I want to know what is the difference between i++ and ++i in loop

Question

0.00/5 (No votes)

See more:

Hello Guys, I want to know the difference between i++ and ++i in loop bcz i am using i++ in my project and it's add extra value in database so i need to know the difference between it.

What I have tried:

C#

for (int j = 0; j < dataGridView1.Rows.Count; j++)
                    {
                        connection.Open();
                        OleDbCommand command = new OleDbCommand();
                        command.Connection = connection;
                        command.CommandText = "insert into Total ([Column1],[Column2],[Column3],[Date],[Receipt No],[Delivery Person],[Report],[Flavours],[Return])values('" + dataGridView1.Rows[j].Cells[0].Value.ToString() + "','" + dataGridView1.Rows[j].Cells[1].Value.ToString() + "','" + dataGridView1.Rows[j].Cells[2].Value.ToString() + "','" + dataGridView1.Rows[j].Cells[4].Value.ToString() + "','" + label2.Text + "','" + "---" + "'," + dataGridView1.Rows[j].Cells[0].Value.ToString() + ",'" + dataGridView1.Rows[j].Cells[3].Value.ToString() + "','" + textBox66.Text + "');";
                        command.ExecuteNonQuery();
                        connection.Close();
                    }

                    MessageBox.Show("Inserted Sucessfully", "Database", MessageBoxButtons.OK, MessageBoxIcon.Information);

Posted 31-Oct-16 10:08am

Member 9983063

Updated 31-Oct-16 10:28am

Add a Solution

Comments

Richard Deeming 31-Oct-16 16:15pm

You've got bigger problems than that!

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Member 9983063 31-Oct-16 16:32pm

sir please guide me what i am doing wrong in my code please tell me i need to use i++ or ++i

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2016-10-31T10:28:00

Solution 2

You probably have the AllowUserToAddRows[^] property set to true, and you're inserting the values from the empty "insert" row. Check the IsNewRow[^] property before trying to insert the values.

You'll also want to fix the SQL Injection[^] vulnerability in your code.

And it would be best to open the connection once, rather than opening and closing it for every row.

C#

const string Query = @"INSERT INTO Total ([Column1], [Column2], [Column3], [Date], [Receipt No], [Delivery Person], [Report], [Flavours], [Return])
VALUES (@Column1, @Column2, @Column3, @Date, @ReceiptNo, @DeliveryPerson, @Report, @Flavours, @Return)";

using (var connection = new OleDbConnection("..."))
using (var command = new OleDbCommand(connection, Query))
{
    connection.Open();
    
    for (int j = 0; j < dataGridView1.Rows.Count; j++)
    {
        var row = dataGridView1.Rows[j];
        if (row.IsNewRow) continue;
        
        command.Parameters.Clear();
        command.Parameters.AddWithValue("@Column1", row.Cells[0].Value);
        command.Parameters.AddWithValue("@Column2", row.Cells[1].Value)
        command.Parameters.AddWithValue("@Column3", row.Cells[2].Value);
        command.Parameters.AddWithValue("@Date", row.Cells[4].Value);
        command.Parameters.AddWithValue("@ReceiptNo", label2.Text);
        command.Parameters.AddWithValue("@DeliveryPerson", "---");
        command.Parameters.AddWithValue("@Report", row.Cells[0].Value);
        command.Parameters.AddWithValue("@Flavours", row.Cells[3].Value);
        command.Parameters.AddWithValue("@Return", textBox66.Text);
        
        command.ExecuteNonQuery();
    }
}

Once you've fixed that, do yourself a favour and give your controls meaningful names, instead of accepting the default name that Visual Studio provides. You might remember what textBox66 means now, but when you come back to your code in a few months, you won't have a clue.

Posted 31-Oct-16 10:28am

Richard Deeming

Updated 31-Oct-16 10:38am

v2

Comments

Member 9983063 31-Oct-16 16:41pm

sir thank you for your answer and sir now i just need to ask a question sir my problem is when i insert 2 items in database so database show me 3 items so your this code is the solution of this problem?

Richard Deeming 31-Oct-16 17:01pm

Probably. As I said, I suspect you're inserting an extra row for the blank "insert" row at the bottom of the grid. Checking the IsNewRow property should resolve that.

Member 9983063 31-Oct-16 18:33pm

for (int j = 0; j < dataGridView1.Rows.Count; j++)
{
var row = dataGridView1.Rows[j];
if (row.IsNewRow)
{
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Total ([Column1],[Column2],[Column3],[Date],[Receipt No],[Delivery Person],[Report],[Flavours],[Return])values('" + dataGridView1.Rows[j].Cells[0].Value.ToString() + "','" + dataGridView1.Rows[j].Cells[1].Value.ToString() + "','" + dataGridView1.Rows[j].Cells[2].Value.ToString() + "','" + dataGridView1.Rows[j].Cells[4].Value.ToString() + "','" + label2.Text + "','" + "---" + "'," + dataGridView1.Rows[j].Cells[0].Value.ToString() + ",'" + dataGridView1.Rows[j].Cells[3].Value.ToString() + "','" + textBox66.Text + "');";
command.ExecuteNonQuery();
connection.Close();
}
else
{
MessageBox.Show("abc");
}
sir this is right?

Richard Deeming 1-Nov-16 8:56am

No, that is not correct.

Apart from the fact that you're only inserting a row for the blank "insert" row, rather than excluding that row, you've also ignored all other suggestions. Your code is STILL vulnerable to SQL Injection. You are STILL opening and closing the connection for every row.

I have already given you the correct code in my answer. Use that.

Member 9983063 1-Nov-16 19:05pm

hmmm thnx again sir,now i corrected my query i just want to show you please tell me now it's ok

OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = @"INSERT INTO Total ([Column1], [Column2], [Column3], [Date], [Receipt No], [Delivery Person], [Report], [Flavours], [Return])
VALUES (@Column1, @Column2, @Column3, @Date, @ReceiptNo, @DeliveryPerson, @Report, @Flavours, @Return)";
connection.Open();
for (int j = 0; j < dataGridView1.Rows.Count; j++)
{
var row = dataGridView1.Rows[j];
if (row.IsNewRow) continue;

command.Parameters.Clear();
command.Parameters.AddWithValue("@Column1", row.Cells[0].Value);
command.Parameters.AddWithValue("@Column2", row.Cells[1].Value);
command.Parameters.AddWithValue("@Column3", row.Cells[2].Value);
command.Parameters.AddWithValue("@Date", row.Cells[4].Value);
command.Parameters.AddWithValue("@ReceiptNo", label2.Text);
command.Parameters.AddWithValue("@DeliveryPerson", "---");
command.Parameters.AddWithValue("@Report", row.Cells[0].Value);
command.Parameters.AddWithValue("@Flavours", row.Cells[3].Value);
command.Parameters.AddWithValue("@Return", textBox66.Text);

command.ExecuteNonQuery();
} connection.Close();
MessageBox.Show("Inserted Sucessfully", "Database", MessageBoxButtons.OK, MessageBoxIcon.Information);

Richard Deeming 2-Nov-16 8:50am

Yes, that's better. But you should wrap the OleDbCommand in a using block. And you should really be creating the OleDbConnection when it's needed, and wrapping that in a using block, rather than storing it in a field.

Wendelius 31-Oct-16 16:48pm

Good example, a 5.

Wendelius · Answer 2 · 2016-10-31T10:25:00

The difference is in the order of operations:

i++, returns the value of i and then increments
++i, increments first and then returns the value of i

However, as pointed out you should fix the query to use OleDbParameter Class (System.Data.OleDb)[^] . Currently the most likeliest error source is the concatenation of values directly to the SQL statement which enables SQL injections, introduces conversion problems and so on.

After that the next steps should be:
- utilize using Statement (C# Reference)[^] to dispose the objects properly
- Open the connection first, do all the operations, then close the connection. You're currently doing vice versa
- Use transactions to ensure that everything succeeds or is rolled back