c# - How to Insert Data to the Database? - User Defined Classes -


i'm experimenting databases , i'm finding different methods optimize codes. here i'm using different class stop re writing same codes such add, delete , update use same executenonquery() method. far update delete methods worked except insert. compiler doesn't give errors values taken text boxes doesn't go variable string query. i'm new c# coding. can me? or advice? 

using dbconnectionexercise.dbconnection_components; namespace dbconnectionexercise {     public partial class student_form : form     {         dbcomps dc = new dbcomps();          //public string constring;         //public sqlconnection con = null;         //public sqlcommand com = null;         public string query;          public student_form()         {             initializecomponent();              //constring = "data source=ashane-pc\\ashanesql;initial catalog=schooldb;integrated security=true";             //con = new sqlconnection(constring);              dc.connectdb();           }          private void form1_load(object sender, eventargs e)         {             loadgriddata();          }         private void dtp_dob_valuechanged(object sender, eventargs e)         {             datetime = datetime.today;             datetime dob = dtp_dob.value.date;             int = now.year - dob.year;             if (now < dob.addyears(a)) a--;             tb_age.text = a.tostring();         }          private void loadgriddata()         {             try             {                 query = "select * tb_student";                 //dc.opencon();                 //sqldataadapter da = new sqldataadapter(query, con);                 datatable dt1 = new datatable();                 dt1 = dc.data_table(query);                 //da.fill(dt);                 stu_datagrid.datasource = dt1;                 //con.close();              }             catch (exception ex)             {                 messagebox.show(ex.tostring());             }         }          private void cleardata()         {             tb_name.clear();             tb_address.clear();             tb_telno.clear();             tb_search.clear();             tb_age.clear();             dtp_dob.value = datetime.today;          }          private void btn_add_click(object sender, eventargs e)         {             try             {                 string name = tb_name.text;                 datetime dob = dtp_dob.value.date;                 int age = convert.toint32(tb_age.text);                 string address = tb_address.text;                 int telno = convert.toint32(tb_telno.text);                 int line = 0;                   //con.open();                 query = "insert tb_student values(@stu_name, @stu_dob, @age, @stu_address, @stu_tel_no)";                 //query = "insert tb_student (stu_name, stu_dob, age, stu_address, stu_tel_no) values('" + name + "','" + dob + "','" + age + "','" + address + "','" + telno + "')";                 messagebox.show(query);                 //com = new sqlcommand(query, con);                 // insert/save code                  dbcomps.com.parameters.addwithvalue("@stu_name", name);                 dbcomps.com.parameters.addwithvalue("@stu_dob", dob);                 dbcomps.com.parameters.addwithvalue("@age", age);                 dbcomps.com.parameters.addwithvalue("@stu_address", address);                 dbcomps.com.parameters.addwithvalue("@stu_tel_no", telno);                  //line = com.executenonquery();                 line = dc.exenonquery(query);                 //com.dispose();                 //con.close();                  if (line > 0)                 {                     loadgriddata();                     cleardata();                     messagebox.show("data saved sucessfully!", "data saved", messageboxbuttons.ok, messageboxicon.information);                 }                 else                     messagebox.show("data not saved", "error save", messageboxbuttons.ok, messageboxicon.error);             }             catch(exception ex)             {                 messagebox.show(ex.tostring());             }         }

this dbcomps class used write sql function methods.

 namespace dbconnectionexercise.dbconnection_components     {         public class dbcomps         {             public string consring;             public sqlconnection con = null;             public static sqlcommand com = null;              public void connectdb()             {                 consring = "data source=ashane-pc\\ashanesql;initial catalog=schooldb;integrated security=true";                 con = new sqlconnection(consring);             }              public void opencon()             {                 con.open();             }              public void closecon()             {                 con.close();             }              public int exenonquery(string query) //the method insert, update , delete.             {                  int line = 0;                 opencon();                 com = new sqlcommand(query, con);                 line = com.executenonquery();                 com.dispose();                 closecon();                  return line;             }     } }

this really bad way of talking database, hackable using sql injection , since learning, right time point out:

query = "insert tb_student values('"+ name +"','"+ dob +"','"+ age +"','"+ address +"','"+ telno +"')";

read on sql injection why , how, , best practices find out better ways .


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more