c# - Parameterize SQL query -

February 15, 2015

many posts parameters in sql c# still missing something. not getting error message no data inserted. missing? have text boxes named fname, lname, address, city, state , zip.

 private void enter_button_click(object sender, eventargs e)  {     string first, last, addy, city1, stat, zippy;     first = fname.text;      sqlparameter firstparam;     firstparam = new sqlparameter();     firstparam.parametername = "@first";     firstparam.value = first;     last = lname.text;     sqlparameter lastparam;     lastparam = new sqlparameter();     lastparam.parametername = "@last";     lastparam.value = last;     addy = address.text;     sqlparameter addressparam;     addressparam = new sqlparameter();     addressparam.parametername = "@addy";     addressparam.value = addy;     city1 = city.text;     sqlparameter cityparam;     cityparam = new sqlparameter();     cityparam.parametername = "@city1";     cityparam.value = city1;     stat = state.text;     sqlparameter stateparam;     stateparam = new sqlparameter();     stateparam.parametername = "@stat";     stateparam.value = stat;     zippy = zip.text;     sqlparameter zipparam;     zipparam = new sqlparameter();     zipparam.parametername = "@zippy";     zipparam.value = zippy;      try     {         validate(fname);         validate(lname);         validate(city);         validate(state);     }     catch (exception ex)     {         throw new exception(ex.tostring(), ex);     }      try     {         exvalidate(address);     }     catch (exception ex1)     {         throw new exception(ex1.tostring(), ex1);     }      try     {         numvalidate(zip);     }     catch (exception ex2)     {         throw new exception(ex2.tostring(), ex2);     }       string connection = "data source=tx-manager;initial catalog=contacts;integrated security=true";     var sqlstring = string.format("insert contacts ([first] ,[last] ,[address] ,[city] ,[state],[zip]) values {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);     sqlconnection conn = new sqlconnection(connection);     sqlcommand comm = new sqlcommand();     comm.commandtext = sqlstring;     try     {         conn.open();         //sqltransaction trans = conn.begintransaction();         //comm.transaction = trans;         comm.parameters.add("@first", sqldbtype.text);         comm.parameters.add("@last", sqldbtype.text);         comm.parameters.add("@addy", sqldbtype.text);         comm.parameters.add("@city1", sqldbtype.text);         comm.parameters.add("@stat", sqldbtype.text);         comm.parameters.add("@zippy", sqldbtype.smallint);     }     catch (exception commex)     {         throw new exception(commex.tostring(), commex);     }     conn.close(); }

so changed , still nothing happens.

     string connection = "data source=tx-manager;initial catalog=contacts;integrated security=true";         var sqlstring = string.format("insert contacts ([first] ,[last] ,[address] ,[city] ,[state],[zip]) values {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);         sqlconnection conn = new sqlconnection(connection);         sqlcommand comm = conn.createcommand();         comm.commandtext = sqlstring;         try         {             conn.open();             //sqltransaction trans = conn.begintransaction();             //comm.transaction = trans;             comm.parameters.addwithvalue("@first", first);             comm.parameters.addwithvalue("@last", last);             comm.parameters.addwithvalue("@addy", addy);             comm.parameters.addwithvalue("@city1", city1);             comm.parameters.addwithvalue("@stat", stat);             comm.parameters.addwithvalue("@zippy", zippy);             comm.executenonquery();

you forgot execute command ;)

edit: didn't use parameters created @ beginning of method.

    ...     try     {         conn.open();         //sqltransaction trans = conn.begintransaction();         //comm.transaction = trans;         comm.parameters.add(firstparam);         comm.parameters.add(lastparam);         comm.parameters.add(addressparam);         comm.parameters.add(cityparam);         comm.parameters.add(stateparam);         comm.parameters.add(zipparam);          // forgot:         comm.executenonquery();     }     ...

btw, don't things that:

    catch (exception ex1)     {         throw new exception(ex1.tostring(), ex1);     }

it's useless, adds new level of exception without adding useful. let exception bubble stack until reaches catch block useful.

Search This Blog

Funaction

c# - Parameterize SQL query -

Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

gmail - Is there any documentation for read-only access to the Google Contacts API? -

php - Controller/JToolBar not working in Joomla 2.5 -