Trouble adding user input to oledb database

  • Thread starter Thread starter jbardrof
  • Start date Start date
J

jbardrof

okay so i have this

myCommand.CommandText = "INSERT into UserID
(UsrName, passwr, UsrID) VALUES ('Rik', 'pass',
9)";

now what i want is to have a user enter in the UsrName and passwr
value. what is the syntax to do that using what ever they entered to
be added to the database.

also if i want to delete a row by UsrName, but the user entered the
UsrName, how do i do that?

*-----------------------*
Posted at:
www.GroupSrv.com
*-----------------------*
 
Uzytkownik "jbardrof said:
okay so i have this

myCommand.CommandText = "INSERT into UserID
(UsrName, passwr, UsrID) VALUES ('Rik', 'pass',
9)";

now what i want is to have a user enter in the UsrName and passwr
value. what is the syntax to do that using what ever they entered to
be added to the database.
Click to expand...

Use command parameters, for example (OleDbProvider):

public static void insertData()
{
OleDbConnection con =
new OleDbConnection("File name=E:\\MyConnection.udl");
string sql = "INSERT into UserID" +
"(UsrName, passwr, UsrID) " +
"VALUES (?, ?, ?)";
OleDbCommand myC = new OleDbCommand(sql, con);
myC.Parameters.Add("Name",
System.Data.OleDb.OleDbType.VarChar);

myC.Parameters.Add("Pass",
System.Data.OleDb.OleDbType.VarChar);

myC.Parameters.Add("UsrId",
System.Data.OleDb.OleDbType.Integer);

using(con)
{
con.Open();
myC.Parameters["Name"].Value = "Jack";
myC.Parameters["Pass"].Value = "sdfjf'do\"s";
myC.Parameters["UsrId"].Value= 9;
try
{
myC.ExecuteNonQuery();
}
catch(OleDbException ex)
{
System.Console.WriteLine(ex.Message);
}
}
}

Regards,
Grzegorz
 
i'm not sure if that would work the way i was hoping, i came up with
this using the stringbuilder class, but after running it i get an
error

System.Data.OleDb.OleDbException: No value given for one or more
required parameters.

heres what i came up with
string UserName = txtUsrName.Text;
string UserPass = txtUsrPass.Text;

StringBuilder addstring = new StringBuilder();
addstring.Append("INSERT into UserID (UsrName,
passwr) VALUES (");
addstring.Append(UserName);
addstring.Append(", ");
addstring.Append(UserPass);
addstring.Append(")");

string sqlString = addstring.ToString();
OleDbCommand myCommand = new OleDbCommand();
myCommand.CommandText = sqlString;
myCommand.Connection = myConnection;
myConnection.Open();
myCommand.ExecuteNonQuery();
myConnection.Close();


okay where did i go wrong?

*-----------------------*
Posted at:
www.GroupSrv.com
*-----------------------*
 
Uzytkownik "jbardrof said:
i'm not sure if that would work the way i was hoping, i came up with
this using the stringbuilder class, but after running it i get an
error

System.Data.OleDb.OleDbException: No value given for one or more
required parameters.

heres what i came up with
string UserName = txtUsrName.Text;
string UserPass = txtUsrPass.Text;

StringBuilder addstring = new StringBuilder();
addstring.Append("INSERT into UserID (UsrName,
passwr) VALUES (");
addstring.Append(UserName);
addstring.Append(", ");
addstring.Append(UserPass);
addstring.Append(")");
Click to expand...

You forgot about text delimiters - corrected code:
addstring.Append("INSERT into UserID (UsrName, passwr) VALUES ('");
addstring.Append(UserName);
addstring.Append("', '");
addstring.Append(UserPass);
addstring.Append("')");

But, instead expose to sql injection attack, use oledb parameters - I wrote
working example in previous post.
Regards,
Grzegorz
 
Back
Top