C
C#ā€¢2y ago
BambiAria

Parameterising this sql?

void Insert()
        {
            string query = "INSERT INTO StudentTable (YearGroup,FormGroup,FirstName,LastName,ScienceType) VALUES" + "(@studentID,@yearGroup,@formGroup,@firstName,@lastName,@scienceType";
            cmd = new OleDbCommand(query, connection);
            
            cmd.Parameters.AddWithValue("@yearGroup",formGroupTextBox);
            cmd.Parameters.AddWithValue("@formGroup",formGroupTextBox.Text);
            cmd.Parameters.AddWithValue("@firstName",firstNameTextBox.Text);
            cmd.Parameters.AddWithValue("@lastName",lastNameTextBox.Text);
            cmd.Parameters.AddWithValue("@scienceType",scienceClassTextBox.Text);
            
            connection.Open();
            cmd.ExecuteNonQuery();
            connection.Close();
            GetDatabaseConnection1();
        }
void Insert()
        {
            string query = "INSERT INTO StudentTable (YearGroup,FormGroup,FirstName,LastName,ScienceType) VALUES" + "(@studentID,@yearGroup,@formGroup,@firstName,@lastName,@scienceType";
            cmd = new OleDbCommand(query, connection);
            
            cmd.Parameters.AddWithValue("@yearGroup",formGroupTextBox);
            cmd.Parameters.AddWithValue("@formGroup",formGroupTextBox.Text);
            cmd.Parameters.AddWithValue("@firstName",firstNameTextBox.Text);
            cmd.Parameters.AddWithValue("@lastName",lastNameTextBox.Text);
            cmd.Parameters.AddWithValue("@scienceType",scienceClassTextBox.Text);
            
            connection.Open();
            cmd.ExecuteNonQuery();
            connection.Close();
            GetDatabaseConnection1();
        }
14 Replies
Axiss
Axissā€¢2y ago
Yes, this is parameterized. I would make the cmd variable local instead of using a shared variable. What does GetDatabaseConnection1 do and why are you calling it at the end of the method?
BambiAria
BambiAriaOPā€¢2y ago
to be honest im not entirely sure this is just me cutting and pasting different CRUD tutorials together ohhhhh nvm it literally just finds the database like for the connection?
Axiss
Axissā€¢2y ago
Do you need to do that again? It doesn't sound like it but I dunno.
BambiAria
BambiAriaOPā€¢2y ago
ill probs remove it but also upon actually testing it it doesnt seem to actually insert anything into my database
Axiss
Axissā€¢2y ago
What makes you say that? How are you validating that the insert worked?
BambiAria
BambiAriaOPā€¢2y ago
opening... the database?? in access
Axiss
Axissā€¢2y ago
It looks like you are missing a ) at the end of your insert statement. You aren't getting an error when running it?
BambiAria
BambiAriaOPā€¢2y ago
nvm I wasnt even running the subroutine early morning coding is the death of me
Axiss
Axissā€¢2y ago
It happens. šŸ˜„
BambiAria
BambiAriaOPā€¢2y ago
mmmmm okay now im getting that the number query values and destination fields are not the same I think thats cause Ive skipped the ID of the table as a query but I thought that was auto assigned by access or do u have to make ur own when inserting?
Axiss
Axissā€¢2y ago
@studentId, if that is auto-assigned you don't need it in the second part of the statement
BambiAria
BambiAriaOPā€¢2y ago
yep that definitely could be it System.Data.OleDb.OleDbException: 'Data type mismatch in criteria expression.' welp thats a new exception atleast
Axiss
Axissā€¢2y ago
hahaha check where you are adding @yeargroup I don't think you want to add a textbox šŸ˜„
BambiAria
BambiAriaOPā€¢2y ago
ohhhhhhhhhhhhh lmao tho that is something I need to fix anyway cause year group would be 7-13 whereas form group is 7-13 + letters p sure technically what im modelling should only have every other letter up to O? but I cant really remember and the examiner doesnt know that haha its still when I check it in the database but ima leave it for a bit tbh thank you for ur help
Want results from more Discord servers?
Add your server