I am trying to update a SQL table from my C# backend, but it never successfully executes; mainServiceButton is a pre-existing value in the linkName column. Here is what I have so far:
conn.Open();
string qry = "UPDATE clickStream SET clickCount = (clickCount + 1) WHERE linkName = mainServiceButton";
SqlCommand cmd = new SqlCommand(qry, conn);
try
{
cmd.ExecuteScalar();
}
catch
{
MessageBox.Show("not executed");
}
conn.Close();
This is how the table was created:
CREATE TABLE clickStream(
click_ID int identity(1,1),
linkName nvarchar(50) not null,
clickCount int,
PRIMARY KEY(click_ID));
The desired result is to increase the clickCount by 1 every time a link(linkName) is clicked on. Any Suggestions?
MessageBox.Show("not executed"); is not going to help you much except to obscure the details of the error: you need to instead output the details of the caught exception to understand what happened.
Addressing this and other suggestions made in comments...
mainServiceButton nakedly inline in the SQL text not possibly being what you want
a SqlParameter being warranted to accept a value for the WHERE sanely
ExecuteNonQuery() instead of ExecuteScalar() being the right call
..., see what sort of mileage you get with this instead:
conn.Open();
string qry = "UPDATE clickStream SET clickCount = (clickCount + 1) WHERE linkName = #linkName";
SqlCommand cmd = new SqlCommand(qry, conn);
// Use a SqlParameter to correct an error in the posted code and do so safely.
cmd.Parameters.Add(new SqlParameter("#linkName", "mainServiceButton"));
try
{
cmd.ExecuteNonQuery(); // not ExecuteScalar()
}
catch (SqlException sex)
{
// Output the exception message and stack trace.
MessageBox.Show(sex.ToString());
}
conn.Close();
Try the below, not tested so you may need to fix minor bugs:
conn.Open();
string qry = "UPDATE clickStream SET clickCount = (clickCount + 1) WHERE linkName = 'mainServiceButton';SELECT ##ROWCOUNT;";
SqlCommand cmd = new SqlCommand(qry, conn);
try
{
int rowsAffected = (int)cmd.ExecuteScalar();
if (rowsAffected != 1)
throw new ApplicationException("Rows affected should be 1, " + rowsAffected + " were affected.");
}
catch (Exception ex)
{
MessageBox.Show("Not executed successfully, exception: " + ex.ToString());
}
conn.Close();
Related
I'm performing a command to erase data from a DataGridView
But I can not make it work, I just want to select a line and erase it
In addition to programming a button that says "Delete" so that when you click on it, the selected data in the DataGridView will be deleted
I need really help
I am lost
My Table is "Person"
My Column is "ID"
Instances
{SqlConnection cn;
SqlCommand cmd;
SqlDataReader dr;
SqlDataAdapter da;
DataTable dt;}
public string Del(int ID)
{
string ouk = "Delete Work";
try
{
cmd = new SqlCommand("Delete From Person Where = ID )", cn);
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
ouk = "Bad character:" + ex.ToString();
}
return ouk;
}
For Button Erase at DataGridView
private void buttondel_Click(object sender, EventArgs e)
{
MessageBox.Show(c.Del(TBID));
}
The issue is that your SQL query is malformed and that you're not passing the ID to the query:
"Delete From Person Where = ID )"
One side of the equality check is missing, and you have an unexpected closing bracket.
You should change your query to accept a parameter:
"Delete From Person Where ID = #id"
and then pass the parameter to your command:
cmd.Parameters.Add("#id", SqlDbType.Int).Value = ID;
So it becomes:
try
{
using (cmd = new SqlCommand("Delete From Person Where ID = #id", cn))
{
cmd.Parameters.Add("#id", SqlDbType.Int).Value = ID;
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
ouk = "Bad character:" + ex.ToString();
}
I've taken the liberty of wrapping SqlCommand in a using statement so that it's disposed once we're done with it.
I am new to ASP.NET, I am facing some difficulty in updating records inside database in ASP.NET. My code is showing no errors, but still the records are not being updated. I am using SQL Server 2012.
Code behind is as follows:
protected void Page_Load(object sender, EventArgs e)
{
if (Session["user"] != null)
{
con.Open();
string query = "Select * from Customers where UserName ='" + Session["user"] + "'";
SqlCommand cmd = new SqlCommand(query, con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
txt_name.Text = reader["CustName"].ToString();
txt_phonenumber.Text = reader["Contact"].ToString();
txt_address.Text = reader["CustAddress"].ToString();
txt_cardnum.Text = reader["CustAccountNo"].ToString();
txt_city.Text = reader["CustCity"].ToString();
txt_emailaddress.Text = reader["Email"].ToString();
txt_postalcode.Text = reader["CustPOBox"].ToString();
Cnic.Text = reader["CustCNIC"].ToString();
}
con.Close();
}
else
{
Response.Redirect("Login.aspx");
}
}
protected void BtnSubmit_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd2 = con.CreateCommand();
SqlCommand cmd1 = con.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = "Select CustID from Customers where UserName = '" + Session["user"] + "'";
int id = Convert.ToInt32(cmd1.ExecuteScalar());
cmd2.CommandType = CommandType.Text;
cmd2.CommandText = "update Customers set CustName='" + txt_name.Text + "',CustCNIC='" + Cnic.Text + "',Email='" + txt_emailaddress.Text + "',CustAccountNo='" + txt_cardnum.Text + "',CustAddress='" + txt_address.Text + "',CustPOBox='" + txt_postalcode.Text + "' where CustID='" + id + "'";
cmd2.ExecuteNonQuery();
con.Close();
}
Help will be much appreciated. THANKS!
After debugging the result i am getting is this
cmd2.CommandText "update Customers set CustName='Umer Farooq',CustCNIC='42101555555555',Email='adada#gmail.com',CustAccountNo='0',CustAddress='',CustPOBox='0' where CustID='6'" string
Here Account Number And POBOX is 0 and address is going as empty string. But i have filled the text fields
First thing to do to fix this is to use good ADO techniques, using SqlParameters for the passed in values; and not the risky SQL Injection method of concatenating strings together.
This first portion does just that. I have added in the int sqlRA variable to read the results of the non-query, which will return Rows Affected by the query. This is wrapped in a simple try...catch routine to set the value to negative 1 on any error. Other error handling is up to you. That makes your code look something like this:
cmd1.Parameters.AddWithValue("#SessionUser", Session["User"]);
int id = Convert.ToInt32(cmd1.ExecuteScalar());
cmd2.CommandType = CommandType.Text;
cmd2.CommandText = "UPDATE Customers SET CustName = #CustName, CustCNIC = #CustCNIC, Email = #Email, CustAccountNo = #CustAccountNo, CustAddress = #CustAddress, CustPOBox = #CustPOBox WHERE (CustID = #CustID)";
cmd2.Parameters.AddWithValue("#CustName", txt_name.Text);
cmd2.Parameters.AddWithValue("#CustCNIC", Cnic.Text);
cmd2.Parameters.AddWithValue("#Email", txt_emailaddress.Text);
cmd2.Parameters.AddWithValue("#CustAccountNo", txt_cardnum.Text);
cmd2.Parameters.AddWithValue("#CustAddress", txt_address.Text);
cmd2.Parameters.AddWithValue("#CustPOBox", txt_postalcode.Text);
cmd2.Parameters.AddWithValue("#CustID", id);
int sqlRA
try { sqlRA = cmd2.ExecuteNonQuery(); }
catch (Exception ex) {
sqlRA = -1;
// your error handling
}
/* sqlRA values explained
-1 : Error occurred
0 : Record not found
1 : 1 Record updated
>1 :Multiple records updated
*/
Now reading through your code, all we are doing with the first query is mapping the Session["User"] to id, and then using that id in the second query to do the update, and that Username is not updated in the second. Waste of a query most likely, as we could use the Session["User"] to do the update. That will bring you down to this query, and still bring back that Rows Affected value back:
cmd0.CommandType = CommandType.Text;
cmd0.CommandText = "UPDATE Customers SET CustName = #CustName, CustCNIC = #CustCNIC, Email = #Email, CustAccountNo = #CustAccountNo, CustAddress = #CustAddress, CustPOBox = #CustPOBox WHERE (UserName = #SessionUser)";
cmd0.Parameters.AddWithValue("#CustName", txt_name.Text);
cmd0.Parameters.AddWithValue("#CustCNIC", Cnic.Text);
cmd0.Parameters.AddWithValue("#Email", txt_emailaddress.Text);
cmd0.Parameters.AddWithValue("#CustAccountNo", txt_cardnum.Text);
cmd0.Parameters.AddWithValue("#CustAddress", txt_address.Text);
cmd0.Parameters.AddWithValue("#CustPOBox", txt_postalcode.Text);
cmd0.Parameters.AddWithValue("#SessionUser", Session["User"]);
int sqlRA
try { sqlRA = cmd0.ExecuteNonQuery(); }
catch (Exception ex) {
sqlRA = -1;
// your error handling
}
/* sqlRA values explained
-1 : Error occurred
0 : Record not found
1 : 1 Record updated
>1 :Multiple records updated
*/
When BtnSubmit fires the event, the code in the Page_Load runs before the codes in BtnSubmit, replacing the values placed in the TextBox with the values from the Database before the Update takes place.
I'm trying to write a method to check if a table exists. I am trying to use the using statement to keep it consistent through my database.
public void checkTableExists()
{
connectionString = #"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\keith_000\Documents\ZuriRubberDressDB.mdf;Integrated Security=True;Connect Timeout=30";
string tblnm = "BasicHours";
string str = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = " + tblnm + ");";
SqlDataReader myReader = null;
int count = 0;
try
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand command = new SqlCommand(str, connection))
{
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
MessageBox.Show("The count is " + count);
myReader = command.ExecuteReader();
while (myReader.Read())
{
count++;
}
myReader.Close();
MessageBox.Show("Table Exists!");
MessageBox.Show("The count is " + count);
}
connection.Close();
}
}
}
catch (SqlException ex)
{
MessageBox.Show("Sql issue");
}
catch (Exception ex)
{
MessageBox.Show("Major issue");
}
if (count > 0)
{
MessageBox.Show("Table exists");
}
else
{
MessageBox.Show("Table doesn't exists");
}
}
It throws an exception when it hits the try block. It catches in the SqlException block.
This is the point where I am learning to interact with databases again. The solution would be good, but more importantly, a brief explanation of where I have need to learn how to improve my code.
Thanks
Keith
Your code fails because when you write directly a query searching for a string value then this value should be enclosed in single quotes like 'BasicHours'.
However there are some improvements to apply to your actual code.
First, you can use a simplified sql command.
Second, you use parameters instead of string concatenations.
SqlCommand cmd = new SqlCommand(#"IF EXISTS(
SELECT 1 FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_NAME = #table)
SELECT 1 ELSE SELECT 0", connection);
cmd.Parameters.Add("#table", SqlDbType.NVarChar).Value = tblName;
int exists = (int)cmd.ExecuteScalar();
if(exists == 1)
// Table exists
This command text don't require you to use an SqlDataReader because the query returns just one row with one 'column' and the value of this single cell is either 1 or 0.
A lot less overhead.
A part from this, it is of uttermost importance, that you never build sql queries concatenating strings. This method is well know to cause problems.
The worse is called SQL Injection and could potentially destroy your database or reveal confidential information to hackers. The minor ones are crashes when the string concatenated contains single quotes. Use always a parameterized query.
I have used the following code in my project and worked for me:
try
{
using (con = new SqlConnection(Constr);)
{
con.Open();
string query = $"IF EXISTS (SELECT * FROM sys.tables WHERE name = '{tableName}') SELECT 1 ELSE Select 0;"
Exists = int.Parse(sqlQuery.ExecuteScalar().ToString())==1;
con.Close();
}
}
catch{}
The problem could be the line: string tblnm = "BasicHours";. You table name is a string and should be apostrophed, try this: string tblnm = "'BasicHours'";
Inside catch blocks you could also log exception messages and details.
Thanks for the help on this issue. This is the solution that I'm implemnenting.
public void checkTableExists()
{
connectionString = #"
Data Source=(LocalDB)\MSSQLLocalDB;
AttachDbFilename=C:\Users\keith_000\Documents\ZuriRubberDressDB.mdf;
Integrated Security=True;
Connect Timeout=30";
string tblName = #"BasicHours";
string str = #"IF EXISTS(
SELECT 1 FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_NAME = #table)
SELECT 1 ELSE SELECT 0";
try
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand command = new SqlCommand(str, connection))
{
connection.Open();
SqlCommand cmd = new SqlCommand(str, connection);
cmd.Parameters.Add("#table", SqlDbType.NVarChar).Value = tblName;
int exists = (int)cmd.ExecuteScalar();
if (exists == 1)
{
MessageBox.Show("Table exists");
}
else
{
MessageBox.Show("Table doesn't exists");
}
connection.Close();
}
}
}
catch (SqlException ex)
{
MessageBox.Show("Sql issue");
}
catch (Exception ex)
{
MessageBox.Show("Major issue");
}
}
I have a form where a user can insert, view and update data. Data insertion is done only once, then updates can be done many times. By default, the user will be able to view the data if it exists in the database.
I tried this but it doesn't insert into database. Then suppose a data exists in database and when the user wants to update the record, it throws an error - DataReader is open.
private void display_Emp()
{
try
{
using (sqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString))
{
sqlCon.Open();
SqlDataAdapter da = new SqlDataAdapter("SELECT * FROM Employee", sqlCon);
DataSet ds = new DataSet("Employee");
da.Fill(ds, "Employee");
int x = 0;
for (x = 0; x < ds.Tables[0].Rows.Count; x++)
{
txtID.Text = ds.Tables[0].Rows[x][1].ToString();
txtEmpName.Text = ds.Tables[0].Rows[x][2].ToString();
}
}
}
catch(Exception exx) {
MessageBox.Show(exx.Message);
}
finally {
sqlCon.Close();
}
}
private void btnSave_Click(object sender, EventArgs e)
{
try
{
using (sqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString))
{
sqlCon.Open();
SqlCommand com = new SqlCommand("SELECT * FROM Employee", sqlCon);
read = com.ExecuteReader();
while (read.Read())
{
if (read.HasRows)
{
SqlCommand update = new SqlCommand("UPDATE Employee SET EmpID = '" + txtID.Text + "' , EmpName = '" + txtEmpName.Text + "', sqlCon);
update.ExecuteNonQuery();
MessageBox.Show("Employee details updated!", "Employee", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
SqlCommand comm = new SqlCommand("INSERT INTO Employee(EmpID, EmpName) VALUES ('" + txtID.Text + "','" + txtEmpName.Text + "')", sqlCon);
comm.ExecuteNonQuery();
MessageBox.Show("Employee details saved!", "Employee", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
}
}
catch(Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
read.Close();
sqlCon.Close();
}
}
EDIT:
Table:- Deepz (ID int PK, Goodname varchar(50) )
DECLARE #ID int
DECLARE #Goodname varchar(50)
MERGE Deepz t
USING (SELECT #ID[ID], #Goodname[Goodname]) s
ON (t.ID = s.ID)
WHEN MATCHED THEN
UPDATE
SET t.Goodname = #Goodname
WHEN NOT MATCHED THEN
INSERT (ID, Goodname)
VALUES (#ID, #Goodname);
Errors:
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near 't'.
Msg 137, Level 15, State 2, Line 2
Must declare the scalar variable "#ID".
You should change your save functionality to:
If you're on SQL Server 2008 or later, use SQL Merge statement to insert or update depending on whether record exists or not
DECLARE #nameField VarChar(50) = 'some data'
MERGE dbo.MyTable t
USING (SELECT #nameField [field]) s
ON t.myData = s.field
WHEN MATCHED THEN
UPDATE
SET t.myData = #nameField
WHEN NOT MATCHED THEN
INSERT (myData)
VALUES (#nameField);
If you are on SQL Server 2005 or earlier, you will need to use something like below, but you may have a race condition (but imho will still be better than your original design, which has the potential for a race condition as well) so depending on your environment you may need to play around with locks, etc
IF EXISTS (SELECT * FROM Deepz WHERE [ID] = #ID)
BEGIN
UPDATE Deepz
SET Goodname = #Goodname
WHERE [ID] = #ID
END
ELSE
BEGIN
INSERT Deepz (ID, Goodname)
VALUES (#ID, #Goodname);
END
Use sql params instead of building the statement by concatenation, will save you from SQL injection attacks
UPDATE Employee SET EmpID = #id, EmpName = #name
then
SqlCommand comm = new SqlCommand(...);
// note below is a bit simplified, in reality you should do int.TryParse
comm.Parameters.Add(#id, SqlDbType.Int).Value = int.Parse(txtID.Text);
This is a bit of a shot in the dark but, try this:
private void btnSave_Click(object sender, EventArgs e)
{
try
{
using (sqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString))
{
sqlCon.Open();
SqlCommand com = new SqlCommand("SELECT * FROM Employee", sqlCon);
com.Parameters.AddWithValue(#empID, SqlDbType.Int).Value = int.Parse(txtID.Text); // Add this line
com.Parameters.AddWithValue(#empName, SqlDbType.NVarChar).Value = txtEmpName.Text; // Add this line too
SqlDataReader read = new SqlDataReader(); // You also need to 'new' up your SqlDataReader.
read = com.ExecuteReader();
while (read.Read())
{
if (read.HasRows)
{
SqlCommand update = new SqlCommand("UPDATE Employee SET EmpID = #empID, EmpName = #empName", sqlCon);
update.ExecuteNonQuery();
MessageBox.Show("Employee details updated!", "Employee", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
SqlCommand comm = new SqlCommand("INSERT INTO Employee(EmpID, EmpName) VALUES (#empID, #empName)", sqlCon);
comm.ExecuteNonQuery();
MessageBox.Show("Employee details saved!", "Employee", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
}
catch(Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
read.Close();
sqlCon.Close();
}
}
From the examples i'm looking at the "If" condition and "While" condition look like they are inverted.
http://msdn.microsoft.com/en-us/library/haa3afyz%28v=vs.80%29.aspx
You check to see if there are rows first and then iterate over them
I'm trying to find this bug for the last several days, but without any success.
I'm trying to insert one new row in a database. Everything goes well: there is no error, and no program crashes.
My INSERT statement looks like this:
INSERT INTO Polozaj(Znesek, Uporabnik, Cas, Kupec, Popust, Poln_znesek)
VALUES(1,1,1,1,1,1)
That statement is ok, because when I run the query in my database it adds the new row.
My C# code looks like this:
string connection = #"Data Source=(LocalDB)\v11.0;AttachDbFilename=" + Application.StartupPath + "\\Trgovina.mdf;Integrated Security=True";
SqlConnection cn = new SqlConnection(connection);
string payment = ((Button)sender).Text, maxID = string.Empty;
double discount = Convert.ToDouble(discauntText.Text), totalPrice = Convert.ToDouble(fullPriceText.Text), fullPrice = Convert.ToDouble(discountPriceText.Text);
switch (payment)
{
case "Dobavnica": discount = 10; break;
case "Kartica": discount = 0; break;
case "Gotovina": discount = 5; break;
}
cn.Open();
SqlCommand maxIdCmd = new SqlCommand("SELECT MAX(Id_racuna) FROM Racun", cn);
maxID = Convert.ToString(maxIdCmd.ExecuteScalar());
maxID = maxID != "" ? Convert.ToString(Convert.ToInt32(maxID) + 1) : "1";
string stmt = "INSERT INTO Racun(Znesek, Uporabnik, Cas, Kupec, Popust, Poln_znesek) " +
"VALUES(#Price, #User, #Time, #Customer, #Discount, #FullPrice)";
SqlCommand cmd = new SqlCommand(stmt, cn);
cmd.ExecuteNonQuery();
cn.Close();
As I already mentioned, it looks like the program runs this query and everything is just normal, but when I look in the table Racun, there is no new row. Furthermore, when I try to refresh this table data visual studio (2012) gives me an error that looks like: This database cannot be imported. It is either unsupported SQL Server version or an unsupported database compatibility.
And my table Racun create query looks like this:
CREATE TABLE [dbo].[Racun] (
[Id_racuna] INT IDENTITY (1, 1) NOT NULL,
[Znesek] NUMERIC (10, 3) NULL,
[Uporabnik] NCHAR (20) NULL,
[Cas] NCHAR (15) NULL,
[Kupec] NCHAR (10) NULL,
[Popust] NUMERIC (10, 3) NULL,
[Poln_znesek] NUMERIC (10, 3) NULL,
PRIMARY KEY CLUSTERED ([Id_racuna] ASC)
);
I don't know what's going wrong. Can anyone help?
There is three possible scenarios for an insert like that:
The insert succeeds.
You get an exception.
You have a trigger that replaces the insert with some other action.
I guess that you don't have a trigger, and as you don't get a record in the table, there has to be an exception.
Do you have any code that catches the exception at any other level? That would explain why you don't see it, and it would also leave the database connection unclosed, which would explain why you have problems connecting to the database afterwards.
Using a using block for the database connection would close it properly even if there is an error in the code.
You are using a parameterised query, but I can't see that you add the parameters to the command object anywhere in the code. That would be something like:
cmd.Parameters.Add("Price", SqlDbType.Decimal).Value = price;
cmd.Parameters.Add("User", SqlDbType.NChar, 20).Value = user;
cmd.Parameters.Add("Time", SqlDbType.NChar, 15).Value = time;
cmd.Parameters.Add("Customer", SqlDbType.NChar, 10).Value = customer;
cmd.Parameters.Add("Discount", SqlDbType.Decimal).Value = discount;
cmd.Parameters.Add("FullPrice", SqlDbType.Decimal).Value = fullPrice;
I would try wrapping your code in a try block, and see if you can catch a SqlExecption:
try {
SqlCommand cmd = new SqlCommand(stmt, cn);
cmd.ExecuteNonQuery();
} catch (SqlException ex) {
Console.WriteLine(ex.Message);
}
Edit: It looks like you're missing your parameters for your INSERT statement, and you should probably look at using a SqlTransaction:
SqlCommand maxIdCmd = new SqlCommand("SELECT MAX(Id_racuna) FROM Racun", cn);
maxID = Convert.ToString(maxIdCmd.ExecuteScalar());
maxID = maxID != "" ? Convert.ToString(Convert.ToInt32(maxID) + 1) : "1";
string stmt = "INSERT INTO Racun(Znesek, Uporabnik, Cas, Kupec, Popust, Poln_znesek) " +
"VALUES(#Price, #User, #Time, #Customer, #Discount, #FullPrice)";
SqlCommand cmd = new SqlCommand(stmt, cn);
// Adding parameters to the insert statement:
cmd.Parameters.AddWithValue("#Price", price);
cmd.Parameters.AddWithValue("#User", user);
cmd.Parameters.AddWithValue("#Time", time);
cmd.Parameters.AddWithValue("#Customer", customer);
cmd.Parameters.AddWithValue("#Discount", discount);
cmd.Parameters.AddWithValue("#FullPrice", fullprice);
// Start a transaction so we can roll back if there's an error:
SqlTransaction transaction = cn.BeginTransaction();
cmd.Transaction = transaction;
try {
cmd.ExecuteNonQuery();
transaction.Commit();
} catch (SqlException ex) {
transaction.Rollback();
Console.WriteLine(ex.Message);
} finally {
cn.Close();
}