Hi there
I've got a littel problem. I've samo form which should add data to database.
Everythinks goes OK, but I'd like to have some alert messege when samobody
would like to add another user with the same nick. Now my aplication in that
case goes down.
This is code
void Button1_Click(object sender, EventArgs e) { SqlConnection c =
baza_danych.Polacz();
SqlCommand cmd = new SqlCommand("insert into klient
(IDklienta,Nazwisko,Imie,Adres,Miasto,Haslo) values ( '"+ IDklienta.Text +"'
,'" + Nazwisko.Text + "','" + Imie.Text + "','" + Adres.Text + "','" +
Miasto.Text + "','" + Haslo.Text + "')", c);
SqlDataReader dr = cmd.ExecuteReader();
bool test; test=dr.HasRows; if (test==true) { dr.Read(); Label1.Text =
"choose another nick"; } else { Label1.Text = "You are added to database"; }
dr.Close();
c.Close(); }
TIA
Adam 4 1169
Without knowing the design of your datatable I cannot be sure, but a pretty
safe bet is that you get an SqlException because a duplicate row (nick is
the unique column?) already exists.
There are a number of ways to solve this.
1) Handle the exception - You should always have exception handlers, but
they should not be used to handle expected errors, but exceptional
circumstances.
2) Rewrite the code, using a stored procedure. The stored procedure will
typically do a query and only insert when needed. With your code you are
very vulnerable to Sql injection attacks.
3) Do a query for the nick first. Only insert if it does not already exist.
The third option is possibly quickest, the second is by far the best in
terms of security, transactions and performance. And to make your life even
easier, check out the data application block (from www.microsoft.com/patterns, if I remember correctly, but also from
gotdotnet)
Reidar Husmo
"adam" <ad***@poczta.onet.pl> wrote in message
news:ct**********@news.onet.pl... Hi there I've got a littel problem. I've samo form which should add data to database. Everythinks goes OK, but I'd like to have some alert messege when samobody would like to add another user with the same nick. Now my aplication in that case goes down. This is code
void Button1_Click(object sender, EventArgs e) { SqlConnection c = baza_danych.Polacz(); SqlCommand cmd = new SqlCommand("insert into klient (IDklienta,Nazwisko,Imie,Adres,Miasto,Haslo) values ( '"+ IDklienta.Text +"' ,'" + Nazwisko.Text + "','" + Imie.Text + "','" + Adres.Text + "','" + Miasto.Text + "','" + Haslo.Text + "')", c); SqlDataReader dr = cmd.ExecuteReader(); bool test; test=dr.HasRows; if (test==true) { dr.Read(); Label1.Text = "choose another nick"; } else { Label1.Text = "You are added to database"; } dr.Close(); c.Close(); }
TIA Adam
Thanks for a reply, but I'm just starting witch asp.net and I'haven't got
any idea how to corect my project. Would you mind if I send you my *.asp
file?
If not, give me your email adress
TIA
Adam Without knowing the design of your datatable I cannot be sure, but a
pretty safe bet is that you get an SqlException because a duplicate row (nick is the unique column?) already exists. There are a number of ways to solve this. 1) Handle the exception - You should always have exception handlers, but they should not be used to handle expected errors, but exceptional circumstances. 2) Rewrite the code, using a stored procedure. The stored procedure will typically do a query and only insert when needed. With your code you are very vulnerable to Sql injection attacks. 3) Do a query for the nick first. Only insert if it does not already
exist. The third option is possibly quickest, the second is by far the best in terms of security, transactions and performance. And to make your life
even easier, check out the data application block (from www.microsoft.com/patterns, if I remember correctly, but also from gotdotnet)
Reidar Husmo
Adam,
Assuming that IDklienta is your nick (nickname? means username?), the
easiest approach is to just put a unique constraint on the
dbo.klient.IDklienta column. This ensures that any attempt to insert a new
row with the same value in that column will fail.
In your C#, code, you can catch the failure using try/catch
[PSEUDOCODE]
....
Label1.Text = ""; // clear the error
SqlConnection c = baza_danych.Polacz();
SqlCommand cmd = new SqlCommand("insert into klient
(IDklienta,Nazwisko,Imie,Adres,Miasto,Haslo) values ( '"+ IDklienta.Text +"'
,'" + Nazwisko.Text + "','" + Imie.Text + "','" + Adres.Text + "','" +
Miasto.Text + "','" + Haslo.Text + "')", c);
try
{
// attempt your insert here
cmd.ExecuteNonQuery ();
// insert was successful
Label1.Text = "You are added to database";
}
catch (SqlException ex)
{
// check specifically for a constraint violation error
// display an appropriate error message
Label1.Text = "choose another nick";
}
finally
{
c.Close();
}
....
I don't normally see a SqlDataReader and ExecuteReader() used on an insert
statement. I'm not sure whether it would work or not, but it's probably
cleaner to use ExecuteNonQuery () instead, as demonstrated above.
Also, do not forget the escape apostrophes in your strings. If a user
enters an apostrophe (') in one of your textboxes, your SQL string breaks
since apostrophes are the SQL string delimiter. You can solve this easily
e.g.;
IDklienta.Text.Replace("'","''"); // replace single apostrophe with
double-apostrophe
Although using paramaterized SQL would be a cleaner approach.
/// M
"adam" <ad***@poczta.onet.pl> wrote in message
news:ct**********@news.onet.pl... Hi there I've got a littel problem. I've samo form which should add data to
database. Everythinks goes OK, but I'd like to have some alert messege when samobody would like to add another user with the same nick. Now my aplication in
that case goes down. This is code
void Button1_Click(object sender, EventArgs e) { SqlConnection c = baza_danych.Polacz(); SqlCommand cmd = new SqlCommand("insert into klient (IDklienta,Nazwisko,Imie,Adres,Miasto,Haslo) values ( '"+ IDklienta.Text
+"' ,'" + Nazwisko.Text + "','" + Imie.Text + "','" + Adres.Text + "','" + Miasto.Text + "','" + Haslo.Text + "')", c); SqlDataReader dr = cmd.ExecuteReader(); bool test; test=dr.HasRows; if (test==true) { dr.Read(); Label1.Text = "choose another nick"; } else { Label1.Text = "You are added to
database"; } dr.Close(); c.Close(); }
TIA Adam
Thanks a lot!
Adam
Użytkownik "MWells" <outbound__at_sygnal.com> napisał w wiadomo¶ci
news:uk**************@TK2MSFTNGP10.phx.gbl... Adam,
Assuming that IDklienta is your nick (nickname? means username?), the easiest approach is to just put a unique constraint on the dbo.klient.IDklienta column. This ensures that any attempt to insert a
new row with the same value in that column will fail.
In your C#, code, you can catch the failure using try/catch
[PSEUDOCODE]
... Label1.Text = ""; // clear the error
SqlConnection c = baza_danych.Polacz();
SqlCommand cmd = new SqlCommand("insert into klient (IDklienta,Nazwisko,Imie,Adres,Miasto,Haslo) values ( '"+ IDklienta.Text
+"' ,'" + Nazwisko.Text + "','" + Imie.Text + "','" + Adres.Text + "','" + Miasto.Text + "','" + Haslo.Text + "')", c);
try { // attempt your insert here cmd.ExecuteNonQuery ();
// insert was successful Label1.Text = "You are added to database"; } catch (SqlException ex) { // check specifically for a constraint violation error
// display an appropriate error message Label1.Text = "choose another nick"; } finally { c.Close(); } ...
I don't normally see a SqlDataReader and ExecuteReader() used on an insert statement. I'm not sure whether it would work or not, but it's probably cleaner to use ExecuteNonQuery () instead, as demonstrated above.
Also, do not forget the escape apostrophes in your strings. If a user enters an apostrophe (') in one of your textboxes, your SQL string breaks since apostrophes are the SQL string delimiter. You can solve this easily e.g.;
IDklienta.Text.Replace("'","''"); // replace single apostrophe with double-apostrophe
Although using paramaterized SQL would be a cleaner approach.
/// M
"adam" <ad***@poczta.onet.pl> wrote in message news:ct**********@news.onet.pl... Hi there I've got a littel problem. I've samo form which should add data to database. Everythinks goes OK, but I'd like to have some alert messege when
samobody would like to add another user with the same nick. Now my aplication in that case goes down. This is code
void Button1_Click(object sender, EventArgs e) { SqlConnection c = baza_danych.Polacz(); SqlCommand cmd = new SqlCommand("insert into klient (IDklienta,Nazwisko,Imie,Adres,Miasto,Haslo) values ( '"+ IDklienta.Text +"' ,'" + Nazwisko.Text + "','" + Imie.Text + "','" + Adres.Text + "','" + Miasto.Text + "','" + Haslo.Text + "')", c); SqlDataReader dr = cmd.ExecuteReader(); bool test; test=dr.HasRows; if (test==true) { dr.Read(); Label1.Text = "choose another nick"; } else { Label1.Text = "You are added to database"; } dr.Close(); c.Close(); }
TIA Adam
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Anand |
last post by:
Hi i am having trouble adding a recordset into the access database,
the code seems to be working fine it passs and parses through all
variables just fine without showing any errors and also when i...
|
by: gregory_may |
last post by:
I have an application I created called "JpegViewer.exe". It simply loads a
Jpeg file and displays in on the screen. It works great, in my lab.
When I am using it at a customer site, things...
|
by: lawrence |
last post by:
I'm a beginner with Javascript and especially cross-browser
Javascript. I got this working in IE, but not in Netscape 7. It seems
like, in Netscape, every time I click on a button, the focus shifts...
|
by: ed |
last post by:
i'm having trouble with a form. I want to be able to type in the address of
the form with the data for the form items in the URL (ie:
http://somesite.com/formpage.html?field1=data1&field2=data2)....
|
by: Daniel Walzenbach |
last post by:
Hi,
I have a web application which sometimes throws an “out of memory”
exception. To get an idea what happens I traced some values using performance
monitor and got the following values (for...
|
by: Olivier BESSON |
last post by:
Hello,
I have a web service of my own on a server (vb.net). I must declare it with
SoapRpcMethod to be used with JAVA.
This is a simple exemple method of my vb source :
...
|
by: scottf35 |
last post by:
Hi,
I am working on (read that - upgrading) an application. This
application creates an HTTPWebRequest object, populates it with values
which are then sucked out of the Request.Form object (eg...
|
by: grassh0pp3r |
last post by:
Hello,
I'm trying to make a very simple comments page on my site using PHP and am having problems somewhere. I am very new to PHP. I was able to create one that works with comments appended, but...
|
by: Jaye |
last post by:
Hi. I'm having some trouble with the code I'm using to validate a form. The form is used to query a database and users can enter multiple search criteria separated by commas. Since search criteria...
|
by: Rabel |
last post by:
I am new to asp and I am having a little trouble with the Request.form
option. What I want to do is I have a dropdown box.
<select name="selecter" class="text" id="selecter">
<option...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |