how to solve the problem of "Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints." error

Question

0.00/5 (No votes)

See more:

when i call the function

C#

public DataTable GetAllBySurSurveyId(Int64 surSurveyId)
        {
            DataTable dtSurSurveyTeam = null;
            try
            {
                dtSurSurveyTeam = Adapter.sp_4_15_GetAllBySurSurveyId(surSurveyId);
            }
            catch (Exception ex)
            {
                ErrorWriter.WriteError(ex, "FunctionName --> GetDataTable", RequestPage);
            }
            return dtSurSurveyTeam;
        }

the above error came. i have binded the quary with storeprocedure and the storeprocedure is showing the data.

storeprocedure :

SQL

ALTER PROCEDURE [dbo].[sp_4_15_GetAllBySurSurveyId] 
	-- Add the parameters for the stored procedure here
	@surSurveyId AS nvarchar(MAX)
AS
BEGIN

DECLARE @Sql1 AS NVARCHAR(MAX)

SET @Sql1 =
'SELECT        T.SurSurveyTeamId, O.OfficeName, T.SurveyTeamName, T.TeamDescription,
                             (SELECT        COUNT(SurSurveyTeamMemberId) AS TotalMembers
                               FROM            SurRelationSurveyTeamToTeamMember AS RTM
                               WHERE        (SurSurveyTeamId = R.SurSurveyTeamId)) AS TotalMembers
FROM            SurRelationSurveyToSurveyTeam AS R LEFT OUTER JOIN
                         SurSurveyTeam AS T ON T.SurSurveyTeamId = R.SurSurveyTeamId LEFT OUTER JOIN
                         UsmOffice AS O ON O.UsmOfficeId = T.UsmOfficeId
WHERE        (R.SurSurveyId = '+@surSurveyId+')'
 
EXECUTE (@Sql1)	
END

Posted 3-Mar-15 18:45pm

User 10734264

Updated 3-Mar-15 18:53pm

RajeeshMenoth

v3

Add a Solution

Comments

Richard Deeming 5-Mar-15 5:35am

Congratulations - you've just clearly demonstrated that stored procedures don't automatically protect you from SQL Injection[^] vulnerabilities!

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Use sp_executesql[^] to execute your query, passing the parameter as a parameter rather that using string concatenation. See this blog post[^] for more details.

Alternatively, since your dynamic SQL is so simple, replace it with a normal query.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Member 10971356 · Answer 1 · 2015-03-04T23:03:00

As the error message says, the types of constraints that you might violate are non-null, unique, or foreign-key constraints. Unless you add them yourself, they can only be created when DataTable and DataSet schema is generated automatically, by the Data Source or the like.

This problem is usually caused by

-> null values being returned for columns not set to AllowDBNull
-> duplicate rows being returned with the same primary key.
-> a mismatch in column definition (e.g. size of char fields) between the database and the dataset