"INSERT INTO Fn_Registration VALUES ( '"+ txtFirstName.Text + "', '" + txtLastName.Text + "', " + " '" + txtEmailId.Text + "', " + " '" + txtPassword.Text + "', " + " '" + txtPanNumber.Text + "', " + " '" + txtAddress1.Text + "', " + " '" + txtAddress2.Text + "', " + " '" + txtFaxNo.Text + "'," + " '" + txtFirmName.Text + "', " + " '" + txtPhoneNumber.Text + "', " + " '" + txtTinNumber.Text + "','" + txtAccountsStart.Text + "','" + txtAccountsEnd.Text + "','" + cbbVat.Text + "', " + " '" + cbbstates.Text + "', " + " '" + txtCity.Text + "', '" + txtBankName.Text + "', '" + txtAccountNumber.Text + "', " + " '" + txtIFSCCode.Text + "', " + " '" + txtBN1.Text + "', " + " '" + txtAC1.Text + "', " + " '" + txtIFSC1.Text + "', " + " '" + txtBN2.Text + "', " + " '" + txtAC2.Text + "', " + " '" + txtIFSC2.Text + "')";
this is my insert code into mysql database where id num must be auto increamented,,, but mysql doesnot performs auto incrementation can any one help .........
C# code
string regInset = "INSERT INTO Fn_Registration VALUES ('" + 101 + "', '"+
txtFirstName.Text + "', '" + txtLastName.Text + "', " + " '" + txtEmailId.Text +
"', " + " '" + txtPassword.Text + "', " + " '" + txtPanNumber.Text + "', " + " '" +
txtAddress1.Text + "', " + " '" + txtAddress2.Text + "', " + " '" + txtFaxNo.Text +
"'," + " '" + txtFirmName.Text + "', " + " '" + txtPhoneNumber.Text + "', " + " '"
+ txtTinNumber.Text + "','" + txtAccountsStart.Text + "','" + txtAccountsEnd.Text +
"','" + cbbVat.Text + "', " + " '" + cbbstates.Text + "', " + " '" + txtCity.Text +
"', '" + txtBankName.Text + "', '" + txtAccountNumber.Text + "', " + " '" +
txtIFSCCode.Text + "', " + " '" + txtBN1.Text + "', " + " '" + txtAC1.Text + "', " +
" '" + txtIFSC1.Text + "', " + " '" + txtBN2.Text + "', " + " '" + txtAC2.Text + "', "
+ " '" + txtIFSC2.Text + "')";
cmd = new MySqlCommand(regInset, con);
da = new MySqlDataAdapter(cmd);
ds = new DataSet();
da.Fill(ds, "Fn_Registration");
this.clearData();
In your insert query you can use:
INSERT INTO Fn_Registration(Names,of,columns,that,you,want,to,give,a,value) VALUES(values,for,those,columns);
If you then exclude the id column from the names of columns you want to give a value, SQL should automatically increment the value.
MySQL can be made to auto increment on a table by modifying that table as follows:
ALTER TABLE tablename MODIFY id_Column INT NOT NULL AUTO_INCREMENT;
MySQL Documentation
Related
This question already has answers here:
What are good ways to prevent SQL injection? [duplicate]
(4 answers)
How can I add user-supplied input to an SQL statement?
(2 answers)
Closed 5 years ago.
Here is my code and I am getting insert error.
Kindly help
OleDbConnection cnn = new OleDbConnection(dbConnection);
cnn.Open();
OleDbCommand cmd = cnn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [Emp Data] (" +
"EmpID, Active, EmpName, DOJ, DOL, [Next Manager], DOB, Department, Section, Designation, [Father Name], Address, Town, CNIC, Education, [Habib Metro], [Salary PM], EmailID, [JS Bank Account], [Salary on joining], [Last inc Rs], [Last inc Date], [Next of Kin Name], Relation, [Contact No], Comments, [Reason of Leaving], DOC, [Shift Timings], [Off Day 1], [Off Day 2]"
+ ") VALUES (" +
id + ", 'A' , '" + name + "', '" + doj + "', null '" + manager + "', '" + dob + "', '" + dept + "', '" + section + "', '" + desg + "', '" + father + "', '" + add + "', '" + town + "', '" + cnic + "', '" + education + "', '" + metroBank + "', " + salaryPM + ", '" + email + "', '" + jsBank + "', " + salary + ", 0, 0, null, '" + kinName + "', '" + kinRelation + "', '" + kinContact + "', '" + comments + "', null '" + doc + "', '" + shift + "', '" + offDay1 + "', '" + offDay2
+ "');";
cmd.ExecuteNonQuery();
cnn.Close();
I suspect:
null '"
should be:
null, '"
You are missing a comma in a couple of places.
How can I put these queries in a loop (from student_fee_record_2 to student_fee_record_10) There is only difference between student_fee_record_1 and others, from student_fee_record_2 to 10 have no insertion for fee_txt. I need them to insert in a loop separately from student_fee_record_1, So that my code can be shorter, these are too much lines of code, Please help me to short this code using loop. And please note that I’m using varchar() for all fields in my database.
Here is my code.
private void btn_add_Click(object sender, EventArgs e)
{
string constring = "Data Source=Niazi;Initial Catalog=IIHS;Integrated Security=True";
SqlConnection conDataBase = new SqlConnection(constring);
conDataBase.Open();
string Query = "insert into student_fee_record_1 (student_id, student_name, student_f_name," +
"program, address, email_address, date, fee_submit)" +
"values('" + std_id_txt.Text + "','" + std_name_txt.Text + "','" + f_name_txt.Text + "'," +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "', '" + fee_txt.Text + "');"+
"insert into student_fee_record_2 (student_id, student_name, student_f_name," +
"program, address, email_address, date)"+
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_3 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_4 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_5 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_6 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_7 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_8 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_9 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')" +
"insert into student_fee_record_10 (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " +
"'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," +
"'" + date_txt.Text + "')";
//SqlConnection conDataBase = new SqlConnection(constring);
SqlCommand cmdDataBase = new SqlCommand(Query, conDataBase);
SqlDataReader myReader;
try
{
//conDataBase.Open();
myReader = cmdDataBase.ExecuteReader();
MessageBox.Show("Record added successfully.");
ClearAll(this);
load_table();
while (myReader.Read())
{
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
Easy
private void btn_add_Click(object sender, EventArgs e)
{
string constring = "Data Source=Niazi;Initial Catalog=IIHS;Integrated Security=True";
SqlConnection conDataBase = new SqlConnection(constring);
conDataBase.Open();
string Query = "";
for (int recordNum = 1; recordNum <= 10; recordNum++)
{
if (recordNum == 1)
{
Query = string.Format(
"insert into student_fee_record_{0} (student_id, student_name, student_f_name," +
"program, address, email_address, date, fee_submit)" +
"values('{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}')",
recordNum.ToString(), std_id_txt.Text, std_name_txt, f_name_txt.Text, program_txt.Text, address_txt.Text, date_txt.Text, email_txt.Text, fee_txt.Text);
}
else
{
Query = string.Format(
"insert into student_fee_record_{0} (student_id, student_name, student_f_name," +
"program, address, email_address, date)" +
"values('{1}','{2}','{3}','{4}','{5}','{6}','{7}')",
recordNum.ToString(), std_id_txt.Text, std_name_txt, f_name_txt.Text, program_txt.Text, address_txt.Text, date_txt.Text, email_txt.Text);
}
//SqlConnection conDataBase = new SqlConnection(constring);
SqlCommand cmdDataBase = new SqlCommand(Query, conDataBase);
SqlDataReader myReader;
try
{
//conDataBase.Open();
myReader = cmdDataBase.ExecuteReader();
MessageBox.Show("Record added successfully.");
ClearAll(this);
load_table();
while (myReader.Read())
{
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
here's my code,what i have to do that my code stops read data when files data ended.
string path = string.Concat(Server.MapPath("~/TempFiles/"), Fileupload1.FileName);
string text = System.IO.File.ReadAllText(path);
string[] lines = text.Split('\n');
con.Open();
SqlCommand cmd = new SqlCommand();
string[] Values;
foreach (string line1 in lines)
{
int a = 0;
Values = line1.Split(';');
a = a + 1;
// string query = "INSERT INTO cdr_info VALUES ('" + Values[0] + "'," + Values[1] + ",'" + Values[2] + "','" + Values[3] + "'," +
string query = "INSERT INTO cdr_info VALUES( '" + Values[0] + "', '" + Values[1] + "', '" + Values[2] + "', '" + Values[3] + "', '" + Values[4] + "', '" + Values[5] + "', '" + Values[6] + "', '" + Values[7] + "', '" + Values[8] + "', '" + Values[9] + "'," +
" '" + Values[10] + "', '" + Values[11] + "', '" + Values[12] + "', '" + Values[13] + "', '" + Values[14] + "','" + Values[15] + "', '" + Values[16] + "', '" + Values[17] + "', '" + Values[18] + "','" + Values[19] + "'," +
"'" + Values[20] + "','" + Values[21] + "', '" + Values[22] + "', '" + Values[23] + "', '" + Values[24] + "', '" + Values[25] + "','" + Values[26] + "', '" + Values[27] + "', '" + Values[28] + "', '" + Values[29] + "', " +
" '" + Values[30] + "', '" + Values[31] + "', '" + Values[32] + "', '" + Values[33] + "', '" + Values[34] + "'," +
"'" + Values[35] + "', '" + Values[36] + "', '" + Values[37] + "', '" + Values[38] + "','" + Values[39] + "', '" + Values[40] + "', '" + Values[41] + "', '" + Values[42] + "'," +
"'" + Values[43] + "', '" + Values[44] + "', '" + Values[45] + "', '" + Values[46] + "', '" + Values[47] + "', '" + Values[48] + "', '" + Values[49] + "','" + Values[50] + "', '" + Values[51] + "'," +
" '" + Values[52] + "', '" + Values[53] + "', '" + Values[54] + "', '" + Values[55] + "', '" + Values[56] + "','" + Values[57] + "', '" + Values[58] + "', '" + Values[59] + "', '" + Values[60] + "', '" + Values[61] + "'," +
"'" + Values[62] + "', '" + Values[63] + "', '" + Values[64] + "', '" + Values[65] + "', '" + Values[66] + "','" + Values[67] + "','" + Values[68] + "','" + Values[69] + "', '" + Values[70] + "'," +
"'" + Values[71] + "', '" + Values[72] + "','" + Values[73] + "','" + Values[74] + "', '" + Values[75] + "', '" + Values[76] + "', '" + Values[77] + "', '" + Values[78] + "', '" + Values[79] + "', '" + Values[80] + "'," +
" '" + Values[81] + "', '" + Values[82] + "', '" + Values[83] + "', '" + Values[84] + "', '" + Values[85] + "','" + Values[86] + "', '" + Values[87] + "','" + Values[88] + "', '" + Values[89] + "', '" + Values[90] + "'," +
" '" + Values[91] + "', '" + Values[92] + "', '" + Values[93] + "', '" + Values[94] + "', '" + Values[95] + "', '" + Values[96] + "', '" + Values[97] + "', '" + Values[98] + "', '" + Values[99] + "', '" + Values[100] + "'," +
" '" + Values[101] + "', '" + Values[102] + "', '" + Values[103] + "'," +
" '" + Values[104] + "', '" + Values[105] + "', '" + Values[106] + "', '" + Values[107] + "', '" + Values[108] + "')";
// string query = "INSERT INTO demooo VALUES ('" + Values[0] + "','" + Values[1] + "','" + Values[2] + "')";
cmd = new SqlCommand(query,con);
cmd.ExecuteNonQuery();
}
you will get exception splitted items not having expected item count. you can add validation to avoid the exception like below
Values = line1.Split(';');
int itemcount = 108;
if(line1.Length >= itemcount)
{
// your insert code
}
How can I open a data reader after closing it? I'm using Visual Studio 2010.
Here is my code.
bool result = Directory.EnumerateFiles(#"C:\Users\Moon\Documents\Visual Studio 2010\Projects\cdrInsertion\cdrInsertion\TempFiles").Any();
if (!result)
{
Response.Write("Folder is empty");
}
else
{
DirectoryInfo info = new DirectoryInfo(#"C:\Users\Moon\Documents\Visual Studio 2010\Projects\cdrInsertion\cdrInsertion\TempFiles");
FileInfo[] files = info.GetFiles();
SqlConnection con = new SqlConnection("Data Source = MOON-PC\\SQLEXPRESS; Initial Catalog = Call_Detail_Record; Integrated Security = true; Persist Security Info=False;");
con.Open();
SqlCommand cmd = new SqlCommand();
SqlDataReader readr = null;
foreach (FileInfo file in files)
{
string path = #"C:\Users\Moon\Documents\Visual Studio 2010\Projects\cdrInsertion\cdrInsertion\TempFiles\"+ file;
string queryfile = "select * from file_log";
cmd = new SqlCommand(queryfile,con);
readr = cmd.ExecuteReader();
while (readr.Read())
{
(readr.Open();)<----here i want to open it.
string filnames = readr["file-name"].ToString();
string filestring = file.ToString();
if (filnames.Equals(filestring))
{
Response.Write("file already inserted");
readr.Close();
}
else
{
string text = System.IO.File.ReadAllText(path);
string[] lines = text.Split('\n');
//transctionscop
// DataTable dt = new DataTable();
// cmd = new SqlCommand();
string[] Values;
foreach (string line1 in lines)
{
if (line1 == "")
{
Response.Write("end file");
}
else
{
Values = line1.Split(';');
DateTime zero = Convert.ToDateTime(Values[0]);
// DateTime onezerofive = Convert.ToDateTime(Values[105]);
// DateTime onezerosix = Convert.ToDateTime(Values[106]);
// Timer two = Convert.Tot(Values[2]);
// string query = "INSERT INTO cdr_info VALUES ('" + Values[0] + "'," + Values[1] + ",'" + Values[2] + "','" + Values[3] + "'," +
string query = "INSERT INTO cdr_info VALUES( '" + zero + "', '" + Values[1] + "', '" + Values[2] + "', '" + Values[3] + "', '" + Values[4] + "', '" + Values[5] + "', '" + Values[6] + "', '" + Values[7] + "', '" + Values[8] + "', '" + Values[9] + "'," +
" '" + Values[10] + "', '" + Values[11] + "', '" + Values[12] + "', '" + Values[13] + "', '" + Values[14] + "','" + Values[15] + "', '" + Values[16] + "', '" + Values[17] + "', '" + Values[18] + "','" + Values[19] + "'," +
"'" + Values[20] + "','" + Values[21] + "', '" + Values[22] + "', '" + Values[23] + "', '" + Values[24] + "', '" + Values[25] + "','" + Values[26] + "', '" + Values[27] + "', '" + Values[28] + "', '" + Values[29] + "', " +
" '" + Values[30] + "', '" + Values[31] + "', '" + Values[32] + "', '" + Values[33] + "', '" + Values[34] + "'," +
"'" + Values[35] + "', '" + Values[36] + "', '" + Values[37] + "', '" + Values[38] + "','" + Values[39] + "', '" + Values[40] + "', '" + Values[41] + "', '" + Values[42] + "'," +
"'" + Values[43] + "', '" + Values[44] + "', '" + Values[45] + "', '" + Values[46] + "', '" + Values[47] + "', '" + Values[48] + "', '" + Values[49] + "','" + Values[50] + "', '" + Values[51] + "'," +
" '" + Values[52] + "', '" + Values[53] + "', '" + Values[54] + "', '" + Values[55] + "', '" + Values[56] + "','" + Values[57] + "', '" + Values[58] + "', '" + Values[59] + "', '" + Values[60] + "', '" + Values[61] + "'," +
"'" + Values[62] + "', '" + Values[63] + "', '" + Values[64] + "', '" + Values[65] + "', '" + Values[66] + "','" + Values[67] + "','" + Values[68] + "','" + Values[69] + "', '" + Values[70] + "'," +
"'" + Values[71] + "', '" + Values[72] + "','" + Values[73] + "','" + Values[74] + "', '" + Values[75] + "', '" + Values[76] + "', '" + Values[77] + "', '" + Values[78] + "', '" + Values[79] + "', '" + Values[80] + "'," +
" '" + Values[81] + "', '" + Values[82] + "', '" + Values[83] + "', '" + Values[84] + "', '" + Values[85] + "','" + Values[86] + "', '" + Values[87] + "','" + Values[88] + "', '" + Values[89] + "', '" + Values[90] + "'," +
" '" + Values[91] + "', '" + Values[92] + "', '" + Values[93] + "', '" + Values[94] + "', '" + Values[95] + "', '" + Values[96] + "', '" + Values[97] + "', '" + Values[98] + "', '" + Values[99] + "', '" + Values[100] + "'," +
" '" + Values[101] + "', '" + Values[102] + "', '" + Values[103] + "'," +
" '" + Values[104] + "', '" + Values[105] + "', '" + Values[106] + "', '" + Values[107] + "', '" + Values[108] + "')";
// string query = "INSERT INTO demooo VALUES ('" + Values[0] + "','" + Values[1] + "','" + Values[2] + "')";
cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
}
}
}
}
readr.Close();
}
The reader is already open. When you call ExecuteReader on the command, it returns an open data reader.
Why are you closing the data reader inside the loop though? You've got a Close call after the loop anyway so why close it twice? What you should do is create it with a using statement and then it will be implicitly closed at the end of the block.
I Want To Convert SqlCommand Result into Int Value How Can i Do that??
Please Help With That What I Have Tried IS Below:
The stp_no in Table Have Set Identity Property. And I want To insert That Auto Generated Numbers into Another Table But It Shows Always Error Like "Connot Convert SqlCommand Type to Int Type"
SqlCommand dvgcmd, snocmd;
snocmd = new SqlCommand("SELECT stp_no FROM MaterialTestMaster", con);
dvgcmd = new SqlCommand("INSERT INTO MaterialTestDetail(stp_no,test_no,test_name,test_type,test_spec,high_limit,low_limit)" +
"VALUES('"+ snocmd +"','" + #matTstDataGridView.Rows[j].Cells[0].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[1].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[2].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[3].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[4].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[5].Value + "')", con);
Please Help M to Solve This Problem :)
SqlCommand dvgcmd;
dvgcmd = new SqlCommand("INSERT INTO MaterialTestDetail(stp_no,test_no,test_name,test_type,test_spec,high_limit,low_limit)" +
"VALUES((SELECT stp_no FROM MaterialTestMaster),'" + #matTstDataGridView.Rows[j].Cells[0].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[1].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[2].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[3].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[4].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[5].Value + "')", con);
The answer of juergen should work, you have to execute first your command, then use the result as next:
int id = int.Parse(snocmd.ExecuteScalar().ToString());
dvgcmd = new SqlCommand("INSERT INTO MaterialTestDetail(stp_no,test_no,test_name,test_type,test_spec,high_limit,low_limit)" +
"VALUES('"+ id +"','" + #matTstDataGridView.Rows[j].Cells[0].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[1].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[2].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[3].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[4].Value + "'," +
" '" + #matTstDataGridView.Rows[j].Cells[5].Value + "')", con);