Start New Discussion within our Software Development Community

OleDbCommand aCommand = new OleDbCommand("insert into customer_info(lr_no,date,customer_name,place,item_name,item_size,item_quantity,item_rate,total_rate,no_of_goods_fowarded) " + " values('" + textBox2.Text + "','" + dateTimePicker1.Value + "','" + comboBox1.Text + "','" + textBox1.Text + "','" + comboBox2.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox3.Text + "','" + textBox7.Text + "') ");

Use parameterized queries. You will actually be able to read the SQL, prevent SQL injection, and have better performance on the sql server.

Here is an example for Sql* but you can change the typename to OleDb and use it the same way:

private void simpleButton1_Click(object sender, EventArgs e)
    {
      const string query = "Insert Into Employees (RepNumber, HireDate) Values (@RepNumber, @HireDate)";

      string connStr = BuildSqlNativeConnStr("apex2006sql", "Leather");
      DataTable dt;
      using (SqlConnection conn = new SqlConnection(connStr))
      {
        conn.Open();
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
          cmd.Parameters.Add(new SqlParameter("@RepNumber", 50));
          cmd.Parameters.Add(new SqlParameter("@HireDate", DateTime.Today));
          SqlDataReader dr = cmd.ExecuteReader();
          dt = new DataTable();
          dt.Load(dr);
        }
      }
      System.Diagnostics.Debugger.Break(); //At this point you have the populated datatable
    }

Also -- do this to your code and paste the result:

private void simpleButton2_Click(object sender, EventArgs e)
    {
      OleDbCommand cmd = new OleDbCommand("some " + "real " + "long " + " query");
      string cmdText = cmd.CommandText;
      System.Diagnostics.Debugger.Break();
    }

Paste the value of cmdText so we can see what is wrong with the query. It could be an issue with the values of one of your form components.

This article has been dead for over six months. Start a new discussion instead.