Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Error With Dynamically Created SQL Insert statement
- cmd.CommandText = "INSERT INTO LogIn(Username,Password) VALUES('" + AddUsernameTextBox.Text + "','" + AddPasswordTextBox.Text + "')";
- cmd.CommandText = "INSERT INTO LogIn([Username],[Password]) VALUES('" + AddUsernameTextBox.Text + "','" + AddPasswordTextBox.Text + "')";
- command.CommandText = "INSERT INTO Login([Username],[Password]) VALUES(@Username, @Password)";
- //Not sure how you create your commands in your project
- //here I'm using the ProviderFactory to create instances of provider specific DbCommands.
- var parameter = dbProviderFactory.CreateParameter();
- parameter.DbType = System.Data.DbType.String;
- parameter.ParameterName = "@Username";
- parameter.Value = AddUsernameTextBox.Text;
- command.Parameters.Add(parameter);
- parameter = dbProviderFactory.CreateParameter();
- parameter.DbType = System.Data.DbType.String;
- parameter.ParameterName = "@Password";
- parameter.Value = AddPasswordTextBox.Text;
- command.Parameters.Add(parameter);
- ConnectionStringSettings connectionStringSettings = ConfigurationManager.ConnectionStrings["SomeConnectionName"];
- if (connectionStringSettings == null)
- throw new Exception("Application config file does not contain a connectionStrings section with a connection called "SomeConnectionName"");
- DbProviderFactory dbProviderFactory = DbProviderFactories.GetFactory(connectionStringSettings.ProviderName);
- using (var dbConnection = dbProviderFactory.CreateConnection())
- {
- dbConnection.ConnectionString = connectionStringSettings.ConnectionString;
- dbConnection.Open();
- using (var command = dbConnection.CreateCommand())
- {
- command.CommandText = "INSERT INTO Login([Username],[Password]) VALUES(@Username, @Password)";
- var parameter = dbProviderFactory.CreateParameter();
- parameter.DbType = System.Data.DbType.String;
- parameter.ParameterName = "@Username";
- parameter.Value = AddUsernameTextBox.Text;
- command.Parameters.Add(parameter);
- parameter = dbProviderFactory.CreateParameter();
- parameter.DbType = System.Data.DbType.String;
- parameter.ParameterName = "@Password";
- parameter.Value = AddPasswordTextBox.Text;
- command.Parameters.Add(parameter);
- var dbTransaction = dbConnection.BeginTransaction();
- try
- {
- command.ExecuteNonQuery();
- dbTransaction.Commit();
- }
- catch (Exception)
- {
- dbTransaction.Rollback();
- throw;
- }
- }
- }
- <?xml version="1.0" encoding="utf-8" ?>
- <configuration>
- <connectionStrings>
- <add name="SomeConnectionName" providerName="System.Data.OleDb" connectionString="Your Provider Specific Connection String" />
- </connectionStrings>
- </configuration>
- using (var con = new OleDbConnection(_constring))
- {
- con.Open();
- using (
- var cmd =
- new OleDbCommand(
- "UPDATE LogIn SET Username=@Username, Password=@Password WHERE (ID = @Id)",
- con))
- {
- try
- {
- cmd.Parameters.AddWithValue("@Username",EditUsernameTextBox.Text);
- cmd.Parameters.AddWithValue("@Password",EditPasswordTextBox.Text);
- cmd.Parameters.AddWithValue("@Id",IDTextBox.Text);
- cmd.ExecuteNonQuery();
- }
- catch (Exception ex)
- {
- throw;
- }
- finally
- {
- con.Close();
- }
- }
- ' ; DROP TABLE login
- "UPDATE
- LogIn
- SET
- Username = '" + EditUsernameTextBox.Text + "'
- ,Password = '" + EditPasswordTextBox.Text + "'
- WHERE
- (ID = '" + IDTextBox.Text + "')";
- WHERE (ID ='" + IDTextBox.Text + "')";
Add Comment
Please, Sign In to add comment