insert data into access database using c# not working -


i trying add data access database, far have.

  try         {             connection.open();              string datainsert = "insert clientst (firstname, lastname, address, email, phone, cellphone, notes) values('" + boxaddname.text.tostring() + "', '" + boxaddlastname.text + "', '" + boxaddadress.text + "', '" + boxaddemail.text + "', '" + boxaddphone + "', '" + boxaddcellphone + "','" + boxaddobs.text + "')";             oledbcommand command = new oledbcommand(datainsert, connection);               command.executenonquery();             connection.close();             messagebox.show("client added,");         } catch(exception ex){             messagebox.show("error :" + ex);         }      } 

it does't give me king of error menssage, code executes fine nothing added database.

please note farly new c# , it's first time working databases.

now hang on minute there!

you introducing potentially disastrous security hole. let me show why:

string datainsert = "insert clientst (firstname, lastname, address, email, phone, cellphone, notes) values('" + boxaddname.text.tostring() + "', '" + boxaddlastname.text + "', '" + boxaddadress.text + "', '" + boxaddemail.text + "', '" + boxaddphone + "', '" + boxaddcellphone + "','" + boxaddobs.text + "')"; 

in particular these lines:

boxaddname.text.tostring() // you're converting string string, redundant. :p missing semicolon here. boxaddlastname.text boxaddadress.text boxaddemail.text boxaddphone // not security problem, you're inserting textbox control, not it's text. boxaddcellphone // same above. boxaddobs.text 

what you're doing allowing user put anything want database. this, user can insert whatever want, or use sql injection exploit. should sanitize input.

you this:

    string query = "insert clientst (firstname, lastname, address, email, phone, cellphone, notes) values(@firstname, @lastname, @address, @email, @phone, @cellphone, @notes)";      using (sqlconnection connection = new sqlconnection(connectionstring))     using (sqlcommand cmd = new sqlcommand(query))     {         connection.open();          // please make sure edit sqldbtype correct sql data type. varchar default in example. it's on fix that.         cmd.parameters.add("@firstname", sqldbtype.varchar) = boxaddname.text;         cmd.parameters.add("@lastname", sqldbtype.varchar) = boxaddlastname.text;         cmd.parameters.add("@address", sqldbtype.varchar) = boxaddaddress.text;         cmd.parameters.add("@email", sqldbtype.varchar) = boxaddemail.text;         cmd.parameters.add("@phone", sqldbtype.varchar) = boxaddphone.text;         cmd.parameters.add("@cellphone", sqldbtype.varchar) boxaddcellphone.text;         cmd.parameters.add("@notes", sqldbtype.varchar) = boxaddnotes.text;          // insert writing code here.     } 

your problem this:

you're trying insert textbox control on multiple occasions. @ boxaddphone, , boxaddcellphone: need use textboxname.text, not textboxname. it's going throw exception, , since you're catching exceptions, won't know went wrong. anything.

finally, you're adding boxaddobs, not inserted first insert clientst (...) statement.


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -