“Input string was not in a correct format.” calling int.Parse on a SQL Statement

Question

I am getting the error:

"Input string was not in a correct format."

Note: If I change line 182 to an actual number in quotes (ie; "3" or "875"), and comment out line 171, this code works perfectly fine . However, "{7}", in line 174 is a field that is supposed to auto-increment, but wont. So I am trying to get a "number" in line 171, that will use the number of rows, + 1, to do the auto-=increment.

Any takers on this one? :-)

171   string rowCount = string.Format("SELECT COUNT(*) FROM Log WHERE Location is NULL");

173   string sql = string.Format("insert into Log values " +
174         "('{0}','{1}',{2},{3},'{4}',#{5}#,'{6}','{7}')",
175         comboBox1.Text,
176         comboBox2.Text,
177         float.Parse(textBox1.Text),
178         float.Parse(comboBox3.Text),
179         textBox3.Text,
180         textBox2.Text,
181         addRemove,
182         int.Parse(rowCount) 
183         );

Answer 1

Stop using that code immediately and use parameterized SQL instead. Otherwise you're vulnerable to SQL injection attacks , as well as potentially having data type conversion issues.

Next, think about what you've actually got in rowCount . It isn't a string representing an integer - it's some SQL. Trying to parse that with int.Parse isn't going to work, is it? You'd need to execute the query first - or use a subquery within your insert statement. To be honest, if it's meant to be an auto-incrementing field, I would just concentrate on getting that working rather than fudging round it with code which is going to be vulnerable to race conditions.

Answer 2

int.Parse(rowCount)将字符串转换为数字，例如“ 100500”至100500。但是您的字符串包含"SELECT COUNT(*) FROM Log WHERE Location is NULL" ，这不是数字。

Answer 3

string.Format is not going to execute your SQL commands. So int.Parse sees exactly "SELECT COUNT(*) FROM Log WHERE Location is NULL" , which of course is not a decimal representation of a number.

Answer 4

Virtually all databases have native support for auto-incrementing columns. You should not be trying to use an int column and increment it yourself. There are all sorts of race conditions, performance issues, etc. to make an incrementing column really robust, and the database designers have already taken care of all of that for you.

Answer 5

You are probably looking for an answer that will fix your problems with this particular posting. The answers that have been posted will help you do that.
You should examine other approaches. Use a command object and use parameters (suggested by @JonSkeet)
Do some research on how auto increment columns work. This varies by database vendor. It appears that you may be using Microsoft Access. For MS Sql Server the auto-increment column is an identity column and in Oracle, the mechanism is a bit different again, using sequences. Basically, you do not supply values for auto-increment columns, you let the database engine handle that for you. (also mentioned by a previous poster)
I would also suggest that you assign the values of your text boxes to variables and do some validation of the data before putting into your insert statements or parameters. Try to program defensively.