txtAddress.Text + "','" + txtContact.Text + "','" + cBoxGender.Text + "','" + cBoxQual.Text + "','" + dteDOB.Text + "','" + dteReg.Text + "','" + path + "');";
Remove ; after GRNO field.