Click here to Skip to main content
15,893,588 members
Search within:


Problem occured to save sql from C# Project
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
ASP.NET
In my c# code is below
C#
cmd = new SqlCommand("insert into login values(" & TextBox1.Text & "," & TextBox2.Text & ")", con);

It is not run. The error occurred. The & is not defines string to string

Any one help me for this problem
Posted
Updated 13-Dec-11 22:06pm
v2
Add a Solution
Comments
Al Moje 14-Dec-11 4:09am    
The & is used in vb.net code. Since you are using c#, replace it with +

2 solutions

try:
C#
cmd = new SqlCommand("insert into login values('"+ TextBox1.Text + "','"+ TextBox2.Text+"')", con);

i suggest you practice more for using ADO .Net with .net applications , u can get number of examples surfing google,
please refer the following link this might help you:
http://msdn.microsoft.com/en-us/library/6759sth4%28v=vs.71%29.aspx[^]
 
Share this answer
 
Posted
Comments
devausha 14-Dec-11 4:32am    
Thank you for your answer and Suggestions
member60 14-Dec-11 4:47am    
Thank you devausha ,Happy coding.
To add to prabhaamaji's comments, you really shouldn't do it that way anyway.
There are two problems there: one with the SQL syntax, and one called SQL Injection.

While the syntax will work, it depends on the order in which the columns in your database are defined. If someone modifis it and adds a column before the username, then your code fails , becasue it expects the username first. Always name the columns, in the order you are goint to fill them:
SQL
INSERT INTO login (userName, password) VALUES (...)
That way your code is better protected against future changes.

SQL Injection happens when you allow the user direct access to you sql command, and can be exploited to steal, damage or destroy your database. Do not concatenate strings to build a SQL command - use Parametrized queries instead;
cmd = new SqlCommand("INSERT INTO login (userName, password) VALUES (@UN, @PW)", con);
cmd.Parameters.AddWithValue("@UN", TextBox1.Text);
cmd.Parameters.AddWithValue("@PW", TextBox2.Text);

There are two others I would like to add in passing, that it is worth your considering - probably later when yoiu have a bit more experience:
1) Do not use the VS default names for controls: You may remember today that TextBox1 has the username, but will you remember next week? Call it tbUserName or similar, and it becomes more obvious.
2) Do not store passwords in clear text! There is a Tip here explaining why not: Password Storage: How to do it.[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
C: "an access conflict occurred at the write location."
Receiving: a problem occurred configuring project for multiple packages of mine
Problem Occured to Restore SQL file
Problem Occured in Sql
Problem occur when hosting ASP.NET core 2.1 project locally on computer?
Problem that occurred when publishing a project in vb.net 2010
a problem occuring while connecting the server
save apostrophe " ' " in sql
Problem occured in sql query
how to solve issued that occures after hosting website on server pc( iis server)

Advertise
Privacy
Cookies
Terms of Use
Last Updated 14 Dec 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900