|
Ok.
Use SqlParameter, it is much more efficient than adding all the values to a string. It should solve your problem.
|
|
|
|
|
Then demonstrate how to do it the right way. Use the SqlParameter class. It'll take care of escaping the things that need to be, defend against a good number of SQL injection attacks and also makes it easier to find out where your problem is.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Tuğbay wrote:
I have some validations...It is not the problem for me..
You should use parameterised queries as a matter of course. Injecting values into a SQL String like this is not acceptable in today's security aware world.
See this article[^] which explains the security issues with the way you are doing this and gives an example of moving from this injection based way to using parameterised queries.
As a general bit of advice. If you are getting a syntax error and you need help on a forum you need to post the exact code that caused the syntax error and the syntax error itself. In this case you need to post the result of the string concatenations as it is quite difficult to tell from just the C# code alone.
My: Blog | Photos | Next SQL Presentation
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
Ok , this time I think it is a logic error r smth... her eis the full code:
private void Tamam_Click(object sender, System.EventArgs e)
{
SqlCommand myCommand = null;
myCommand = new SqlCommand("INSERT INTO CES VALUES(@i_cesit,@i_uzunluk,@i_capı,@i_uzunlugu,@i_kavisi,@arayuz,@kod,@stok,@g_fiyat,@s_fiyat)",Form1.myConnection);
try
{
myCommand.Parameters.Add("@i_cesit",SqlDbType.VarChar);
myCommand.Parameters["@i_cesit"].Value = ıplık_cesıtı.Text;
myCommand.Parameters.Add("@i_uzunluk",SqlDbType.Int);
myCommand.Parameters["@i_uzunluk"].Value = ıplık_capı.Text;
myCommand.Parameters.Add("@i_capı",SqlDbType.VarChar);
myCommand.Parameters["@i_capı"].Value = ıplık_capı.Text;
myCommand.Parameters.Add("@i_uzunlugu",SqlDbType.Int);
myCommand.Parameters["@i_uzunlugu"].Value = (ıgne_uzunlugu.Text);
myCommand.Parameters.Add("@i_kavisi",SqlDbType.VarChar);
myCommand.Parameters["@i_kavisi"].Value = ıgne_kavısı.Text;
myCommand.Parameters.Add("@arayuz",SqlDbType.VarChar);
myCommand.Parameters["@arayuz"].Value = ara_yuzu.Text;
myCommand.Parameters.Add("@kod",SqlDbType.VarChar);
myCommand.Parameters["@kod"].Value = urun_kodu.Text;
myCommand.Parameters.Add("@stok",SqlDbType.Int);
myCommand.Parameters["@stok"].Value = (stok_mıktarı.Text).ToString();
myCommand.Parameters.Add("@g_fiyat",SqlDbType.Float);
myCommand.Parameters["@g_fiyat"].Value = (bırım_fıyatı.Text);
myCommand.Parameters.Add("@s_fiyat",SqlDbType.Float);
myCommand.Parameters["@s_fiyat"].Value =(bırım_fıyatı.Text); myCommand.ExecuteNonQuery();
}
catch (Exception a)
{
MessageBox.Show(a.ToString());
}
}
It keeps giving an error like :
"System.FormatException: Input string was not in a correct format.
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at CES.urun.Tamam_Click(Object sender, EventArgs e) in c:\documents and settings\şirin baba.aikanaro.002\desktop\ces\urun.cs:line 587"
o.k , what can be the problem , according to the articles found in net , there is nor mistake.. Has any one any idea?
Thanks a lot..
|
|
|
|
|
While I've never come across that error inside ExecuteNonQuery, I'm going to guess that the reason is because you have declared a parameter as one type and then passed a value of a different type. For example:
myCommand.Parameters.Add("@s_fiyat",SqlDbType.Float);
myCommand.Parameters["@s_fiyat"].Value =(bırım_fıyatı.Text);
Here you have declared the parameter @s_fiyat as a float, but then you pass a string as the actual value. You need to pass a float or double in that case.
My: Blog | Photos | Next SQL Presentation
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
You're trying to assign a Text (String) value to an Sql Int type several times. Your bad lines are in bold:
myCommand.Parameters.Add("@i_cesit",SqlDbType.VarChar);
myCommand.Parameters["@i_cesit"].Value = ıplık_cesıtı.Text;
myCommand.Parameters.Add("@i_uzunluk",SqlDbType.Int);
myCommand.Parameters["@i_uzunluk"].Value = ıplık_capı.Text;
myCommand.Parameters.Add("@i_capı",SqlDbType.VarChar);
myCommand.Parameters["@i_capı"].Value = ıplık_capı.Text;
myCommand.Parameters.Add("@i_uzunlugu",SqlDbType.Int);
myCommand.Parameters["@i_uzunlugu"].Value = (ıgne_uzunlugu.Text);
myCommand.Parameters.Add("@i_kavisi",SqlDbType.VarChar);
myCommand.Parameters["@i_kavisi"].Value = ıgne_kavısı.Text;
myCommand.Parameters.Add("@arayuz",SqlDbType.VarChar);
myCommand.Parameters["@arayuz"].Value = ara_yuzu.Text;
myCommand.Parameters.Add("@kod",SqlDbType.VarChar);
myCommand.Parameters["@kod"].Value = urun_kodu.Text;
myCommand.Parameters.Add("@stok",SqlDbType.Int);
myCommand.Parameters["@stok"].Value = (stok_mıktarı.Text).ToString();
myCommand.Parameters.Add("@g_fiyat",SqlDbType.Float);
myCommand.Parameters["@g_fiyat"].Value = (bırım_fıyatı.Text);
myCommand.Parameters.Add("@s_fiyat",SqlDbType.Float);
myCommand.Parameters["@s_fiyat"].Value =(bırım_fıyatı.Text);
myCommand.ExecuteNonQuery();
You also don't need parenthesis arounf any of these identifiers either. How can you assign .Text values to Integer and Float values? You'll have to convert these strings to their numeric data types as dictated by your parameter requirements before you assign them.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
Thank you very much for your help..
|
|
|
|
|
Hi, I wanto to show an datarow in PropertyGrid to edit aplication parameters in database. But this parameters can change in time, so I need to create a class dinamically at runtime an make its intance to show it in PropertyGrid Control, and then pass the chages to the row an then edit to the database.
It this possible? How can I do this?
Thak you!
La realidad no es más que impulsos eléctricos del cerebro - Morpheus
|
|
|
|
|
I find the way:
<br />
private string CreaClase(System.Data.DataRow row)<br />
{<br />
string codigo = @"<br />
using System;<br />
using System.Data;<br />
<br />
namespace miNamespace {<br />
public class miClase {<br />
<br />
public miClase(System.Data.DataRow row)<br />
{<br />
m_Row = row;<br />
";<br />
foreach(System.Data.DataColumn col in row.Table.Columns)<br />
{<br />
codigo += "\t\tif(row[\"" + col.ColumnName + "\"] != DBNull.Value)\n";<br />
codigo += "\t\t{\n";<br />
codigo += "\t\t\tthis." + col.ColumnName + " = (" + col.DataType.UnderlyingSystemType.ToString() + ")row[\"" + col.ColumnName + "\"];\n";<br />
codigo += "\t\t}\n";<br />
}<br />
codigo += "}\n";<br />
foreach(System.Data.DataColumn col in row.Table.Columns)<br />
{<br />
string campo = col.DataType.UnderlyingSystemType.ToString() + " m_" + col.ColumnName;<br />
string propiedad = col.DataType.UnderlyingSystemType.ToString() + " " + col.ColumnName;<br />
codigo += "private " + campo + ";\n";<br />
codigo += @"<br />
public " + propiedad + @"<br />
{<br />
get { return m_" + col.ColumnName + @"; }<br />
set { <br />
m_" + col.ColumnName + @" = value;";<br />
codigo += "m_Row[\"" + col.ColumnName + "\"] = value;";<br />
codigo += @"<br />
}<br />
}<br />
<br />
";<br />
}<br />
<br />
codigo += @"<br />
private System.Data.DataRow m_Row;<br />
public System.Data.DataRow miMethod()<br />
{<br />
return m_Row;<br />
}<br />
<br />
";<br />
codigo +="} }";<br />
<br />
return codigo;<br />
}<br />
<br />
private void CreaObjeto(string codigo)<br />
{<br />
ICodeCompiler compilador = new CSharpCodeProvider().CreateCompiler();<br />
CompilerParameters parametros = new CompilerParameters();<br />
<br />
parametros.ReferencedAssemblies.Add("System.dll");<br />
parametros.ReferencedAssemblies.Add("System.Data.dll");<br />
<br />
parametros.GenerateInMemory = true;<br />
<br />
CompilerResults compilado = compilador.CompileAssemblyFromSource(parametros,codigo);<br />
<br />
if (compilado.Errors.HasErrors) <br />
{<br />
string mensaje = "";<br />
<br />
mensaje = compilado.Errors.Count.ToString() + " Errores:";<br />
for (int x=0;x<compilado.Errors.Count;x++) <br />
mensaje = mensaje + "\r\nLine: " + compilado.Errors[x].Line.ToString() + " - " + <br />
compilado.Errors[x].ErrorText; <br />
<br />
MessageBox.Show(mensaje + "\r\n\r\n" + codigo,"Error",MessageBoxButtons.OK,MessageBoxIcon.Error);<br />
<br />
return;<br />
}<br />
<br />
Assembly ensambaldo = compilado.CompiledAssembly;<br />
<br />
this.Objeto = ensambaldo.CreateInstance("miNamespace.miClase",true,BindingFlags.CreateInstance,null,new object[]{this.DS.Tables[0].Rows[0]},System.Globalization.CultureInfo.CurrentCulture,null);<br />
if (this.Objeto == null) <br />
{<br />
MessageBox.Show("No se pudo cargar la clase!.");<br />
return;<br />
}<br />
}<br />
private void frmParametro_Load(object sender, System.EventArgs e)<br />
{<br />
CreaObjeto(CreaClase(this.DS.Tables[0].Rows[0]));<br />
this.propertyGrid1.SelectedObject = this.Objeto;<br />
}<br />
La realidad no es más que impulsos eléctricos del cerebro - Morpheus
|
|
|
|
|
I'm trying to write a multiplayer Pocket PC 2003 game and want to know if anybody knows any good articles or has anything that could help me. I want to be able to build and test using the emulators in visual studio 2003 becuase i don't have easy access to two pocket pcs. is this possible?
i want to get a very simple test ruunning asap. something like being able to pass a value or a text file between two version of a program running on seperate emulators, that would be really handy.
Any help or advice totally welcomed.
Thanks loads,
MH.
|
|
|
|
|
How to get the assembly version in C#? I mean it is easy to get it for the assembly from which the code is executing by using the GetExecutingAssembly(), but how to get it for any other assembly?
Thanks.
|
|
|
|
|
Is the assembly loaded? If so, the current AppDomain should be able to retrieve it using GetAssemblies , in which case you could just check the version property. Otherwise, you could load it using Assembly.Load or Assembly.LoadFrom .
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
Exactly my point. Now why in the Earth I need to load the whole assembly to get it version? Seems little bit clumsy, doesn't it?
|
|
|
|
|
|
Clumsy? No, not really. My assumption was that you were interested in using the assembly in some way versus just inspecting its version.
If all you want is the version, and nothing else, I would advise using the System.Diagnostics.FileVersionInfo class.
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
Yes, you are right. Thanks for your help.
|
|
|
|
|
Hey!
I have a Windwos Library control(own made control) that i have added to my main program.
In this Windows Librar control i have a richtextbox that i add test to realy fast.
The problem:
When hitting a button or somthing during this contrl/richbox is adding data nothing happens? the buttens simes like its pressed but no event fires?
I have tryed to disconnect the Windows Library control and if i do this all is working fine, so its not any other part of my program that makes this problem.
Is there any way to add data to richTextbox in a fast way(and auto scroll to the bottom) without interfarens with rest of the GUI?
Best Regards
SnowJim
|
|
|
|
|
Can someone please help me with the code for reading nodes from an xml file one at a time. Could you please write an example. Is the value of a node the text it contains or is the attribute of a node the text it contains??
The XML file looks like this:
<test>
<question>Which fruit is in the following picture?</question>
<answerA>Apple</answerA>
<answerB>Orange</answerB>
<answerC>Pear</answerC>
<answerD>Plum</answerD>
<correct>A</correct>
<explanation>The picture is of a apple.</explanation>
</question>
<question>
.....
</question>
</test>
|
|
|
|
|
go to MSDN.microsoft.com and type "reading XML in .NET framework" into search box.
Or have a look at <a href = "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemxmlxmltextreaderclasstopic.asp" rel="nofollow">System.Xml.XmlTextReader</a>[<a href = "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemxmlxmltextreaderclasstopic.asp" target = "_blank" rel="nofollow">^</a>] .
David
Never forget: "Stay kul and happy" (I.A.)
David's thoughts / dnhsoftware.org / MyHTMLTidy
|
|
|
|
|
How I do to select multiple files in Windows Explorer, and run one command like "Execute", and all files need be passed as multiple parameters to one application.
I have tried the function AddContextMenuItem in this article: http://www.codeproject.com/tools/cpzipstripper.asp
but works only to one instance, if I try multiselect files and click "Execute", opens multiple instances of my application, instead of one instance with multiples args...
Thank you for all
|
|
|
|
|
There are two approaches that come to mind.
First is write a dynamic shell context menu handler that stores all the files selected in the IShellExtInit::Initialize method. This is pretty easy in C++ using one of the wizards you can find here on the Code Project. In C# it's a bit more hairy though.
The easier approach in C# would be to modify your app so that it only runs a single instance and any additional instances just pass the command line to the first instance. I'm pretty sure there are examples here of C# single instance apps. Then it's just a matter of passing the command line info. Search on single instance apps in
C# here and you should get some working code so you can see various methods to pass info from one instance to another.
|
|
|
|
|
Does anyone here know where I can find some code which depicts thie behaviour in the topic? I mean I want to be able to grab one or more items, drag them to a different place and drop so that the items are reordered. Thanks for any help!
|
|
|
|
|
|
Hi everyone! I have this strange problem: I have the main form and the main in which I invoke Application.EnableVisualStyles(). When I run the program almost everything works fine. Hovewer, I have a seccond window which inherits from System.Windows.Forms.Form. It's just an information window with a ListBox and an OK button. This button just calls Dispose() and it's has the System FlatStyle. When I click the button the program crashes. When I comment out the EnableVisualStyles() call, everything works fine, I dont't even have to change the buttons visual style to Standard. What should I do to make it all work?
|
|
|
|
|
And what it says when it crashes?
btw Be sure you call Application.DoEvents() after you call Application.EnableVisualSyules . Probably it's not this problem but sure it's not bad idea
David
Never forget: "Stay kul and happy" (I.A.)
David's thoughts / dnhsoftware.org / MyHTMLTidy
|
|
|
|
|