I'm stuck at a loose end with inserting a new data entry into a SQL Server database. I have all the info I want to store in the following class:
public class NewSearchQuery //object reference q
{
public string Name, Location, SearchType, Path, Method;
public int RefNum;
public double Fee;
public bool Paid;
}
and after the user has filled in the form etc.. this is my code to save the info to the database:
bool complete;
string sql = $"Insert into PrivateLog (Id,Applicant,ApplicationDate,Location,Search,Paid,Method,Amount,Files) values({q.RefNum}, '{q.Name}', {AppDate}, '{q.Location}', '{q.SearchType}', {q.Paid}, '{q.Method}', {q.Fee}, '{q.Path}')";
cnn.Open();
try
{
SqlDataAdapter adapter = new SqlDataAdapter();
SqlCommand command = new SqlCommand(sql, cnn); //The Connection String cnn is in a public string variable above this method.
adapter.InsertCommand = new SqlCommand(sql, cnn);
command.Dispose();
complete = true;
}
catch (System.Exception e)
{
complete = false;
}
cnn.Close();
return complete;
Here is what my table designer looks like:
Can anyone show me why the new data entry might not be going through?
You don't need an SqlDataAdapter in that case, you can simply execute your command:
try
{
SqlCommand command = new SqlCommand(sql, cnn);
command.ExecuteNonQuery();
complete = true;
}
Although I recommend using command.Parameters to add your parameters values, protecting a possible SQL injection:
bool complete;
string sql = "Insert into PrivateLog (Id, Applicant, ApplicationDate, Location, Search, Paid, Method, Amount, Files) values(@RefNum, @Name, @AppDate, @Location, @SearchType, @Paid, @Method, @Fee, @Path)";
cnn.Open();
try
{
SqlCommand command = new SqlCommand(sql, cnn);
command.Parameters.Add("@RefNum", SqlDbType.Int).Value = q.RefNum;
command.Parameters.Add("@Name", SqlDbType.VarChar).Value = q.Name;
command.Parameters.Add("@AppDate", SqlDbType.DateTime).Value = AppDate;
command.Parameters.Add("@Location", SqlDbType.VarChar).Value = q.Location;
command.Parameters.Add("@SearchType", SqlDbType.VarChar).Value = q.SearchType;
command.Parameters.Add("@Paid", SqlDbType.Bit).Value = q.Paid;
command.Parameters.Add("@Method", SqlDbType.VarChar).Value = q.Method;
command.Parameters.Add("@Fee", SqlDbType.Decimal).Value = q.Fee;
command.Parameters.Add("@Path", SqlDbType.VarChar).Value = q.Path;
command.ExecuteNonQuery();
command.Dispose();
complete = true;
}
catch (System.Exception e)
{
complete = false;
}
cnn.Close();
return complete;
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.