Click here to Skip to main content
15,879,535 members
Search within:


Why am I not able to send data to SQL server?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
SQL
WMI
 
I am trying make an application which when installed in other system, has to collect details and send to my SQL server.

In SQL Server, I have made all columns as varchar(70).
I thought the problem was with datatypes, so I decided to remove OSInstallDate and  
LastBootUpTime in the below code and check. But still other data are not being inserted.
There is no problem with sql connection as I have checked it already.

If there's any other way of collecting all these data and sending to my database, I would be interested.


What I have tried:

C#
SelectQuery Sq1 = new SelectQuery("Win32_OperatingSystem");
                ManagementObjectSearcher objOSDetails1 = new ManagementObjectSearcher(Sq1);
                foreach (ManagementObject mo1 in objOSDetails1.Get())
                {
                    OperatingSystem = mo1["caption"].ToString();
                    ServicePack = mo1["csdversion"].ToString();
                    OSVersion = mo1["version"].ToString();
                    OSArchitecture = mo1["OSArchitecture"].ToString();
                   OSSno = mo1["serialnumber"].ToString();
                   OSInstallDate = mo1["InstallDate"].ToString();
                    OSDescription = mo1["Description"].ToString();
                    LastBootUpTime = mo1["LastBootUpTime"].ToString();
                    SPMajorVersion = mo1["ServicePackMajorVersion"].ToString();
                    RegUser = mo1["RegisteredUser"].ToString();
                    OSStatus = mo1["status"].ToString();
                }
                cmd1 = new SqlCommand("INSERT INTO [dbo].[OSInfo]([LastUpdatedOn],[IPAddress],[OperatingSystem],[ServicePack],[OSVersion],[OSArchitecture],[OSSno],[OSInstallDate],[Description],[LastBootUpTime],[SPMajorVersion],[RegUser],[OSStatus]) VALUES (getdate(),'" + IPA + "','" + OperatingSystem + "','" + ServicePack + "','" + OSVersion + "','" + OSArchitecture + "','" + OSSno + "','" + OSInstallDate + "','" + OSDescription + "','" + LastBootUpTime + "','" + SPMajorVersion + "','" + RegUser + "','" + OSStatus + "')", con);
                
                int numrows1 = cmd1.ExecuteNonQuery();
Posted
Updated 1-May-18 19:30pm
Add a Solution

2 solutions

You are executing the command outside of foreach loop so only the last record will be saved in the database. If you want to save all the records, you might want to put the command execution inside the loop.
 
Share this answer
 
Posted
Comments
Member 13714562 2-May-18 1:27am    
I tried that one too. But it's not being inserted.
dan!sh 2-May-18 1:30am    
Are you getting any exceptions? If yes, update the question with that detail. If not, trace the exact query executed on the database using SQL profiler and see if there are any issues there
Member 13714562 2-May-18 1:38am    
No exceptions. I will now try using SQL profiler and see.
Rajat-Indiandotnet 2-May-18 9:43am    
What came in Profiler?
Member 13714562 3-May-18 5:48am    
Actually, there was no need of using Profiler at all. I had made a silly mistake of giving wrong datatype for one of the column in my table. Now it's working fine.
C#
cmd1 = new SqlCommand("INSERT INTO [dbo].[OSInfo]([LastUpdatedOn],[IPAddress],[OperatingSystem],[ServicePack],[OSVersion],[OSArchitecture],[OSSno],[OSInstallDate],[Description],[LastBootUpTime],[SPMajorVersion],[RegUser],[OSStatus]) VALUES (getdate(),'" + IPA + "','" + OperatingSystem + "','" + ServicePack + "','" + OSVersion + "','" + OSArchitecture + "','" + OSSno + "','" + OSInstallDate + "','" + OSDescription + "','" + LastBootUpTime + "','" + SPMajorVersion + "','" + RegUser + "','" + OSStatus + "')", con);

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
 
Share this answer
 
Posted
Comments
Member 13714562 2-May-18 1:40am    
Ya, I know this not a good way of coding. But I first thought of solving the main problem of inserting data and looking into this matter later.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 2 May 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900