|
-> "... VALUES ('" not "... VALUES ("
some on "')" instead of ")"
good luck.
(PS: Debug the code, quickwatch the sqlString variable when fully loaded, copy the statement and execute it manually, then you'll know what went wrong or catch the execution and dump the error message.)
No hurries, no worries.
|
|
|
|
|
You don't put a apostrophes around the the first value like you have on the other values. By the way, this is extremely bad practice and leaves your code open to attack. You should read the article that I gave you a link to in order to find out how to prevent attacks on your code. To summaries the immediate situation, you should use a parameterised query rather than injecting the values directly into the SQL statement.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
I read the article, Thank you...after I get it working I will try to make it safer
|
|
|
|
|
The other point to that article is to make your code easier to debug and FAR less suseptible to your input ACCIDENTLY breaking your code. If the user happens to type an ' or " in those textboxes somewhere, it'll break your code when you try and insert that into the database. Parameterized queries remove that possiblity because the Parameter objects automatically escape these characters so they won't break your SQL code.
SQL attacks, or failure exploits, are not all deliberate, most happen by pure accident. Learn to avoid situations where your code can break by accident now, before bad habits become your normal practice.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I used the System.Console.Out.WriteLine(sqlString); so I could read what valuse are in the statment durning debug...I can't seem to see anything wrong. Just inexperienced and need practice.
|
|
|
|
|
|
Here is the INSERT statment I started with, this is from a previous project and it works fine.
string sqlString = "INSERT INTO Members (MemberNum, FirstName, LastName, Address, City, Province, PostalCode, Status, Balance ) VALUES ("
+ newNum.ToString()
+ ",'" + FirstName.Text
+ "','" + LastName.Text
+ "','" + Address.Text
+ "','" + City.Text
+ "','" + comboBox1.Text
+ "','" + PostalCode.Text.ToUpper()
+ "','" + GetMemberStatus()
+ "'," + BalanceOwing.Text
+ ")";
and the db information
MemberNum (autonumber)
LastName (text)
FirstName (text)
Address (text)
City (text)
Province (text)
PostalCode (text)
Status (text)
Balance (number)
Sorry to be so much trouble and thanks for your time
|
|
|
|
|
Here is my current statment
string sqlString = "INSERT INTO Cafe (CustomerNumber, FirstName, LastName, Address, City, Province, PostalCode, PhoneNumber, UserName, Password, TimePurchased ) VALUES ("
+ newNum.ToString()
+ ",'" + FirstNameTxt.Text
+ "','" + LastNameTxt.Text
+ "','" + AddressTxt.Text
+ "','" + CityTxt.Text
+ "','" + ProvinceTxt.Text
+ "','" + PostalCodeTxt.Text.ToUpper()
+ "','" + PhoneNumTxt.Text
+ "','" + UserNameTxt.Text
+ "','" + PasswordTxt.Text
+ "'," + TimePurchaseTxt.Text
+ ")";
and my current db
CustomerNumber (autonumber)
FirstName (Text) //Bill
LastName (Text) //Ray
Address (Text) //anystreet
City (Text) //Hometown
Province (Text) //Ont
PostalCode (Text) //N5BY4G
PhoneNumber (Number) //123456
UserName (Text) //Rbill
Password (Text) //whatever
TimePurchased (Number) //1
I how\pe this helps
|
|
|
|
|
Here is the sql statment from System.Console.Out.WriteLine(sqlString);
sql string = "INSERT INTO Cafe (CustomerNumber, FirstName, LastName, Address, City, Province, PostalCode, PhoneNumber, UserName, Password, TimePurchased) VALUES (2,'Bill','Ray','anystreet','Hometomwn','ont',N6BYK6','6727894','Rbill','123456',0)"
|
|
|
|
|
The value N6BYK6 is missing the first single quote. Risk of SQL injection attacks aside, it may make things a bit more readable to write a small function to quote text values. That way, instead of relying on the visually confusing "','", you could just say SingleQuote(firstName). Make sense?
V
|
|
|
|
|
Is it possible the items in ListView control to be set as multiline, so the text to be displayed in two lines for one item?
thanks.
|
|
|
|
|
If \r\n doesnt work, then you'll have to inherit the control and handle the paint events.
|
|
|
|
|
The managed ListView control doesn't support multiline rendering. You'll have to subclass it and render the ListView yourself.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I have 2 forms, form1 and form2. form1 has a function called components. I need now, for form2 to execute this function on form1 as per normal. I have no clue on form linking, please help me! Thanks!
|
|
|
|
|
You need to pass somehow form1 to form2.
Create a property of type From1 in Form2. Then, after creating as Form2 assign Form1 to form2.Form1. (I hope this sentence is understandable )
public class Form2 : System.Windows.Forms
{
private From1 m_Form1 = null;
public Form1 Form1
{
get {return this.m_Form1;}
set {this.m_Form1 = value;}
}
public void SomeFunctionUsingComponentsOnForm1()
{
if (this.m_Form1 == null)
throw new ArgumentException("Form1 is not assigned.");
this.m_Form1.components();
}
}
public class Form1 : System.Windows.Forms
{
public void ShowForm2()
{
Form2 form2 = new Form2();
form2.Form1 = this;
form2.Show();
}
}
/cadi
24 hours is not enough
|
|
|
|
|
Thanks Cadi for the swift reply! Yes I understand what you were saying on the top but your program doesn't really go with my understanding, especially the bottom part, because it looks like its reopening form2? But both forms are open already and I need for form2 to get form1 to run its function called components. Maybe you could explain your program abit more? Thanks!
|
|
|
|
|
Ok... so form1 is not the owner of form2 (ok, if it would be like this the Owner property would have been ok...)
Hmm... this leeds me to a second aproach.
If both forms have the same owner then you could search for form1 using something like this: this.FindForm().OwnedForms
If there is always only ONE instance of form1 you could try somthing like this:
public class Form1 : System.Windows.Form
{
private static Form1 m_GlobalInstance;
public Form1()
{
m_GlobalInstance = this;
}
protected override void OnClosed(EventArgs e)
{
m_GlobalInstance = null;
base.OnClosed (e);
}
public static Form1 GlobalInstance
{
return m_GlobalInstance;
}
}
public class Form2 : System.Windows.Form
{
public void SomeFunctionUsingComponentsOnForm1()
{
if (Form1.GlobalInstance == null)
throw new ArgumentException("Form1 is not yet created.");
Form1.GlobalInstance.components();
}
}
/cadi
24 hours is not enough
|
|
|
|
|
There is no special mechanism for Form linking. All you have to do is somehow pass a reference to form1. If you are creating form2 from within form1, you can do something like
class Form2 : Form
{
Form1 form1;
public Form2(Form1 form1)
{
this.form1 = form1;
}
}
and then call form1.SomeMethod . Otherwise, you can expose a property in Form2 and set it to form1.
Regards
Senthil
_____________________________
My Blog | My Articles | WinMacro
|
|
|
|
|
Hey thanks man for replying so fast, but I'm not quite sure if we're on the same page haha... Okay you see, both forms are open and no, form1 doesn't create form2, just opens it with simply a
form2 form = new form2();
form.Show();
I need to use this function called "components". On form1 I would just simply call this function with simply
components();
but because I need now for form2 to execute this function ON FORM1 as per normal, it won't let me cause components doesn't exist on form2.
Okay yes I'm very blur so here's sort of a 'template' to help me understand better.
private void pictureBox1_Click(object sender, System.EventArgs e)
{
//please enter code here if its meant to be here thanks!
}
|
|
|
|
|
Obviously, this function belongs in a third class, where both forms can access it. Or, if it's intrinsic to a form, it should be in a base class that derives from Form and which both Forms inherit from.
Christian Graus - Microsoft MVP - C++
|
|
|
|
|
You need to get a reference to Form1.
+ if Form2 has an instance of Form1, for example f1, then call f1.components()
+ else you iterate through all open form, and find a form whose name is Form1'name, and then cast this form to Form1 and call the method. example
Form f1 = "Open form whose name is Form1's name";
((Form1)f1).components();
|
|
|
|
|
Uhhh...no, you need to do it the right way and seperate the function into a library. There is no reason for one form to know anything about another one, unless it's a child form.
If the function is in a library, then each form can pass itself as a reference to a library method MUCH easier than trying to get one form to get a reference to another. It just makes for much cleaner code.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Do you think he was trying to correct my answer, or that he was trying to give an answer to the guy who asked in the first place ? I get a lot of answers appended to mine, all of a sudden...
Christian Graus - Microsoft MVP - C++
|
|
|
|
|
I think he was trying to answer the OP.
Damn! How hard is it to click Reply on that post and not someone else's answer!
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
I suspect a lot of people read all replies, then hit reply on the last on they were reading, not being used to threading in a forum perhaps ?
I'm thinking about a series of articles on good design, seeing as a lot of these questions get answers that ignore design as an issue ( and I've really enjoyed helping a few people with complex design questions of late ). Have you seen any articles like this on CP ? I'll do my own search, obviously.
Christian Graus - Microsoft MVP - C++
|
|
|
|
|