By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,218 Members | 1,257 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,218 IT Pros & Developers. It's quick & easy.

decimal point changes to comma in INSERT Querystring

P: n/a
Friends

When I use a Querystring for insertdating data into a Tabel (going to
SQLserver)
the decimal pint changes to a comma. The result is that I get a system error
(which I can understand)

sSQL = "INSERT A,B INTO TABEL VALUES (aValue, BValue");
where A ="aaa"
and B = 12.5

is a string and B is a float.

the result is INSERT A , B INTO TABEL VALUES ( "AAA", 12,5); Now SQL Server
assumes 3 variables

How to solve this??
Regards
gerrit Esmeijer

Nov 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
G.Esmeijer <ge****@nomail.nl> wrote:
When I use a Querystring for insertdating data into a Tabel (going to
SQLserver)
the decimal pint changes to a comma. The result is that I get a system error
(which I can understand)

sSQL = "INSERT A,B INTO TABEL VALUES (aValue, BValue");
where A ="aaa"
and B = 12.5

is a string and B is a float.

the result is INSERT A , B INTO TABEL VALUES ( "AAA", 12,5); Now SQL Server
assumes 3 variables

How to solve this??


Don't put the values into the SQL directly at all - use parameters, and
set the values of the parameters.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 16 '05 #2

P: n/a
Are you using adhoc SQL, or typed parameters? You should be using typed
parameters.

That is, do not do this:
aSQL = "INSERT A,B INTO TABLE VALUES (" + aValue + ", " + bValue + ");";

Not only do you run into culture issues, as you are below, but there are
also HUGE security problems if somebody injects bad strings into aValue.

You should instead be using the SqlCommand class, and it's typed parameters.
It takes a little bit more code, but in the long run you'll have less
headaches.

Do something like:
aSQL = "INSERT A,B INTO TABLE VALUES (@A, @B);";
SqlCommand insCmd = new SqlCommand(aSQL, connection);
SqlParameter param1 = new SqlParameter("@A", System.Data.SqlDbType.NVarChar,
length);
param1.Value = aValue;
insCmd.Parameters.Add(param1);
SqlParameter param1 = new SqlParameter("@B", System.Data.SqlDbType.Int);
param1.Value = bValue;
insCmd.Parameters.Add(param2);

The above should be close, although I can't gurantee it will compile as
written. Look up the specific classes for more info.
--
Mike Mayer, C# MVP
mi**@mag37.com
http://www.mag37.com/csharp/
"G.Esmeijer" <ge****@nomail.nl> wrote in message
news:40**********************@dreader2.news.tiscal i.nl...
Friends

When I use a Querystring for insertdating data into a Tabel (going to
SQLserver)
the decimal pint changes to a comma. The result is that I get a system error (which I can understand)

sSQL = "INSERT A,B INTO TABEL VALUES (aValue, BValue");
where A ="aaa"
and B = 12.5

is a string and B is a float.

the result is INSERT A , B INTO TABEL VALUES ( "AAA", 12,5); Now SQL Server assumes 3 variables

How to solve this??
Regards
gerrit Esmeijer


Nov 16 '05 #3

P: n/a
Michael,

Thanks for taking the effort to help me out. I will try it and let you know
if it works.
The sucurity problems are not such an issue here. Im reading data from a
text-file which is then stored in SQLserver-table.

Regards
gerrit esmeijer


"Michael Mayer [C# MVP]" <mi**@mag37.com> schreef in bericht
news:Oi**************@TK2MSFTNGP11.phx.gbl...
Are you using adhoc SQL, or typed parameters? You should be using typed
parameters.

That is, do not do this:
aSQL = "INSERT A,B INTO TABLE VALUES (" + aValue + ", " + bValue + ");";

Not only do you run into culture issues, as you are below, but there are
also HUGE security problems if somebody injects bad strings into aValue.

You should instead be using the SqlCommand class, and it's typed parameters. It takes a little bit more code, but in the long run you'll have less
headaches.

Do something like:
aSQL = "INSERT A,B INTO TABLE VALUES (@A, @B);";
SqlCommand insCmd = new SqlCommand(aSQL, connection);
SqlParameter param1 = new SqlParameter("@A", System.Data.SqlDbType.NVarChar, length);
param1.Value = aValue;
insCmd.Parameters.Add(param1);
SqlParameter param1 = new SqlParameter("@B", System.Data.SqlDbType.Int);
param1.Value = bValue;
insCmd.Parameters.Add(param2);

The above should be close, although I can't gurantee it will compile as
written. Look up the specific classes for more info.
--
Mike Mayer, C# MVP
mi**@mag37.com
http://www.mag37.com/csharp/
"G.Esmeijer" <ge****@nomail.nl> wrote in message
news:40**********************@dreader2.news.tiscal i.nl...
Friends

When I use a Querystring for insertdating data into a Tabel (going to
SQLserver)
the decimal pint changes to a comma. The result is that I get a system

error
(which I can understand)

sSQL = "INSERT A,B INTO TABEL VALUES (aValue, BValue");
where A ="aaa"
and B = 12.5

is a string and B is a float.

the result is INSERT A , B INTO TABEL VALUES ( "AAA", 12,5); Now SQL

Server
assumes 3 variables

How to solve this??
Regards
gerrit Esmeijer



Nov 16 '05 #4

P: n/a
> The sucurity problems are not such an issue here. Im reading data from a
text-file which is then stored in SQLserver-table.

Since the price is so small, I would be concerned about security.
Two years from now someone will decide to get the strings from the
user and not realize all the implications.

--
Mihai
-------------------------
Replace _year_ with _ to get the real email
Nov 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.