|
Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood' The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable; Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x'; A perfectly valid SELECT
DROP TABLE MyTable; A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
And when you've fixed that throughout you app, start looking at the problem you have noticed.
And that is probably in your ExecuteQuery method: if you are creating an SQL Reader ther, then you can't issue any more commands on that connection until the Reader is closed...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
merci pour votre réponse je vais revoir mon code et je vous reviens
|
|
|
|
|
You're welcome - but please use English in future; this is an English language site and we only normally accept questions in that language. Google Translate does a pretty good job and it saves everybody else from having to do it for you!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Et surtout merci pour vos conseils
|
|
|
|
|
hello sir all my apologies for the delay ... i was putting my code clean as you advised me. I have an error like microsoft jet engine
try
{
setConnection();
sql_con.Open();
using (sql_cmd = sql_con.CreateCommand())
{
string txtQuery = "INSERT INTO Detail_temp (ref_det, qute_det, Designation, Prix_unitaire_HT, Prix_total_HT) VALUES (@ref_det,@qute_det,@Designation,@Prix_unitaire_HT,@Prix_total_HT)";
sql_cmd.Parameters.AddWithValue("@ref_det", TxtRefProduit.Text);
sql_cmd.Parameters.AddWithValue("@qute_det", TxtQteCmd.Text);
sql_cmd.Parameters.AddWithValue("@Designation", TxtDesignation.Text);
sql_cmd.Parameters.AddWithValue("@Prix_unitaire_HT", TxtPrixUnitaire.Text);
sql_cmd.Parameters.AddWithValue("@Prix_total_HT", total);
sql_cmd = new OleDbCommand(txtQuery, sql_con);
sql_cmd.ExecuteNonQuery();
}
}
catch(OleDbException ex)
{
MessageBox.Show(ex.Source);
}
|
|
|
|
|
Quote: I have an error like microsoft jet engine
Is pretty meaningless on it's own ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
You are right sir but frankly I don't know how to explain it to you. but once I submit the add button after filling in all the fields as it should be this is the message I receive. And nothing in the access database.
|
|
|
|
|
What is the message you recieve?
What line does it happen on?
What does the debugger show you is going on?
So far, all I have is "I have an error like microsoft jet engine" which tells me nothing at all!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Ok, thank you sir. I removed my block of code in the try and here is the error: at the level of sql_cmd.ExecuteNonQuery ();
System.Data.OleDb.OleDbException: 'No value given for one or more of the required parameters.'
private void BtnAjouter_Click(object sender, EventArgs e)
{
int total;
decimal total_achat;
if (TxtDesignation.Text == "" || TxtPrixUnitaire.Text == "" || TxtQteCmd.Text == "" || TxtQteStock.Text == "" || TxtRefProduit.Text == "")
{
MessageBox.Show("Rassurez vous que tous les champs ont bien été rempli.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
if (Int32.TryParse(TxtQteCmd.Text, out int value) && TxtRefProduit.Text != "")
{
int a = 0;
int b = 0;
int c;
int.TryParse(TxtQteCmd.Text.Trim(), out a);
int.TryParse(TxtQteStock.Text.Trim(), out b);
int.TryParse(TxtPrixUnitaire.Text.Trim(), out c);
if (a <= b)
{
total = a * c;
total_achat = 0;
setConnection();
sql_con.Open();
using (sql_cmd = sql_con.CreateCommand())
{
string txtQuery = "INSERT INTO Detail_temp (ref_det, qute_det, Designation, Prix_unitaire_HT, Prix_total_HT) VALUES (@ref_det,@qute_det,@Designation,@Prix_unitaire_HT,@Prix_total_HT)";
sql_cmd.Parameters.AddWithValue("@ref_det", TxtRefProduit.Text);
sql_cmd.Parameters.AddWithValue("@qute_det", TxtQteCmd.Text);
sql_cmd.Parameters.AddWithValue("@Designation", TxtDesignation.Text);
sql_cmd.Parameters.AddWithValue("@Prix_unitaire_HT", TxtPrixUnitaire.Text);
sql_cmd.Parameters.AddWithValue("@Prix_total_HT", total);
sql_cmd = new OleDbCommand(txtQuery, sql_con);
sql_cmd.ExecuteNonQuery();
}
|
|
|
|
|
Right: and what do you think that message means?
Hint: What do you do immediately after you add the parameter values to sql_cmd ? (This is not a trick question)
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
for me this message means that one of the values entered in the texbox is not loaded in the database suddenly it sees no data in the fields. I have the impression that my fields remain empty after adding
|
|
|
|
|
I even tried this if, I have the same error
using (sql_cmd = sql_con.CreateCommand())
{
string txtQuery = "INSERT INTO Detail_temp (ref_det, qute_det, Designation, Prix_unitaire_HT, Prix_total_HT) VALUES (@ref_det, @qute_det, @Designation, @Prix_unitaire_HT, @Prix_total_HT)";
OleDbParameter refprod = sql_cmd.Parameters.AddWithValue("@ref_det", OleDbType.VarChar);
refprod.Value = TxtRefProduit.Text;
OleDbParameter qtecmd = sql_cmd.Parameters.AddWithValue("@qute_det", OleDbType.VarChar);
qtecmd.Value = TxtQteCmd.Text;
OleDbParameter design = sql_cmd.Parameters.AddWithValue("@Designation", OleDbType.VarChar);
design.Value = TxtDesignation.Text;
OleDbParameter prixU = sql_cmd.Parameters.AddWithValue("@Prix_unitaire_HT", OleDbType.Integer);
prixU.Value = TxtPrixUnitaire.Text;
OleDbParameter prixT = sql_cmd.Parameters.AddWithValue("@Prix_total_HT", OleDbType.Integer);
prixT.Value = total;
sql_cmd = new OleDbCommand(txtQuery, sql_con);
sql_cmd.ExecuteNonQuery();
}
|
|
|
|
|
Please, look closely at your code.
What does this line do exactly:
sql_cmd = new OleDbCommand(txtQuery, sql_con);
Not a trick question: Here it is as multiple choice:
1) Nothing
2) Throw away the existing content of the variable and replace it with a new, empty one.
3) Catch fire and die.
4) Create a new instance and assign all the old data to it.
Extra hint: It's less than (3) and greater than (1).
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
Wrong.
Quote: Extra hint: It's less than (3) and greater than (1).
Think: What does the new keyword actually do?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Can you explain it to me please? I'm just a beginner who learns through some tutorials
|
|
|
|
|
Ok.
Suppose we do this:
List<string> myList = new List<string>();
myList.Add("One");
myList.Add("Two");
myList.Add("Three");
myList.Add("Four");
myList.Add("Five");
foreach (string s in myList)
{
Console.WriteLine(s);
} You would expect it do print five lines, and indeed it will:
One
Two
Three
Four
Five
But what if I do this:
List<string> myList = new List<string>();
myList.Add("One");
myList.Add("Two");
myList.Add("Three");
myList.Add("Four");
myList.Add("Five");
myList = new List<string>();
foreach (string s in myList)
{
Console.WriteLine(s);
} How many lines of print do you expect to get now? (Run the code if you have to, I don't mind.)
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
you are right sir I doubted but after having compiled I realized that the variable s is empty.
|
|
|
|
|
Yes - and that's because the new keyword creates a new, empty instance of the List and throws away the old one when it is assigned to the variable.
And your code does exactly the same thing:
...
sql_cmd.Parameters.AddWithValue("@Prix_total_HT", total);
sql_cmd = new OleDbCommand(txtQuery, sql_con);
sql_cmd.ExecuteNonQuery(); You load up the parameters into an OleDbCommand instance, and then throw it all away to create a new, empty instance and store it in the same variable.
To be honest, if you are "just a beginner who learns through some tutorials" then you are doing it all wrong, particularly if these are YouTube tutorials - I've yet to see one that is of any real use whatsoever. Instead, look for a good book on the subject - Apress, Wrox, Addison Wesley, Microsoft Press - they all do excellent beginner volumes though I don't know if any of them are available in French. If you can, look for a copy of "Pro C# 8.0" (APress, I believe), or "C# in a nutshell" (O'Reilly?) - I learnt from those one many, many years ago when .NET was at V2!
Books introduce the material in a structured way, building on what has been taught before - and aren't written just to get views and subscribers...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
really thank you for your advice i will inquire to see if the book is available in french. I did a bit of programming at school but not the csharp, and since it is a langauge that I am passionate about, I decided to take it easy but I really want to know the role of each method used. And for its I thank you again because I followed your advice. But with your permission I would like to send you some project that I have realized thanks to courses on Csharp to just give me your opinion on the presentation of my codes and if there is an improvement to be made.
|
|
|
|
|
Don't send it, I won't look at it.
I don't have time to be a mentor to anyone - and I get a couple of request for it a month, and certainly couldn't do it for everyone who asks: so I don't do it at all to be as fair as I can to everybody.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
it does not matter sir I understand you but nevertheless if I have a problem I will post it for a possible help
|
|
|
|
|
ago2486 wrote: 'No value given for one or more of the required parameters.' That is not "some error", it tells you exactly what the problem is. You need to make sure you are submitting a value for all parameters.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
Look at his code and see what he does immediately after adding the parameters and their values...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: Look at his code Ya, I know. I was more referring to the fact that three separate people asked what the error was and the OP just kept saying "some error."
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|