stackoom
  简体   繁体   中英

C#: How to Insert data into database?

 原文  2014-02-18 15:16:44       c#/ sql-server-2012

Question

I want to add(delete) selected items in listbox from Form1 into sql server.I have three Forms.Wenn I click add button in Form1, Form2 opens and a textbox and save button appear to add the data.It calls from textbox in Form1.The code doesn't give error but nothing happens in database. I can't see the problem.The code is below.

FORM1: 

SqlConnection baglan = new SqlConnection(@"Server=10.34.16.219; Database=envanter; User ID=envanter; Password=Er112233;");
SqlCommand cmd = new SqlCommand();

public void button1_Click(object sender, EventArgs e)  //from db
{
    try
    {
        baglan.Open();
        cmd.Connection = baglan;
        cmd.CommandType = CommandType.Text;
        cmd.CommandText = @"SELECT @textBox1 FROM Ana";
        cmd.Parameters.AddWithValue("@textBox1", textBox1.Text);
        cmd.ExecuteNonQuery();
        baglan.Close();
    }
    catch (SqlException exc)
    {
        MessageBox.Show(exc.Message.ToString(), "Error Message");
    }

    Form2 f2 = new Form2();
    f2.Show();
    this.Visible = false;                                                                  
}

FORM2: 

SqlConnection baglan = new SqlConnection(@"Server=10.34.16.219;                   Database=envanter; User ID=envanter; Password=Er112233;");
SqlCommand cmd = new SqlCommand();

private void button1_Click(object sender, EventArgs e) //add
{
   try
   {
       baglan.Open();
       cmd.Connection = baglan;
       cmd.CommandType = CommandType.Text;
       cmd.CommandText = @"INSERT INTO Ana(f1.textBox1.Text) VALUES(@p1)";
       cmd.Parameters.AddWithValue("@p1", textBox1.Text);
       MessageBox.Show("Inserted");
       baglan.Close();    
   }
   catch (Exception)
   {
       baglan.Close();
       MessageBox.Show("Kayıt yapılmış!");
   }
   finally
   {
       Form2_Load(sender, e);
   }       

   Form1 f1 = new Form1();
   f1.Show();
   this.Hide();
}

2 answers

solution1
 2 ACCPTED  2014-02-18 15:17:57

You can't parameterize your columns. You can parameterize only your values.

That's why you can't write; 

cmd.CommandText = @"SELECT @textBox1 FROM Ana";
cmd.Parameters.AddWithValue("@textBox1", textBox1.Text);

Actually you can, this is a valid syntax for C#, but it is not a valid SQL. If you really parameterize your columns, take a look dynamic SQL.

And you didn't execute your SqlCommand in your Form2 .

solution2
 0  2014-02-18 15:18:04

There is no call to ExecuteNonQuery in Form2. However, as @SonerGönül also stated in his answer , running the command will lead to other errors as you cannot directly include the textbox in the string. You'd have to change the query to: 

cmd.CommandText = @"INSERT INTO Ana(" + f1.textBox1.Text + ") VALUES(@p1)";

Please note that you have to be absolutely sure that the TextBox does not contain dangerous SQL contents as this might lead to SQL injection attacks. You should rethink whether you need to identify the column dynamically.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to insert data to a database in C# How to insert Data into a Database c#? data in not insert in database in c# c# how to insert into database How to insert data in oracle database using stored procedure in c#? How to insert data into local database using C# How to insert DataGridView data in to table of access database using c#? How can insert data to database from arraylist in C# C# Error when Insert Data To Database Insert all data of a datagridview to database C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM