An exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll but was not handled in user code

Question

This code causes an error when I try to execute it.

My requirement get latest inserted incrementation id

_connection.Open();
cmd.Connection = _connection;

cmd.CommandText = "Insert into Finalresult(Section_name, userId, examid) Select Section_name, User_id, Exam_id from result" +
                  "WHERE (User_id = '" + userid + "' Exam_id='" + examis + "' And Section_name='" + section + "')SELECT SCOPE_IDENTITY()";

Int32 newId = (Int32)cmd.ExecuteScalar();

Error occurs at line

Int32 newId = (Int32)cmd.ExecuteScalar(); 

Error is

An exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll but was not handled in user code

Answer 1

You need a few changes here, like adding error handling. To get the reason behind the exception, you need to check the Errors property of the exception:

try
{
    //Your code here
}
catch (SqlCeException e)
{
    foreach (SqlCeError error in e.Errors)
    {
        //Error handling, etc.
        MessageBox.Show(error.Message);
    }
}

Doing that, it will tell you exactly what the error is.

I think your User_id and Exam_id 'parameters' are being treated as strings in the SQL statement, as you are surrounding it with single quotes. At a guess, this will be your problem along with missing logic operators in the WHERE clause.

However don't do parameterization this way! You leave yourself open to SQL Injection attacks when you concatenate your query this way. There's lots of articles and information on MSDN on how to do this, or take a look at this from Jeff Atwood - http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/

Update

Ok, to break it down further, based on the comment by marc_s , you can't use SCOPE_IDENTITY() in SQL CE. So you're looking at doing this:

A parameterized insert:

    var sqlString = "Insert into Finalresult(Section_name, userId, examid) Select Section_name, User_id, Exam_id from result " +
                      "WHERE (User_id = @userId AND Exam_id = @examId AND Section_name = @sectionName"

    cmd.CommandText = sqlString;
    cmd.Parameters.Add("@userId", userid); 
    cmd.Parameters.Add("@examId", examId); 
    cmd.Parameters.Add("@sectionName", section); 

    cmd.ExecuteNonQuery();

And then on the same connection (but different command of course), get the inserted id:

cmd.Connection = _connection;
cmd.CommandText = "SELECT @@identity";
Int32 newId = (Int32)cmd.ExecuteScalar();

I haven't tested or compiled this, so just take it as an idea/guidance.

Answer 2

If userid ,Examids are int then don't use single quotes.

cmd.CommandText = "Insert into Finalresult(Section_name, userId, examid) Select Section_name, User_id, Exam_id from result" +
              " WHERE (User_id = " + userid + " Exam_id=" + examis + " And Section_name='" + section + "')SELECT SCOPE_IDENTITY()";

Answer 3

There are errors in your query. Try this:

cmd.CommandText = "Insert into Finalresult(Section_name, userId, examid) Select Section_name, User_id, Exam_id from result" +
                  " WHERE (User_id = '" + userid + "' AND Exam_id='" + examis + "' And Section_name='" + section + "')SELECT SCOPE_IDENTITY()";