i preapred rgestration from and i created sql server database tables ,if i click on submitt button save in database pls send me c# code

Posted by Radhekrisna under Regular Expressions on 2/11/2010 | Views : 1277 | Status : [Member] | Replies : 8
i preapred rgestration from and i created sql server database tables ,if i click on submitt button save in database pls send me c# code




Responses

Posted by: Nishithraj on: 2/11/2010 [Member] Bronze

Up
0
Down
The question is unclear?

Mark this as answer, if it is.....

With regards
Nishithraj Narayanan

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Abhi2434 on: 2/11/2010 [Member] [Microsoft_MVP] [MVP] Silver

Up
0
Down
Just use normal Insert Statement to save data to the database.

SqlCommand cmd = new SqlCommand("insert statement", con);


cmd.ExecuteNonQuery();


Just consult any book regarding this.

www.abhisheksur.com

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Neeks on: 2/11/2010 [Member] Bronze

Up
0
Down
There are two ways to do it,
1. Stored Procedures
2. In-Line Queries

You can make the Insert, Update and Delete operation using
1. ExecuteNonQuery
2. ExecuteScalar - This will return the Value which you pass as success Operation


Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bubbly on: 2/13/2010 [Member] Bronze

Up
0
Down
Hello,

You can simply insert the values in the database and based on the insertion display a message to user.

For example,

string query = "insert into tablename values ('"+txtname.text+"','"+txtaddress.text+"')";




++
Thanks & Regards,
Deepika

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Abhijit Jana on: 2/13/2010 [Member] [MVP] Bronze

Up
0
Down
Deepika,

The code snippet you have given is very bad practice. You should not give direct input field value this will cause serious SQL Injection. Used command parameter or SP.

Good luck !

Abhijit

Cheers !
Abhijit

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Abhi2434 on: 2/13/2010 [Member] [Microsoft_MVP] [MVP] Silver

Up
0
Down
string query = "insert into tablename values ('"+txtname.text+"','"+txtaddress.text+"')";


Yes Abhijit is right,

If I put

txtname.Text as

');Delete * FROM USERS --

It will actually delete all records from users.

If you can use SqlParameter, this problem will not occur.

:)

www.abhisheksur.com

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bubbly on: 2/14/2010 [Member] Bronze

Up
0
Down
Hello Abhijit,

I too know it. But if someone doesn't have idea about a writing a query then better they should know it before writing a stored procedure. So they should start from basics rather than jumping to stored procedure.

++
Thanks & Regards,
Deepika

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Abhijit Jana on: 2/14/2010 [Member] [MVP] Bronze

Up
0
Down
Even he don't know the basic, latest you should inform him, this is not the right way . You can tell me in this way, like

-------------------------------------------------------------------------------------------
You can use below code to insert records into database, where txtname and txtaddress is the input field. Before that you need to create connection object and set command property.
string query = "insert into tablename values ('"+txtname.text+"','"+txtaddress.text+"')";


But, This code can causes SQL Injection, which will break your application, For that you can use Parametrized query or Stored procedure.

Along with this, you can give few ref. of SQL Injection.

---------------------------------------------------------------------------------------------------------------------------

By which, at latest the guys will know something regarding SQL Injection and best practices of writing code.


Thanks !
Abhijit


Cheers !
Abhijit

Radhekrisna, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response