Insert into SQL database from a textbox when a button is clicked

Question

0.00/5 (No votes)

See more:

it says "the ConnectionString Property has not been initialised"

What I have tried:

C#

private void button1_Click(object sender, EventArgs e)
{
            
    using (TestEntities test = new TestEntities())
    {
        var query = "insert into test.Users (Username,Password) values ('" + textBox1.Text + "','" + textBox2.Text + "')";
        SqlConnection con = new SqlConnection();
                
        SqlCommand cmd = new SqlCommand(query, con);
        SqlDataReader dbr;

        try
        {
            con.Open();
            dbr = cmd.ExecuteReader();
            MessageBox.Show("saved");
            while (dbr.Read())
            {
            }
            con.Close();
        }
        catch (Exception es)
        {
            MessageBox.Show(es.Message);
        }
    }
}

Posted 26-May-16 4:03am

Member 12548109

Updated 26-May-16 4:18am

George Jonsson

v2

Add a Solution

Comments

Richard MacCutchan 26-May-16 10:29am

Do not print messages saying things like "saved" before you have checked that the command has actually worked. It is not only totally silly, but extremely dangerous.

Richard Deeming 26-May-16 12:17pm

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2016-05-26T04:11:00

Well...yes, it would.
You haven't given it a connection string...so it doesn't know where your DB is...

Try setting up a connection in VS with the Server Explorer pane:
1) Open Server Explorer.
2) Right click "Data connections" and select "Add connection"
3) In the dialog that follows, select your DataSource, and database, specify the security info, and press the "Test connection" button.
4) When the connection works, press "OK"
5) Highlight your database in the Server Explorer pane, and look at the Properties pane. A working example of the connection string will be shown, which you can copy and paste into your app or config file.

You don't want to ExecuteReader to do an INSERT - it can't return any rows. USe ExecuteNonQuery instead.

But...don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Karthik_Mahalingam · Accepted Answer · 2016-05-26T04:16:00

From the error message and code its clear that the ConnectionString value is not provided to the SqlConnection object.
refer this[^] for the connection string which suits for your application and try running it.

Correction to your code..
Always use Parameterised query to avoid Sql Injection[^] attacks.

Since the test object is used no where, we can remove it.

C#

private void button1_Click(object sender, EventArgs e)
       {
           var query = "insert into test.Users (Username,Password) values (@username,@password)";
           SqlConnection con = new SqlConnection();
           con.ConnectionString = "Your Connection string";
           SqlCommand cmd = new SqlCommand(query, con);
           cmd.Parameters.Add("@username", textBox1.Text.Trim());
           cmd.Parameters.Add("@password", textBox2.Text.Trim());
           try
           {
               con.Open();
               cmd.ExecuteNonQuery();
               con.Close();
           }
           catch (Exception es)
           {
               MessageBox.Show(es.Message);
           }

       }

George Jonsson · Accepted Answer · 2016-05-26T04:18:00

As an addition to OriginalGriff's answer, you should also make an habit of write the code like this:

C#

using (SqlConnection con = new SqlConnection())
{
    con.ConnectionString = "...";
    // Your parameterized query code
} // the connection is automatically closed here

or

C#

string connectionString = "...";
using (SqlConnection con = new SqlConnection(connectionString))
{
    con.ConnectionString = "...";
    // Your parameterized query code
} // the connection is automatically closed here

For different variations of connection string, see this site:
ConnectionStrings.com - Forgot that connection string? Get it here![^]

Insert into SQL database from a textbox when a button is clicked

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0