I am trying to understand what is wrong with this select.
I want to get the last user_Id which was been added.
Here is the error message:
The parameterized query '(#Id_user int)SELECT SCOPE_IDENTITY() AS id_user' expects the parameter '#Id_user', which was not supplied.
Here is the SQL statement:
if (count >= 1) /* <=== verification from the insert SQL */
{
string selectStatement = "SELECT SCOPE_IDENTITY() AS id_user";
SqlCommand selectCommand = new SqlCommand(selectStatement, sqlConnection);
selectCommand.Parameters.Add("#Id_user", SqlDbType.Int, 0, "Id_user");
int newID = (int)selectCommand.ExecuteScalar();
int User_ID = Convert.ToInt32(selectCommand.Parameters["#Id_user"].Value);
Session["Id_user"] = User_ID;
buserIdAuthenticated = true;
Session["userIdAuthenticated"] = buserIdAuthenticated;
Response.Redirect("../pages/Welcome.aspx");
}
}
catch (SqlException ex)
{
lblMessage.Text = ex.Message;
}
finally
{
sqlConnection.Close();
}
you haven't defined an #parameter in your sql statement so you don;t need to add the parameter at all - just get the result of ExecuteScalar - you should be able to cast it to an int - although I cast it specifically in the sql statement too -
select cast(Scope_identity() as int) ....
so you'd end up with somthing like
string selectStatement = "SELECT cast(SCOPE_IDENTITY() AS int)";
SqlCommand selectCommand = new SqlCommand(selectStatement, sqlConnection);
object newIDobj = (int)selectCommand.ExecuteScalar();
if(newIDobj!=null)
Session["Id_user"] = (int)newIDobj;
Even better you could create a stored procedure and have the insert done there, where it can then return scope identity.
Edited to include example with insert. (just typed in here - so likely some typos)
int newID = -1;
string commandString = "insert (code, desc, numbervalue) values (#code, #desc,#numbervalue); select cast(scope_identity() as int);"
using(SqlCommand cmd = new SqlCommand(commandString))
{
try
{
cmd.Parameters.Add("#code", )
// etc
int newid=(int)(cmd.ExecuteScalar()??-1);
}
catch(Exception e)
{
// something went wrong
}
}
if(newID!=-1)
{
// do something;
}
Related
I am using SQL Server.
Every time the data is successfully inserted into the database but always it returns a null value. In the SQL Server I only created the table with only auto-increment on the first column('Id'). My table looks like this:
Column_Name
Type
Id
int
DateTime
datetime
ClientName
nvarchar
ClientNumber
nvarchar
TotalPrice
float
My code looks like this:
try
{
SqlCommand cmd = new SqlCommand();
cmd.Connection = _conn;
cmd.CommandText = "INSERT INTO appointmentTable(DateTime,ClientName,ClientNumber,TotalPrice) VALUES( #datee, #clientName ,#clientNumber, #totalPrice);";
cmd.Parameters.AddWithValue("#datee", newAppointment.GetDateTime().ToString("yyyy-MM-dd HH:mm:ss"));
cmd.Parameters.AddWithValue("#clientName", newAppointment.GetClientName());
cmd.Parameters.AddWithValue("#clientNumber", newAppointment.GetClientNumber());
cmd.Parameters.AddWithValue("#totalPrice", newAppointment.GetTotalPrice());
_conn.Open();
int idAdded = Convert.ToInt32(cmd.ExecuteScalar());
newAppointment.SetId(idAdded);
AppointmentServiceRepository.getInstance().AddServicesToAppointment(newAppointment);
_conn.Close();
return true;
}
catch (SqlException e)
{
Console.WriteLine(e.Message);
return false;
}
You need to return the SQL function SCOPE_IDENTITY(), as follows
cmd.CommandText = "INSERT INTO
appointmentTable(DateTime,ClientName,ClientNumber,TotalPrice) VALUES( #datee, #clientName
,#clientNumber, #totalPrice); SELECT SCOPE_IDENTITY();";
You can try OUTPUT clause to return the newly inserted id.Read more on OUTPUT clause
cmd.CommandText = "INSERT INTO
appointmentTable(DateTime,ClientName,ClientNumber,TotalPrice)
OUTPUT inserted.ID
VALUES( #datee, #clientName,#clientNumber, #totalPrice); "
I am inserting a data row into my SQL Server database and then I want to query the data to get the unique identifier from the inserted row but my SqlDataReader is returning an empty dataset. I am thinking it maybe that the transaction hasn't been committed or something like that but I am not sure. I do not get an error.
Here is my code:
try
{
strQuery = "INSERT INTO clientnames VALUES(NEWID(),'" + txtACLastName.Text + "','" + txtACFirstName.Text + "'," + 1 + ")";
using (SqlCommand sqlInsertCmd = new SqlCommand(strQuery, sqlConn))
{
intQueryResult = sqlInsertCmd.ExecuteNonQuery();
if (intQueryResult == 0)
{
blnSuccess = false;
goto InsertClientNamesError;
}
else
{
blnSuccess = true;
}
sqlInsertCmd.Dispose();
}
if (blnSuccess)
{
strQuery = "select clientID from clientnames where firstname = '" + txtACFirstName.Text + "' and lastname = '" + txtACLastName.Text + "'";
using (SqlCommand sqlSelectCmd = new SqlCommand(strQuery, sqlConn))
{
SqlDataReader sqlDataRead = sqlSelectCmd.ExecuteReader();
while (sqlDataRead.Read())
{
strClientID = sqlDataRead.ToString();
}
sqlDataRead.Close();
sqlSelectCmd.Dispose();
}
}
}
catch (Exception exQuery)
{
System.Windows.MessageBox.Show("InsertClientNames: Error, " + exQuery.Message + ", has occurred.");
}
You are not getting the desired result because perhaps the SqlConnection is not opened explicitly (just a guess hard to tell without having full code). But this link shows you how to read from reader --> https://msdn.microsoft.com/en-us/library/haa3afyz(v=vs.110).aspx
But I suggest that you Please do not do it this way. Reason is you are making Two round trips to the DB Server when only one would have done the job for you IF you were using stored procedures. Also you are exposing yourselves to SQL Injection attacks as you are not parameterizing your queries.
Stored procedure:
CREATE PROCEDURE dbo.INS_clientnames
(
#FirstName varchar(100),
#LastName varchar(100),
#NewID int out
)
AS
BEGIN
Declare #Err int
set #NewID = NewID() -- Get the New ID and store it in the variable ( #NewID ) that the SP will return back to the caller
INSERT INTO clientnames values (#NewID , #FirstName , #LastName)
SET #Err = ##ERROR
IF #Error <> 0 -- Check If there was an error
Begin
SET #NewID = -1 -- Indicates that there was an error. You could log this into a Log Table with further details like error id and name.
END
RETURN
END
C# code to execute the above stored procedure and get the NewID:
using(SqlConnection conn = new SqlConnection(connectionString ))
{
using(SqlCommand cmd = new SqlCommand("dbo.INS_clientnames", conn))
{
cmd.CommandType = CommandType.StoredProcedure;
// set up the parameters that the Stored Procedure expects
cmd.Parameters.Add("#FirstName", SqlDbType.VarChar, 100);
cmd.Parameters.Add("#LastName" , SqlDbType.VarChar, 100);
cmd.Parameters.Add("#NewId" , SqlDbType.Int).Direction = ParameterDirection.Output;
// set parameter values that your code will send to the SP as parameter values
cmd.Parameters["#FirstName"].Value = txtACFirstName.Text ;
cmd.Parameters["#LastName"].Value = txtACLastName.Text ;
// open connection and execute stored procedure
conn.Open();
cmd.ExecuteNonQuery();
// read output value from #NewId
int NewID = Convert.ToInt32(cmd.Parameters["#NewId"].Value);
}
}
Add the following line to your stored procedure that inserts the record
SELECT SCOPE_IDENTITY()
This will return the last identity value inserted in that table.
And use cmd.ExecuteScalar() instead of ExecuteNonQuery()
ExecuteScalar() executes the query, and returns the first column of the first row in the result set returned by the query. Additional columns or rows are ignored. [More info][1]
I see two approaches to do this:
either you generate the new GUID on the client side in your C# code and pass it into the query - then you already know what the new id is going to be, so you don't need to do a second query to get it:
you create your GUID on the server side and return it to the caller using the OUTPUT clause in your query
Approach #1:
// define connection string and query
string connStr = "--your connection string here--";
string query = "INSERT INTO dbo.Clients(ClientID, FirstName, LastName) VALUES(#ID, #First, #Last);";
using (SqlConnection conn = new SqlConnection(connStr))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
// create the GUID in C# - this is the ID - no need to go get it again - this *IS* the id
Guid id = Guid.NewGuid();
// set the parameters
cmd.Parameters.Add("#ID", SqlDbType.UniqueIdentifier).Value = id;
cmd.Parameters.Add("#First", SqlDbType.VarChar, 50).Value = "Peter";
cmd.Parameters.Add("#Last", SqlDbType.VarChar, 50).Value = "Miller";
// open connection, execute query, close connection
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
Approach #2:
// define connection string and query
string connStr = "--your connection string here--";
// query has an "OUTPUT" clause to return a newly inserted piece of data
// back to the caller, just as if a SELECT had been issued
string query = "INSERT INTO dbo.Clients(ClientID, FirstName, LastName) OUTPUT Inserted.ClientID VALUES(NEWID(), #First, #Last);";
using (SqlConnection conn = new SqlConnection(connStr))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
// set the parameters - note: you do *NOT* send in a GUID value - the NEWID() will create one automatically, on the server
cmd.Parameters.Add("#First", SqlDbType.VarChar, 50).Value = "Frank";
cmd.Parameters.Add("#Last", SqlDbType.VarChar, 50).Value = "Brown";
// open connection
conn.Open();
// execute query and get back one row, one column - the value in the "OUTPUT" clause
object output = cmd.ExecuteScalar();
Guid newId;
if (Guid.TryParse(output.ToString(), out newId))
{
//
}
conn.Close();
}
I think I've seen almost every page relating to this question, most likely answer was
Check if a SQL table exists
but didn't really understand it. This is what I got:
private void select_btn_Click(object sender, EventArgs e)
{
string theDate = dateTimePicker1.Value.ToString("dd-MM-yyyy");
SqlConnection SC = new SqlConnection("Data Source=ruudpc;Initial Catalog=leden;Integrated Security=True");
SqlCommand DateCheck = new SqlCommand("SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '" + theDate + "'");
}
Now I want a return value from DateCheck.ExecuteScalar(); that can tell me if it exists or not, probably dead simple.
EDIT
Regardless for the sql injection part, and that for some this question is helpful, it is generally bad practice to create tables on the fly, I recommend you reconsider your ERD. Just saying.
Using IF EXISTS T-SQL
private void select_btn_Click(object sender, EventArgs e)
{
string theDate = dateTimePicker1.Value.ToString("dd-MM-yyyy");
// Enclose the connection inside a using statement to close and dispose
// when you don't need anymore the connection (to free local and server resources)
using(SqlConnection SC = new SqlConnection("Data Source=ruudpc;Initial Catalog=leden;Integrated Security=True"))
{
// Sql command with parameter
string cmdText = #"IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_NAME=#name) SELECT 1 ELSE SELECT 0";
SC.Open();
SqlCommand DateCheck = new SqlCommand(cmdText, SC);
// Add the parameter value to the command parameters collection
DateCheck.Parameters.Add("#name", SqlDbType.NVarChar).Value = theDate
// IF EXISTS returns the SELECT 1 if the table exists or SELECT 0 if not
int x = Convert.ToInt32(DateCheck.ExecuteScalar());
if (x == 1)
MessageBox.Show("Table exists for date " + theDate);
else
MessageBox.Show("Table doesn't exist for date " + theDate);
}
}
The way you write the code can lead to sql injection attack.Parameterized SQL statements are an easy way to avoid SQL injection attacks and also a good codding practise
CREATE PROCEDURE checkTableExist
#theDate varchar(10)
AS
SET NOCOUNT ON;
IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME=#theDate) SELECT 1 ELSE SELECT 0
C# code
try
{
string theDate = dateTimePicker1.Value.ToString("dd-MM-yyyy");
sqlConnection = new SqlConnection(dbConnectionString);
SqlCommand command = new SqlCommand("checkTableExist", sqlConnection);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("#theDate", SqlDbType.VarChar).Value = dateTimePicker1.Value.ToString("dd-MM-yyyy");
sqlConnection.Open();
int result = (Int32)command.ExecuteScalar();
sqlConnection.Close();
if (result == 1)
return true;//or any message
else
return false;
}
catch (SqlException ex)
{
Console.WriteLine("SQL Error" + ex.Message.ToString());
return false;
}
This query is been executed in database.
select COUNT(*) from Patient_Data where DummyValue = 'Y';
104
I have to retrieve this number (104) from database to asp.net with c# so that when the count becomes zero I have to disable a button, How to retrieve this number from database into the code. It should be stored as integer.
I have tried these line of code in c#
using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString))
{
using (SqlCommand cmd = new SqlCommand("select COUNT(*) as PatientCount from Patient_Data where DummyValue = 'Y' ", cn))
{
try
{
cn.Open();
using (SqlDataReader rdr = cmd.ExecuteReader())
{
int Patcount;
if (rdr.Read())
{
//Code Required
}
}
}
catch (Exception ex)
{
// handle errors here
}
}
}
use alias to get the count as below:
select COUNT(*) as PatientCount from Patient_Data where DummyValue = 'Y';
Read the PatientCount value in code.
you can use GetInt32() function to get the count as int.
Note: you are passing the parameter values in your query which leads to Sql Injection Attacks, so you could use Parameterized Sql Queries to avoid them.
sample code is asbelow:
private int readPatientData()
{
int PatientCount = 0;
String strCommand = "select COUNT(*) as PatientCount from Patient_Data where DummyValue = #MyDummyValue";
using (SqlConnection sqlConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString))
{
sqlConnection.Open();
using (SqlCommand sqlcommand=new SqlCommand(strCommand,sqlConnection))
{
sqlcommand.Parameters.Add(new SqlParameter("MyDummyValue", 'Y'));
SqlDataReader sqlReader = sqlcommand.ExecuteReader();
if (sqlReader.Read())
PatientCount = sqlReader.GetInt32(0);
}
}
return PatientCount;
}
I solved my issue with these lines of code.
using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString))
{
using (SqlCommand cmd = new SqlCommand("select COUNT(*) as PatientCount from Patient_Data where DummyValue = 'Y' ", cn))
{
try
{
cn.Open();
using (SqlDataReader rdr = cmd.ExecuteReader())
{
//int Patcount;
if (rdr.Read())
{
int Patcount = int.Parse(rdr["PatientCount"].ToString());
if (Patcount != 0)
{
Label3.Visible = true;
Label3.Text = "You have already have "+Patcount+" dummy records,Please update those records by clicking Update Dummy Records Link.";
btnSkipSubmit.Visible = false;
}
//Code Required
}
}
}
catch (Exception ex)
{
// handle errors here
}
}
}
Update based on code change in question
You can write rdr.GetInt32(3); instead of code required in your code.
previous answer
You need to use ExecuteScalar method while executing your command. Here is the example from msdn:
static public int AddProductCategory(string newName, string connString)
{
Int32 newProdID = 0;
string sql =
"INSERT INTO Production.ProductCategory (Name) VALUES (#Name); "
+ "SELECT CAST(scope_identity() AS int)";
using (SqlConnection conn = new SqlConnection(connString))
{
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("#Name", SqlDbType.VarChar);
cmd.Parameters["#name"].Value = newName;
try
{
conn.Open();
newProdID = (Int32)cmd.ExecuteScalar();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
return (int)newProdID;
}
In this example they are returning newly added product Id.
ExecuteScalar returns object that you can check for null and cast to number as you know with int.parse method or the best one you know.
As Per my knowledge there are three ways to do this:
Using COUNT you can do this as below:
select COUNT(*) as RowCount from Patient_Data where DummyValue = 'Y';
Using ROW_NUMBER you can do this as below:
Select ROW_NUMBER() OVER (ORDER BY Patient_Data.ID DESC) AS RowNumber from Patient_Data where DummyValue = 'Y';
And there is another way but that way is only to get the row count and is the fastest way to get the row count in sql server according to me.
SELECT
Total_Rows= SUM(st.row_count)
FROM
sys.dm_db_partition_stats st
WHERE
object_name(object_id) = 'Patient_Data' AND (index_id < 2)
That's all
I'm attempting to retrieve an integer value from a single table, based on the string field username. I've tried it using a stored proc, and direct text. When I execute the stored proc, I get the proper return value; however, the proper result doesn't come through.
Here are both sets of code -
Direct text -
public int GetUserRole(string CUSER)
{
try
{
SQLCON = new SqlConnection(connectionString);
SQLCON.Open();
SQLCommand = new SqlCommand();
SQLCommand.CommandType = CommandType.Text;
SQLCommand.Parameters.Add("USUsername", SqlDbType.VarChar).Value = CUSER;
SQLCommand.CommandText = "SELECT USRole FROM tblUser WHERE USUsername = CUSER";
Int32 USRole = (Int32) SQLCommand.ExecuteScalar();
return USRole;
}
catch
{
HttpContext.Current.Response.Redirect("~/ErrorRedirect.aspx", false);
return 0;
}
}
SQL query:
ALTER PROCEDURE [dbo].[spGetUserRole]
-- Add the parameters for the stored procedure here
#username VARCHAR(50)
AS
BEGIN
-- Declare the return variable here
DECLARE #USRole as int
-- Add the T-SQL statements to compute the return value here
SELECT #USRole = tblUser.USRole FROM tblUser WHERE USUsername = #username
-- Return the result of the function
RETURN #USRole
END
You are not referencing your parameter correctly. If you are adding a parameter named USUsername then in the command text you should use #USUsername:
public int GetUserRole(string CUSER)
{
try
{
SQLCON = new SqlConnection(connectionString);
SQLCON.Open();
SQLCommand = new SqlCommand();
SQLCommand.CommandType = CommandType.Text;
SQLCommand.Parameters.Add("USUsername", SqlDbType.VarChar).Value = CUSER;
SQLCommand.CommandText = "SELECT USRole FROM tblUser WHERE USUsername = #USUsername";
Int32 USRole = (Int32) SQLCommand.ExecuteScalar();
return USRole;
}
catch (Exception)
{
HttpContext.Current.Response.Redirect("~/ErrorRedirect.aspx", false);
return 0;
}
}
Your stored procedure will also need updating as the parameter name here should also match and you don't need the return variable.
ALTER PROCEDURE [dbo].[spGetUserRole]
-- Add the parameters for the stored procedure here
#USUsername VARCHAR(50)
AS
BEGIN
-- Add the T-SQL statements to compute the return value here
SELECT tblUser.USRole FROM tblUser WHERE USUsername = #USUsername
END
You should also look at using the "using" syntax to automatically close your database connections. See Scott Hanselman's example here - http://www.hanselman.com/blog/WhyTheUsingStatementIsBetterThanASharpStickInTheEyeAndASqlConnectionRefactoringExample.aspx
Instead of using the return value of the stored procedure (RETURN #USRole), send the results back using a Select statement (e.g. Select #USRole). What is going on is that the return value of a stored procedure isn't the same as what is used by ExecuteScalar. ExecuteScalar returns the first column and row of the output. The return value is different and must accessed using the specially named parameter #RETURN_VALUE or the special ParameterDirection.ReturnValue property.
A revised version of your procedure would look like:
ALTER PROCEDURE [dbo].[spGetUserRole]
-- Add the parameters for the stored procedure here
#USUsername VARCHAR(50)
AS
BEGIN
-- Add the T-SQL statements to compute the return value here
Select tblUser.USRole
FROM tblUser
WHERE USUsername = #USUsername
END
RETURN (Transact-SQL)
SqlCommand.ExecuteScalar Method
I dont know how you called your stored procedure, but theres a bug in the query that you posted:
"SELECT USRole FROM tblUser WHERE USUsername = CUSER"
should be replaced with
SQLCommand.Parameters.Add("#USUsername", SqlDbType.VarChar).Value = CUSER;
"SELECT USRole FROM tblUser WHERE USUsername = #USUsername"
You are currently not really making the parameter part of the query, but trying to find the value CUSER within the column
Use parameter correctly. And dont forget to close connection on finally statement.
public int GetUserRole(string CUSER)
{
try
{
SQLCON = new SqlConnection(connectionString);
SQLCON.Open();
SQLCommand = new SqlCommand();
SQLCommand.CommandType = CommandType.Text;
SQLCommand.CommandText = "SELECT USRole FROM tblUser WHERE USUsername = #USUsername ";
SQLCommand.Parameters.Add("USUsername", SqlDbType.VarChar).Value = CUSER;
Int32 USRole = (Int32) SQLCommand.ExecuteScalar();
return USRole;
}
catch (Exception)
{
HttpContext.Current.Response.Redirect("~/ErrorRedirect.aspx", false);
return 0;
}
finally { close connection here.. }
}
If you insist on using the return value you can do it by setting the Parameter direction and using ExecuteNonQuery
SqlParameter p = cmd.Parameters.Add("#USRole", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.ExecuteNonQuery();
int returnvalue = (int)cmd.Parameters["#USRole"].Value;
If you want to use ExecuteScalar then just change your proc to select the variable instead of Return
You should note that what you put in for the parameter name is arbitrary.