I wrote below code for my database connection but every time its catch part play.what is the problem?

public myDb()
{
    canConnect = true;
    sqlString = "Connection Timeout=5;Server=127.0.0.1;Database=ghanat;";
    dbConnect = new SqlConnection(sqlString);
    dbCmd = new SqlCommand();
    dbCmd.Connection = dbConnect;
    dbAdapter = new SqlDataAdapter(dbCmd);

    try
    {
        dbConnect.Open();
        MessageBox.Show("You connected", "Connection", MessageBoxButtons.OK, MessageBoxIcon.Error);
    }
    catch
    {
        canConnect = false;
        MessageBox.Show("Connection Error", "Connection", MessageBoxButtons.OK, MessageBoxIcon.Error);
    }
    finally
    {
        dbConnect.Close();
    }
}

At the next step i have to send my sql string to database.
can you guide me or introduce me a clear brief Tutorial or an example project?

thanks alot.

Check your connection string to verify you are using the appropriate format for your database and authentication settings.

For a connection to a SQL Server 2008 Express database on my machine here, I use the connection:

Server=********\SQLEXPRESS;Database=mysitedb;Trusted_Connection=True;

For a connection to a hosted SQL Server 2005 database using SQL Server authentication, my connection string is:

Data Source=xxxxxxxx;Initial Catalog=xxxxxxxx;User ID=xxxxxxxx;Password=xxxxxxxx;

Also, rather than simply catching and displaying a canned message, throw the exception so you can see more specifically what is wrong while you are debugging.

I found my wrong.thanks alot.

Integrated Security = True

access to sql was denied without this.
or I have to make a user and password for a special user in sql server and in my code have to send as connection string to database.

but now I have a new problem.I have some text box and want send their values as string in to my database.I did it like below code:

sql = "Insert into specs (name, family)";
sql += "values ('{0}', '{1}')";
sql += string.Format(sql, txtName.Text, txtFamily.Text);

it is my string witch will be send to sqlserver.
but every time it makes 2 rows in my table.
one is consist {0} as name and {1} as family.
and other row is consist my real values.
how can i improve it and what is the common way?

Edited 6 Years Ago by funfullson: n/a

Your problem is this line

sql += string.Format(sql, txtName.Text, txtFamily.Text);

It should simply be equals instead of plus-equals. You are essentially creating a statement that says "Insert into specs (name, family) values ('{0}', '{1}') Insert into specs (name, family) values ('name value', 'family value')".

On a seperate note, I would caution you against taking input and going directly to the database with it without filtering it or otherwise protecting yourself against SQL Injection attacks. Verify data types and never send unfiltered strings directly to the database. Use parameterized queries or, at minimum, escape single-quote characters in your strings. Just assume they are in there and always deal with them, you'll save yourself a lot of agony that way.

This article has been dead for over six months. Start a new discussion instead.