OleDbCommand aCommand = new OleDbCommand("insert into customer_info(lr_no,date,customer_name,place,item_name,item_size,item_quantity,item_rate,total_rate,no_of_goods_fowarded) " + " values('" + textBox2.Text + "','" + dateTimePicker1.Value + "','" + comboBox1.Text + "','" + textBox1.Text + "','" + comboBox2.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox3.Text + "','" + textBox7.Text + "') ");
sumitz_31
0
Newbie Poster
sknake
1,622
Senior Poster
Featured Poster
Use parameterized queries. You will actually be able to read the SQL, prevent SQL injection, and have better performance on the sql server.
Here is an example for Sql* but you can change the typename to OleDb and use it the same way:
private void simpleButton1_Click(object sender, EventArgs e)
{
const string query = "Insert Into Employees (RepNumber, HireDate) Values (@RepNumber, @HireDate)";
string connStr = BuildSqlNativeConnStr("apex2006sql", "Leather");
DataTable dt;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = new SqlCommand(query, conn))
{
cmd.Parameters.Add(new SqlParameter("@RepNumber", 50));
cmd.Parameters.Add(new SqlParameter("@HireDate", DateTime.Today));
SqlDataReader dr = cmd.ExecuteReader();
dt = new DataTable();
dt.Load(dr);
}
}
System.Diagnostics.Debugger.Break(); //At this point you have the populated datatable
}Also -- do this to your code and paste the result:
private void simpleButton2_Click(object sender, EventArgs e)
{
OleDbCommand cmd = new OleDbCommand("some " + "real " + "long " + " query");
string cmdText = cmd.CommandText;
System.Diagnostics.Debugger.Break();
}Paste the value of cmdText so we can see what is wrong with the query. It could be an issue with the values of one of your form components.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.