|
Thanx a lot my issue is solved... actually the name had a symbol (’) and i thought it to be an apostrophe now i replace it with (') in my insert query.. The prepared statement which u specified also works fine... thanx for ur guidance.. Thanx alot...
Regards,
Tash
|
|
|
|
|
It is indeed, but it's not too hard to fix. Make yourself a little helper method to add the parameters and make use of it. For example like this:
public static class Util
{
public static void AddParameters(SqlCommand cmd, params object[] args)
{
for (int i = 0; i < args.Length; i += 2)
{
cmd.Parameters.Add(GetParameter((string)args[i], args[i + 1]));
}
}
public SqlParameter GetParameter(string name, object value)
{
SqlParameter p = new SqlParameter();
p.ParameterName = name;
p.SqlDbType = GetDbType(value);
p.Direction = ParameterDirection.Input;
p.Value = value;
return p;
}
public SqlDbType GetDbType(object value)
{
if (value == null) throw new ArgumentNullException();
if (t == typeof(int)) return SqlDbType.Int;
if (t == typeof(string)) return SqlDbType.NVarChar;
if (t == typeof(DateTime)) return SqlDbType.DateTime;
if (t == typeof(Boolean)) return SqlDbType.Bit;
if (t == typeof(byte[])) return SqlDbType.Image;
if (t == typeof(SqlBinary)) return SqlDbType.Binary;
if (t == typeof(Guid)) return SqlDbType.UniqueIdentifier;
if (t == typeof(Int64)) return SqlDbType.BigInt;
throw new NotSupportedException("Missing support for type " + t.FullName + ".");
}
}
A little bit of code, but you can now easily use it many places, for example like this:
SqlCommand getInsertCommand(string col1, int col2)
{
SqlCommand cmd = new SqlCommand("INSERT [Table] VALUES (@col1, @col2);");
Util.AddParameters(cmd,
"@col1", col1,
"@col2", col2);
return cmd;
}
|
|
|
|
|
The way SeMartens is suggesting is good, but the C# stuff is a little old: "Parameters.Add(...).Value = ..." has been depreciated. You should use "Parameters.AddWithValue(paramName, paramValue)" instead.
All those who believe in psycho kinesis, raise my hand.
|
|
|
|
|
I really dont get it.....
|
|
|
|
|
OK, there are (at least) two ways to write to a database:
(I have broken these into several strings to make the lines shorter and easier to read.)
SqlCommand cmd = new SqlCommand("INSERT INTO EACS_User_1 " +
"(firstName, lastName) " +
"VALUES " +
"(" + uf_FirstName + "," + uf_LastName + ")"); which has a number of problems. One of these is that if your fields uf_FirstName and / or uf_LastName contain a quote, double quote, semicolon, or various other characters you havce a problem. The other is that this character dependancy can be used to do something called an SQL Injection Attack[^] on your database.
The other solution is called Parameterised Queries:
SqlCommand cmd = new SqlCommand("INSERT INTO EACS_User_1 " +
"(firstName, lastName) " +
"VALUES " +
"(@FN, @LN)");
cmd.Parameters.AddWithValue("@FN", uf_FirstName);
cmd.Parameters.AddWithValue("@LN", uf_LastName); where @FN and @LN can be any text you like - the '@' character is just to make them easier to see and is not required (Good idea, though).
This gets rid of the problem - uf_FirstName and uf_LastName can contain any characters, including a mix of double and single quotes.
BTW: The convention is to use all UPPER CASE for SQL syntax keywords, so you can see them more easily.
All those who believe in psycho kinesis, raise my hand.
|
|
|
|
|
Or use stored procedures.....
Bob
Ashfield Consultants Ltd
Proud to be a Code Project MVP
|
|
|
|
|
Actually i only find cmd.parameters.add i mean i dont get addwithvalue... should i include anything??? is it because i am using VS2003??? plz guide me..
Thanx in advance....
Regards,
Tash
|
|
|
|
|
<<thashif>> wrote: Actually i only find cmd.parameters.add i mean i dont get addwithvalue... should i include anything??? is it because i am using VS2003
Yes. AddWithValue was added with .NET 2.0 (VS 2005) so you don't have it! Either:
1) use .Parameters.Add("@FN").Value = uf_...
or
2) upgrade to a (slightly) more modern version! Don't forget the Express versions of VS are free...
All those who believe in psycho kinesis, raise my hand.
|
|
|
|
|
Nope that doesnt work i mean after adding cmd.Parameters.Add("@Id"). i dont get 'Value' term at all...
Thanx in advance...
Regards,
Tash
|
|
|
|
|
Sorry - been a while since I used it...
cmd.Parameters.Add("@FN", System.Data.SqlDbType.VarChar).Value = uf_LastName;
You will need to set the datatype to the type in your DB.
The AddWithValue version doesn't need the datatype...
All those who believe in psycho kinesis, raise my hand.
|
|
|
|
|
Thanx alot for ur guidance... My issue is solved.. i have posted about my issue and also how i solved it u can see it above ur reply post.. thanx a lot...
Regards,
Tash
|
|
|
|
|
Hi,
I have a combobox, in which user can select a value from list and can also type the value.
In the 'SelectedIndexChanged' event some code is written.
I dont want to call the 'SelectedIndexChanged' event code when user types some value in combobox, 'SelectedIndexChanged' event should only be called when user selects a value from the list.
I have tried to suppress the 'SelectedIndexChanged' event when user types in something, but not able find some solution.
can someone please help in this?
Thanks in advance
Mahesh
|
|
|
|
|
Does the selectedindex change when the user types data into the text area? Not behaviour I have ever experienced. However try either trapping the keypress/down event or the textchanged event and set a flag that the selected index uses to decide whether to process the event.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
hi all
i have a small problem..actually i searched in the forum but i couldnt see the same problem with mine..so here is my problem..i want to have two different color in my datagridview...for example first row will be blue and second one white and third one again blue and 4th one will be white and so on..i used if block and % in it but i couldnt find anything in the intellisense about datagridview color
|
|
|
|
|
Use the oncellpaint event (I think) and query the object to find what row/column is being painted and set the background accordingly.
Note that this fires for each cell that is on display, not the entire data source
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
did you try this:
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
dataGridView1.BackgroundColor = Color.Red;
if (i % 2 == 0)
{
dataGridView1.BackgroundColor = Color.Blue;
}
}
Qendro
|
|
|
|
|
Surely that just sets the background colour for the whole DataGridView, not for individual rows?
|
|
|
|
|
i tried this and it worked:
private void dataGridView1_CellFormatting(object sender, DataGridViewCellFormattingEventArgs e)
{
for (int i = 0; i < dataGridView1.Columns.Count; i++)
{
e.CellStyle.BackColor = Color.Red;
if (i % 2 == 0)
{
e.CellStyle.BackColor = Color.Blue;
}
}
}
Qendro
|
|
|
|
|
It might work (if you replace Columns with Rows), but it doesn't look very efficient. Also, you don't need to do this anyway since DataGridView has a built in property that does it for you (AlternatingRowsDefaultCellStyle).
|
|
|
|
|
hi guys
thanks for the reply
i tried qendro's codes but i have a small problem with it also..it works but not as i wished..it works like that : if i have one or 3 rows in datagridview then datagridview's backcolor becomes blue but when i add another row then it turns to white..
u see it is a bit different than i wished.. i want like that first row will be blue and second white and third blue again and fourth will be white again and so on..any other suggestions you have
thanks all for the replies
|
|
|
|
|
|
yeah man u are right
it works now as i wanted
thanks all u for your help
|
|
|
|
|
Hi everybody
I need to write a software that read udp packets with events.
Best Regards,
Reza Shojaee
|
|
|
|
|
This gives you some good looking results[^], sorry not to be more specific
Never underestimate the power of human stupidity
RAH
|
|
|
|
|