Sir I need some urgent help. M currently doing a project on hotel management system in C# using visual studio 2005 and SQl server 2005. The main problem m facing ri8 now is m unable to ADD and DELETE data to the server in the windows form. M alredy connect to my database.
So here is the code for Add button:

private void button1_Click(object sender, EventArgs e)
        {
            if ((textBox1.Text == "") || (textBox2.Text == "") || (textBox3.Text == "") || (comboBox1.Text == "") || (textBox4.Text == "") || (textBox5.Text == "") || (textBox6.Text == "")) 
            {
                MessageBox.Show("Some of the fields is empty....\nCheck it again");
                return;
            }
            else
            {
                SqlConnection savecon = new SqlConnection(constring);
                savecon.Open();

                SqlCommand savecom = new SqlCommand("insert into CheckIn_Receipt VALUES( '" + textBox1.Text + "', '" + textBox2.Text + "','" + textBox3.Text + "','" + comboBox1.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + ")", savecon);
                savecom.ExecuteNonQuery();
                savecon.Close();
            }
        }
Attachments Check_In_From.jpg 43.19 KB

The Code Above seems a bit on the dodge side to be honest. Your adding values directly from the user input to your sqlcmd. Thats a nono.

Try the below:

private void btnTest_Click(object sender, EventArgs e)
        {
            System.Data.SqlClient.SqlConnection cnn = new System.Data.SqlClient.SqlConnection("YourSqlServerConnectionString");
            try
            {
                System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();

                cmd.CommandText = "Insert INTO CheckIn_Receipt VALUES(@Paramater1)";
                cmd.Connection = cnn;

                System.Data.SqlClient.SqlParameter myParam = new System.Data.SqlClient.SqlParameter();
                myParam.ParameterName = "@Paramater1";
                myParam.Value = "Test";
                myParam.DbType = DbType.String;

                cmd.Parameters.Add(myParam);
                cnn.Open();
                cmd.ExecuteNonQuery();

            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            finally
            {
                cnn.Close();
            }
            
           
        }

Use can use the same idea to delete a record.

actually the application is not showing any errors...bt whenever i try to insert any values to the database with the help of Windows Form, my application get hanged...

I'd would definitely include a try/catch block around your code; it may provide you with what is going wrong. There isn't anything in your code that should cause it to hang. It should work or give an error message. I would follow Fruit_alchemist's advice about putting user input directly into the command object. SQL injection is a nasty way to get your data deleted.
Also, debug your code and go through it line by line. That way you'll get a good idea of where it is catching.

This article has been dead for over six months. Start a new discussion instead.