|
|
I still have a problem....this is what I did to remove the CustomerNum
string sqlString = "INSERT INTO Cafe ( FirstName, LastName, Address, City, Province, PostalCode, PhoneNumber, UserName, Password, TimePurchased ) VALUES ("
+ FirstNameTxt.Text
+ ",'" + LastNameTxt.Text
+ "','" + AddressTxt.Text
+ "','" + CityTxt.Text
+ "','" + ProvinceTxt.Text
+ "','" + PostalCodeTxt.Text.ToUpper()
+ "','" + PhoneNumTxt.Text
+ "','" + UserNameTxt.Text
+ "','" + PasswordTxt.Text
+ "'," + TimePurchaseTxt.Text
+ ")";
Error -- Syntax error in INSERT INTO statment
Thanks for your help!!
|
|
|
|
|
what does the sqlString look like if you dump it to the console?
Since you do not quote you parameters it is possible that they contain quotes or commas...
/cadi
24 hours is not enough
|
|
|
|
|
I'm not sure what you mean "dump it to the console" and none of the text input has anything other then letters and numbers.
I'm new to this...Thanks
|
|
|
|
|
Somthing like System.Console.Out.WriteLine(sqlString); .
Have yout tried to paste the result in any DB-Mamangent tool (if you use SQL Server try the Query Analyzer)?
You'll probably get a more detailed error description....
/cadi
24 hours is not enough
|
|
|
|
|
-> "... VALUES ('" not "... VALUES ("
some on "')" instead of ")"
good luck.
(PS: Debug the code, quickwatch the sqlString variable when fully loaded, copy the statement and execute it manually, then you'll know what went wrong or catch the execution and dump the error message.)
No hurries, no worries.
|
|
|
|
|
You don't put a apostrophes around the the first value like you have on the other values. By the way, this is extremely bad practice and leaves your code open to attack. You should read the article that I gave you a link to in order to find out how to prevent attacks on your code. To summaries the immediate situation, you should use a parameterised query rather than injecting the values directly into the SQL statement.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
I read the article, Thank you...after I get it working I will try to make it safer
|
|
|
|
|
The other point to that article is to make your code easier to debug and FAR less suseptible to your input ACCIDENTLY breaking your code. If the user happens to type an ' or " in those textboxes somewhere, it'll break your code when you try and insert that into the database. Parameterized queries remove that possiblity because the Parameter objects automatically escape these characters so they won't break your SQL code.
SQL attacks, or failure exploits, are not all deliberate, most happen by pure accident. Learn to avoid situations where your code can break by accident now, before bad habits become your normal practice.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I used the System.Console.Out.WriteLine(sqlString); so I could read what valuse are in the statment durning debug...I can't seem to see anything wrong. Just inexperienced and need practice.
|
|
|
|
|
|
Here is the INSERT statment I started with, this is from a previous project and it works fine.
string sqlString = "INSERT INTO Members (MemberNum, FirstName, LastName, Address, City, Province, PostalCode, Status, Balance ) VALUES ("
+ newNum.ToString()
+ ",'" + FirstName.Text
+ "','" + LastName.Text
+ "','" + Address.Text
+ "','" + City.Text
+ "','" + comboBox1.Text
+ "','" + PostalCode.Text.ToUpper()
+ "','" + GetMemberStatus()
+ "'," + BalanceOwing.Text
+ ")";
and the db information
MemberNum (autonumber)
LastName (text)
FirstName (text)
Address (text)
City (text)
Province (text)
PostalCode (text)
Status (text)
Balance (number)
Sorry to be so much trouble and thanks for your time
|
|
|
|
|
Here is my current statment
string sqlString = "INSERT INTO Cafe (CustomerNumber, FirstName, LastName, Address, City, Province, PostalCode, PhoneNumber, UserName, Password, TimePurchased ) VALUES ("
+ newNum.ToString()
+ ",'" + FirstNameTxt.Text
+ "','" + LastNameTxt.Text
+ "','" + AddressTxt.Text
+ "','" + CityTxt.Text
+ "','" + ProvinceTxt.Text
+ "','" + PostalCodeTxt.Text.ToUpper()
+ "','" + PhoneNumTxt.Text
+ "','" + UserNameTxt.Text
+ "','" + PasswordTxt.Text
+ "'," + TimePurchaseTxt.Text
+ ")";
and my current db
CustomerNumber (autonumber)
FirstName (Text) //Bill
LastName (Text) //Ray
Address (Text) //anystreet
City (Text) //Hometown
Province (Text) //Ont
PostalCode (Text) //N5BY4G
PhoneNumber (Number) //123456
UserName (Text) //Rbill
Password (Text) //whatever
TimePurchased (Number) //1
I how\pe this helps
|
|
|
|
|
Here is the sql statment from System.Console.Out.WriteLine(sqlString);
sql string = "INSERT INTO Cafe (CustomerNumber, FirstName, LastName, Address, City, Province, PostalCode, PhoneNumber, UserName, Password, TimePurchased) VALUES (2,'Bill','Ray','anystreet','Hometomwn','ont',N6BYK6','6727894','Rbill','123456',0)"
|
|
|
|
|
The value N6BYK6 is missing the first single quote. Risk of SQL injection attacks aside, it may make things a bit more readable to write a small function to quote text values. That way, instead of relying on the visually confusing "','", you could just say SingleQuote(firstName). Make sense?
V
|
|
|
|
|
Is it possible the items in ListView control to be set as multiline, so the text to be displayed in two lines for one item?
thanks.
|
|
|
|
|
If \r\n doesnt work, then you'll have to inherit the control and handle the paint events.
|
|
|
|
|
The managed ListView control doesn't support multiline rendering. You'll have to subclass it and render the ListView yourself.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I have 2 forms, form1 and form2. form1 has a function called components. I need now, for form2 to execute this function on form1 as per normal. I have no clue on form linking, please help me! Thanks!
|
|
|
|
|
You need to pass somehow form1 to form2.
Create a property of type From1 in Form2. Then, after creating as Form2 assign Form1 to form2.Form1. (I hope this sentence is understandable )
public class Form2 : System.Windows.Forms
{
private From1 m_Form1 = null;
public Form1 Form1
{
get {return this.m_Form1;}
set {this.m_Form1 = value;}
}
public void SomeFunctionUsingComponentsOnForm1()
{
if (this.m_Form1 == null)
throw new ArgumentException("Form1 is not assigned.");
this.m_Form1.components();
}
}
public class Form1 : System.Windows.Forms
{
public void ShowForm2()
{
Form2 form2 = new Form2();
form2.Form1 = this;
form2.Show();
}
}
/cadi
24 hours is not enough
|
|
|
|
|
Thanks Cadi for the swift reply! Yes I understand what you were saying on the top but your program doesn't really go with my understanding, especially the bottom part, because it looks like its reopening form2? But both forms are open already and I need for form2 to get form1 to run its function called components. Maybe you could explain your program abit more? Thanks!
|
|
|
|
|
Ok... so form1 is not the owner of form2 (ok, if it would be like this the Owner property would have been ok...)
Hmm... this leeds me to a second aproach.
If both forms have the same owner then you could search for form1 using something like this: this.FindForm().OwnedForms
If there is always only ONE instance of form1 you could try somthing like this:
public class Form1 : System.Windows.Form
{
private static Form1 m_GlobalInstance;
public Form1()
{
m_GlobalInstance = this;
}
protected override void OnClosed(EventArgs e)
{
m_GlobalInstance = null;
base.OnClosed (e);
}
public static Form1 GlobalInstance
{
return m_GlobalInstance;
}
}
public class Form2 : System.Windows.Form
{
public void SomeFunctionUsingComponentsOnForm1()
{
if (Form1.GlobalInstance == null)
throw new ArgumentException("Form1 is not yet created.");
Form1.GlobalInstance.components();
}
}
/cadi
24 hours is not enough
|
|
|
|
|
There is no special mechanism for Form linking. All you have to do is somehow pass a reference to form1. If you are creating form2 from within form1, you can do something like
class Form2 : Form
{
Form1 form1;
public Form2(Form1 form1)
{
this.form1 = form1;
}
}
and then call form1.SomeMethod . Otherwise, you can expose a property in Form2 and set it to form1.
Regards
Senthil
_____________________________
My Blog | My Articles | WinMacro
|
|
|
|
|
Hey thanks man for replying so fast, but I'm not quite sure if we're on the same page haha... Okay you see, both forms are open and no, form1 doesn't create form2, just opens it with simply a
form2 form = new form2();
form.Show();
I need to use this function called "components". On form1 I would just simply call this function with simply
components();
but because I need now for form2 to execute this function ON FORM1 as per normal, it won't let me cause components doesn't exist on form2.
Okay yes I'm very blur so here's sort of a 'template' to help me understand better.
private void pictureBox1_Click(object sender, System.EventArgs e)
{
//please enter code here if its meant to be here thanks!
}
|
|
|
|
|
Obviously, this function belongs in a third class, where both forms can access it. Or, if it's intrinsic to a form, it should be in a base class that derives from Form and which both Forms inherit from.
Christian Graus - Microsoft MVP - C++
|
|
|
|
|