c# - whats wrong with this code??(c1.CommandText = "insert into stu values='" + textBox1 + "','" + textBox2 + "'";) -
hi write simple code in c# insert name on sqldatabase
this full code
i have error
unable connect on server
namespace csharpproject { public partial class from2 : form { public from2() { initializecomponent(); } private void button1_click(object sender, eventargs e) { string s1 = "data source=.;initial catalog=test1;integrated security=true"; sqlconnection sc1 = new sqlconnection(s1); sqlcommand c1 = new sqlcommand("",sc1); c1.commandtext = "insert stu values='" + textbox1 + "','" + textbox2 + "'"; try { sc1.open(); if (c1.executenonquery() == 1) { messagebox.show("successes"); textbox1.focus(); } else { messagebox.show("error "); textbox2.focus(); } } catch { messagebox.show("unable connect on server "); textbox2.focus(); } finally{ sc1.close(); } } } } and think problem here cant solve it
c1.commandtext = "insert stu values='" + textbox1 + "','" + textbox2 + "'"; please me
your code should be..
c1.commandtext = "insert stu values('" + textbox1.text + "','" + textbox2.text + "')"; but i'd suggest use parameterized sql query avoid sql injection attacks
here how query after parameterising
c1.commandtext = "insert stu values(@textbox1, @textbox2)"; c1.parameters.addwithvalue("@textbox1", textbox1.text) c1.parameters.addwithvalue("@textbox2", textbox2.text) here useful link know more parameterized queries.
using parameterized queries prevent sql injection attacks in sql server
Comments
Post a Comment