|
protected void btnSave_Click(object sender, EventArgs e)
{
string connString = "Data Source=ServerName;Initial Catalog=DbName;Integrated Security=True"; SqlConnection conn = new SqlConnection(connString);
conn.Open();
String sql = "INSERT INTO CustomerInfo(FirstName, LastName, Address, Order, Quantity) values ('Sai', 'Prasad', 'Hyderabad', 1, 100)";
SqlCommand cmd = new SqlCommand(sql,conn);
cmd.ExecuteNonQuery();
conn.Close();
}
|
|
|
|
|
Sure that works, but it is very very bad on several levels and showing it to a newbie will only create yet another newbie who doesn't write data access code properly and then has to come back and ask why things aren't working as expected.
0) You should put the actual DB access code in a Data Access Layer, then call the API of the DAL from the UI layer.
1) You should always use a parameterized query.
2) You should handle Exceptions.
|
|
|
|
|
the thing is that i use to make web sites in visual studio..
i m trying window application form.. thatz y facing problem
|
|
|
|
|
That shouldn't matter, a proper Data Access Layer can be called from many front-ends.
|
|
|
|
|
error occured
that
the type or namespace name sqlcommand could not be found
|
|
|
|
|
include below namespace in your projcet:
using System.Data.SqlClient;
|
|
|
|
|
|
Have a read of this using ADO.NET[^]
there are some simple tutorials in the article
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
If the data you want to save is in a grid which is data-bound to a database table or view, or you're using EF or similar. you can just ask it to persist itself. Otherwise, you're going to have to construct a SQL query to store the data that you want. SQL Server 2005 doesn't have an equivalent of 'insert ... on duplicate key update' so doing a single query can be impossible.
Make sure you use a parameterised query, and handle failures to write gracefully.
|
|
|
|
|
hi,
i am using visual studio 2008
and making project in c#.
i had created web application form
but i am not able to connect it with database.
em using sqlserver2005 as database
shubhi
|
|
|
|
|
If you are having a problem with connections, this[^] would be your best bet.
|
|
|
|
|
What do you mean by "not able to connect it with database"?? What does you code look like that does the connection and query work?? What are the error messages you're getting?? Just saying "it doesn't work" doesn't help you.
|
|
|
|
|
i am not able o make connection con
|
|
|
|
|
shubham salwan wrote:
i am not able o make connection con
You do realize that we cannot see your code, or have your project available, or read your mind. If you expect to get help for your problems, you have to show the code that you are having trouble with and share the errors you are getting. We cannot possibly help you resolve issues if you do not give us the information that is needed to help you! Do you call your mechanic and tell him that your car is "broke" and expect that they should know eactly what you mean the problem is?
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
private void button1_Click(object sender, EventArgs e)
{
string connString = "Data Source=shubhi-PC;Initial Catalog=employee;uid=sa;pass=abc;Integrated Security=True"; SqlConnection conn = new SqlConnection(connString);
conn.Open();
String sql = "INSERT INTO emp_detail(empid,empname,empadd,empsal) values ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "')";
cmd.ExecuteNonQuery();
conn.Close();
textBox1.Text="";
i want to save data to sqlserver2005 ... bt itz not working
|
|
|
|
|
shubham salwan wrote: bt itz not working
Of course it's not working. Your connection string has a user name a password and you are telling it to use integrated security. Not to mention that you did not bother even defining a command object. You do realize that this won't even compile don't you?
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
Shhhhhhhh.... Don't tell him his code is subject to SQL Injection attacks either
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
|
|
|
|
|
I figure he has enough trouble without throwing gasoline on the bonfire.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
Don't make your SQL statements that way -- use a parameterized query.
|
|
|
|
|
When you use "Integrated Security=True " in your connection string, the user and password given there are ignored - the current Windows user is used for login to the database instead.
|
|
|
|
|
i have to give my connection string to the other so they can connect to my database.
i understand that this is not secure. so i'm working on a new application that encrypt my connection string, give it to the other, and decrypt it before connecting to my database.
of course i didn't show the result of decryption.
i need a suggestion, what encryption is best for this problem?
thank you,
Ahri
|
|
|
|
|
Midnight Ahri wrote: i need a suggestion, what encryption is best for this problem?
The problem with encryption is that you have to provide a mechanic for your app to decrypt it. That means that there's a key to the vault, hanging next to the vault.
If the database is running on their system, and is filled with their data, who would be the legal owner of the database?
Your best option for security would be to provide only access to some webservices, and not have the client interact with the database directly.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
thank you for the reply,
let me explain my application in easier example,
i'm working on address book application, i save telephone, name, address in my own database,
i give this application to my friend, and he can save the data in his own database,
my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.
Eddy Vluggen wrote: and not have the client interact with the database directly.
usually i was given a corporate project (all client connects to server)
but this time, i don't even understand why i'm given a project like this.
and the worst one, user should be able to read the encryption.
i've try googling, i found some encryption thats impossible to read.
|
|
|
|
|
Midnight Ahri wrote: i give this application to my friend, and he can save the data in his own database,
my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.
Aah, I misunderstood; you want to prevent users (like you) from reading other users' database (like your friends), correct?
The database usually has a password, passed in the connectionstring. If the user could set his own password, you'd be out of trouble. Ask for the password on startup, and offer an option to "keep logged in", just like a webpage - that should do the trick.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
thank you very much !
|
|
|
|