Click here to Skip to main content
15,898,987 members
Search within:


The second row data do not enter into database in C#
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
DataGridView
the second row data do not enter into database in c# correct it plz

What I have tried:

SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-C8H8UQI\SQLEXPRESS;Initial Catalog=IMSDatabase;Integrated Security=True");

public Form2()
{
InitializeComponent();
}

private void button4_Click(object sender, EventArgs e)
{

dataGridView2.Rows.Add(textBox3.Text);

}

private void button1_Click(object sender, EventArgs e)
{
for (int j = 0; j < dataGridView2.Rows.Count; j++)
{
string query = "insert into Rough(itemName)values('" + dataGridView2.Rows[j].Cells[0].Value + "')";
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
dataGridView2.Rows.Clear();
Posted
Updated 15-Sep-18 21:21pm
Add a Solution

1 solution

Um.
Look at your code:
C#
for (int j = 0; j < dataGridView2.Rows.Count; j++)
    {
    string query = "insert into Rough(itemName)values('" + dataGridView2.Rows[j].Cells[0].Value + "')";
...
    dataGridView2.Rows.Clear();
So once you've been round the loop once, you have removed all the other rows from it ... Move the clear to after the loop, and it;ll work better.

But ... there are a load of other things wrong here.
1) Don't hard-code connection strings - they need to be in a config file or similar, or you have to recompile your app for each new installation.
2) Connection, Command, and similar objects are scarce resources - you should Dispose of them when you are finished. The simplest way is to us a using block:
C#
using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con))
        {
        cmd.Parameters.AddWithValue("@C1", myValueForColumn1);
        cmd.Parameters.AddWithValue("@C2", myValueForColumn2);
        cmd.ExecuteNonQuery();
        }
    }

3) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
 
Share this answer
 
Posted
Comments
Member 13985914 27-Sep-18 2:13am    
Thank you so much sir! i have completed the inventory management system in c# and also got its setup file by publishing..
Now i want to give this to customer what should i install on the customer computer!
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 16 Sep 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-05-14:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900