C # windows sqlite two digits after the decimal point with SUM

Question

1.00/5 (2 votes)

See more:

Hello,

I stumble on this SQL statement whose code is this:

C#

var query = "SELECT SUM(replace(montant_total_cmd, ',', '')) FROM Tble_Commande WHERE Annee = '" + Annee_en_Cour + "'";
         using (var cmd = new SQLiteCommand(query, Program.Connex_Bdd))
         {
           int sum = Convert.ToInt32(cmd.ExecuteScalar());
             Program.Montant_ttle = cmd.ExecuteScalar().ToString();
             MessageBox.Show(string.Format("{0:0.00}", sum));
         }

In this example I want to find the sum of (145.15 + 191.86 + 117.60 + 218.80) which normally makes 673.41

Who can help me find the true value with two digits after the decimal point?
thank you
Bruno

What I have tried:

But with the value below I get 67341

<pre lang="c#">
cmd.ExecuteScalar().ToString()

and with the value below I get 67341.00

C#

string.Format("{0:0.00}", sum)

Despite my research, I can't get 673.41

In my Sqlite database I have commas and not REAL type points.

I had thought of this solution below but the result gives this 67341

C#

double sum = Convert.ToInt32(cmd.ExecuteScalar()); MessageBox.Show("" + Math.Round(sum, 2));

Posted 15-Feb-20 20:37pm

LSB71

Updated 15-Feb-20 22:46pm

Add a Solution

Comments

Richard Deeming 18-Feb-20 15:53pm

var query = "SELECT SUM(replace(montant_total_cmd, ',', '')) FROM Tble_Commande WHERE Annee = '" + Annee_en_Cour + "'";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2020-02-15T21:18:00

Solution 1

Why are you converting the returned value to an integer? That just destroys the fractional part. Try this:

C#

double sum = (double)cmd.ExecuteScalar();
MessageBox.Show(string.Format("{0:0.00}", sum));

Posted 15-Feb-20 21:18pm

Richard MacCutchan