1

I got a situation here. I need to insert values into tables depending on what a user provides on the Window form. If a good does not exist and more than is necessary is acquired the the excess must be entered into a table called "BulkAvailable" this is where a big exists in my code as when I comment this part out the code runs well. Please find the piece of code below

           try
            {
                SqlConnection con = new SqlConnection("Data Source=PV10\\LOCALSERVER;Initial Catalog=SmallSoftwareDB;Integrated Security=True;Pooling=False");
                con.Open();
                float a = float.Parse(textBox8.Text, System.Globalization.CultureInfo.InvariantCulture);
                int b = int.Parse(textBox9.Text);
                float c = a * b;
                var T = c.ToString(System.Globalization.CultureInfo.InvariantCulture);

                float x = float.Parse(textBox4.Text, System.Globalization.CultureInfo.InvariantCulture);
                int z = int.Parse(textBox3.Text);
                float y = x * z;
                var total = y.ToString(System.Globalization.CultureInfo.InvariantCulture);

                int d = b - z;

                string uba = "insert into BulkSale(ProductName, ProductSource, Date, Quantity, Type, UnitPrice, Total, Nature) values('" + textBox1.Text + "', '" + textBox2.Text + "', '" + dateTimePicker1.Value + "', '" + textBox3.Text + "', '" + textBox6.Text + "', '" + textBox4.Text + "', '" + textBox5.Text + "', '"+textBox7.Text+"')";
                string A = "insert into BulkInput(ProductName, ProductSource, Date, Quantity, Type, UnitPrice, Total, Nature) values('"+textBox1.Text+"','"+textBox2.Text+"','"+dateTimePicker1.Value+"','"+b+"','"+textBox6.Text+"','"+a+"','"+c+"', '"+textBox7.Text+"')";
                SqlCommand cmd = new SqlCommand(uba, con);
                SqlCommand X = new SqlCommand(A, con);
                cmd.ExecuteNonQuery();
                X.ExecuteNonQuery();

                try
                {
                    if (int.Parse(textBox9.Text) > int.Parse(textBox3.Text))
                    {
                        string B = "insert into BulkAvailable(ProductSource,ProductName,Date,Quantity,Type) values('" + textBox2.Text + "','" + textBox1.Text + "','" + dateTimePicker1.Text + "','" + d + "','" + textBox6.Text + "')";
                        SqlCommand Bc = new SqlCommand(B, con);
                        Bc.ExecuteNonQuery();
                    }

                    else
                    {
                        MessageBox.Show("You successfully Bought and Sold", " ", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                    }
                }
                catch (Exception aze)
                {
                    MessageBox.Show(aze.Message, " ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                }

                MessageBox.Show("Operation Successfully Executed", " ", MessageBoxButtons.OK, MessageBoxIcon.Information);
                con.Close();
            }
            catch (Exception er) 
            {
                MessageBox.Show(er.Message, " ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
            }
        }

When I run the code it returns an exception message: "String of binary data would be truncated. The statement has been terminated"

Improve this question
6
  • 1
    in which line number? Commented Oct 18, 2016 at 16:37
  • 3
    You need to rewrite this to use a paramaterized insert, you are vulnerable to SQL injection. (Put a ' in one of the textboxes and see what happens) Commented Oct 18, 2016 at 16:39
  • 4
    The error is because you are attempting to put text into a table column that exceeds the maximum length of that column. Commented Oct 18, 2016 at 16:39
  • You leak resources because you leave undisposed much which should be disposed Commented Oct 18, 2016 at 16:40
  • 1
    Do not try this!!! Imagine a malicious user typing in ');drop table BulkInput into textbox 7. What do you think would happen? Try mentally constructing string A to help yourself recognize the grave danger of constructing SQL from strings provided by end-users. Commented Oct 18, 2016 at 16:42

1 Answer 1

Reset to default
1

You should check your fields in database. This error means that you are tring to insert string with more length than the boundaries of the field.

So for an example if you have db field ProductName defined as varchar(50) and you try to insert value which have 52 characters in it, you will receive this error.

We can't tell you on which exact field this happen, you should check it manually. You can try to execute the query in the DB and see if the error gives you the field name, but in the past this not happen.

You should implement some validation checks about your fields, if they go over some Length show an error message or cut the string using Substring method.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hopefully OP sees a much larger issue at hand... which is that what he's written has SQL injection vulnerabilities everywhere.
if (int.Parse(textBox9.Text) > int.Parse(textBox3.Text)) { string B = "insert into BulkAvailable(ProductSource,ProductName,Date,Quantity,Type) values('" + textBox2.Text + "','" + textBox1.Text + "','" + dateTimePicker1.Text + "','" + d + "','" + textBox6.Text + "')"; SqlCommand Bc = new SqlCommand(B, con); Bc.ExecuteNonQuery(); }
@Indra so check all the fields which take this textBoxes.Text and see their definition in database. Like I said we can't tell you which field creates the problem. You should check it by yourself
Thanks Y'all. I'll cross check as advices. I'll keep y'all posted
@Indra if the answer helped you, you can mark it as correct.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.