|
Yeah, use an enum , or go for GUIDs
|
|
|
|
|
hi
i designed my form as
textbox, button
now in the buttonclick event i wrote a code which is as follows!
try
{
string constr = "User Id = scott;Password=tiger;Provider=Msdaora.1";
OleDbConnection con = new OleDbConnection(constr);
con.Open();
MessageBox.Show(" Connected to ORACLE!");
string q = "create table pert(enum number,ename varchar2(10),sal number)";
OleDbCommand cmd = new OleDbCommand(q, con);
cmd.ExecuteNonQuery();
MessageBox.Show("Table Created!");
}
catch (OleDbException a)
{
MessageBox.Show(a.Message);
}
now in the string q how do i add a textbox1.text so that while running my program i give the table name dynamically instead of statistically mentioning the table name as shown in the string q.
|
|
|
|
|
Perhaps with a parameter (I haven't tried it); certainly with concatenation, but that would be bad form.
|
|
|
|
|
was that an anwswer! its looking like something else!
|
|
|
|
|
with precautions, no bad form I'd say.
|
|
|
|
|
IMO the answer holds two parts:
1. don't use a TextBox, use a ComboBox (with ComboBoxStyle.DropDownList) presenting the allowable table names.
2. then perform string concatenation to build the SQL statement.
|
|
|
|
|
the dropdown list would eliminate the facility of having tablenames according to user choices. This IMO is essential if we are dealing with a SQL Parser or a simillar application, or a situation where we need user-specified entity names in the database.
We can use a textbox and employ reguler expressions / validation controls in order to eliminate the possibility of an incorrect tablename.
|
|
|
|
|
Something needs to be done to protect against abuse. Validation is one way, yes.
|
|
|
|
|
Try the following:
string q = "create table " + Textbox1.text + "(enum number,ename varchar2(10),sal number)";
a better way (cleaner and easily readable) of doing it would be to use a local string variable to store the table name from the text box and concatenate the string using that variable.
string temp = Textbox1.Text;
string q = "create table "+temp+ " (enum number,ename varchar2(10),sal number)";
|
|
|
|
|
|
why did u downvote ?? please explain
|
|
|
|
|
I disliked very much however I did not downvote.
Your code would not compile.
And it is flawed, see my other posts in this thread.
|
|
|
|
|
hi
AHSAN111!
thanks for the reply mate! the first and the second parts that u explained are working fine for me!
this is how my new code looks like!
try
{
string constr = "User Id = scott;Password=tiger;Provider=Msdaora.1";
OleDbConnection con = new OleDbConnection(constr);
con.Open();
MessageBox.Show(" Connected to ORACLE!");
string g = textBox1.Text;
string q = "create table " +g+ "(enum number,ename varchar2(10),sal number)";
OleDbCommand cmd = new OleDbCommand(q, con);
cmd.ExecuteNonQuery();
MessageBox.Show("Table Created!");
}
|
|
|
|
|
that is bad code, it is open for SQL injection, people can type anything they like in the TextBox and make your program execute it.
I already told you precautions had to be taken against it, using a uneditable ComboBox rather than a TextBox is one way of doing just that.
|
|
|
|
|
ooh!
but if i use comboboxstyle with allowable table names! the whole purpose of what i wanted would not be served! is there any way by which it can be done! ? but thank u very much for the suggestion mate! am seriously learning a lot from this!
|
|
|
|
|
As I said, you need to use a validator to ensure that only allowable table names are used to construct the query. You can use javascript + regex or .net validation controls as it suites you.
|
|
|
|
|
hi
when i delete my program (in C#) through add/remove programs
the database still exists - how to delete him ?
thanks in advance
|
|
|
|
|
You can create a custom action in your installer that runs when the product is uninstalled.
The custom action would call a function in one of your DLL's that removes any files created by the program after it was installed.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
thanks for the help !
how to make custom action to my installer ?
|
|
|
|
|
What are you using to create the install package?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
"All your database is belong to us." -- Microsoft
|
|
|
|
|
|
Hi,
If I do...
int nColName = odbcDataReader.GetOrdinal(@"name");
int nColNumber = odbcDataReader.GetOrdinal(@"iq");
while (odbcDataReader.Read())
{
string strName = odbcDataReader.GetString(nColNumber);
int nNumber = odbcDataReader.GetInt32(nColNumber);
}
GetString() succeeds.
GetInt32() throws an exception... [System.InvalidCastException] = {"Specified cast is not valid."}
However if I do...
int nColName = odbcDataReader.GetOrdinal(@"name");
int nColNumber = odbcDataReader.GetOrdinal(@"iq");
while (odbcDataReader.Read())
{
odbcDataReader.IsDBNull(nColNumber);
int nNumber = odbcDataReader.GetInt32(nColNumber);
string strNumber = odbcDataReader.GetString(nColNumber);
}
Now GetInt32() succeeds.
And GetString() throws an exception... [System.InvalidCastException] = {"Unable to cast object of type 'System.Int32' to type 'System.String'."}
FYI: The column in question 'IQ' is of type 'int'.
It seems that calling IsDBNull() first, changes the behaviour of the Get methods.
Can anyone explain what is going on?
Thanks - John.
|
|
|
|
|
My only guess at this point is in the first test you are calling GetString first, and in the second test you are calling GetInt32 first. It's possible the the reader is casting your value to what you asked for first?
|
|
|
|
|
Hi kevinnicol,
The only reason for putting them in a different order is because I put the call that throws the exception last.
Changing the order just means that you never get to second call because the first throws an exception.
@PIEBALDconsult: Yes, I should check the return but it makes no differance to my question.
|
|
|
|