3

I want to insert the content of some textboxes into a SQL Server database.

This is the code I use:

SqlConnection myConn = new SqlConnection(myConnection);
myConn.Open();

SqlCommand InsertCommand = new SqlCommand("INSERT INTO invmgmt.Products (product_id, product_name, product_price, possible_discount, product_in_stock) VALUES ('" + Convert.ToInt32(tbAddProdID.Text) + "','" + tbAddProdName.Text + "','" + Convert.ToDouble(tbAddProdPrice.Text) + "','" + Convert.ToInt32(tbAddPblDiscount.Text) + "','" + Convert.ToInt32(tbAddInStock.Text) + "')");

myConn.Close();

If I execute that, nothing happens to the database, does anyone know what to do? I've tried some other Insert commands, but nothing wants to work.

Improve this question
0

6 Answers 6

Reset to default
7

You have to associate a connection with your command then execute your query:

InsertCommand.Connection = conn;
InsertCommand.ExecuteNonQuery();

Few other things:

  • Do not use string concatenation to create SQL Query. Use parameters with your query. See: SqlCommand.Parameters otherwise you are prone to SQL Injection
  • Enclose your connection and command object in using statement.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

+1 for using parameters. String concatenation is wide open to en.wikipedia.org/wiki/SQL_injection.
1

add the connection to your command and execute it:

 SqlCommand InsertCommand = new SqlCommand("INSERT INTO invmgmt.Products (product_id, product_name, product_price, possible_discount, product_in_stock) VALUES ('" + Convert.ToInt32(tbAddProdID.Text) + "','" + tbAddProdName.Text + "','" + Convert.ToDouble(tbAddProdPrice.Text) + "','" + Convert.ToInt32(tbAddPblDiscount.Text) + "','" + Convert.ToInt32(tbAddInStock.Text) + "')",myConn);

 InsertCommand.ExecuteNonQuery();
Improve this answer

1 Comment

Thank you, I got 2 faults. First was not to write InsertCommand.ExecuteNonQuery(); Secound was to forget the secound parameter of the SQLCommand
1

You are missing:

InsertCommand.ExecuteNonQuery();
Improve this answer

Comments

0

after opening connection try code below:

string query = ..........;
SqlCommand myCommand = new SqlCommand(query, myConn);
myCommand.ExecuteNonQuery();
myConn.Close();

Note: type your query instead of dots.

Improve this answer

2 Comments

Thanks a lot, yes I forgot the second parameter of the SqlCommand.
no problem, you can accept the answer in order to help others who has the same problem
0

ExecuteNonQuery() return the number of rows affected, so its better to check the return to handle error condition

Int32 ret = sqlcommand.ExecuteNonQuery();

if (ret <= 0) { enter code here }

Improve this answer

Comments

0

You have to execute the query and close your connection after this as shown below

SqlConnection myConn = new SqlConnection(myConnection);
myConn.Open();

string sql ="YOUR QUERY...";
SqlConnection myConn = new SqlConnection(myConnection);
myConn.Open();
SqlCommand InsertCommand = new SqlCommand(sql,myConn);
InsertCommand.ExecuteNonQuery();
myConn.Close();

or if you want to check if query is executed or not do this instead.

if(InsertCommand.ExecuteNonQuery()>0){ //some message or function }

the returned value are the number of rows affected by the statement.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.