C# how to insert and search data on testbox within database

Question

0.00/5 (No votes)

See more:

hello, I am building a interface that allow user to input or search a subject name.

 SubjectName
Accounting
Biology
Bussiness
Computer Science
Computing
English
Law
Maths

The problem is if I tried to input a new subjectName, there will be a error showed

System.AccessViolationException: 'Attempted to read or write protected memory. This is often an indication that other memory is corrupt.' on program.cs

and another question is how to insert the new subject name to database, do I achieve it on btnNext button? how can textbox search a name from the database or insert a new subjectname

Any ideas? Thank you

What I have tried:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using MySql.Data.MySqlClient;


namespace ProjectInterface
{
    public partial class Concept : Form
    {

        MySqlConnection con = new MySqlConnection("server=localhost;Database=databse;Port = 3306; User ID = root; Password = password123");
        MySqlCommand cmd = new MySqlCommand();

        public Concept()
        {
            InitializeComponent();
        }



        private void btnNextC_Click(object sender, EventArgs e)
        {
            con.Open();

      

            string newcon = "Insert into tutorials(TutorialName) VALUES ('" + txtTuName.Text + " ')";

            MySqlCommand cmd = new MySqlCommand(newcon, con);
            cmd.ExecuteNonQuery();



            this.Hide();
            Home home = new Home();
            home.Show();

            //next - go t oquestionnaire page
            //this.Hide();
            //Questionnaire q = new Questionnaire();
            //q.Show();

        }
        private void btnCancelC_Click(object sender, EventArgs e)
        {
            //cancel button - go back to home page.
            this.Hide();
            Home home = new Home();
            home.Show();
        } 

        private void Concept_Load(object sender, EventArgs e)
        {

        }

        private void txtSubject_TextChanged(object sender, EventArgs e)
        {
            con.Open();
  
            
            MySqlCommand cmd = new MySqlCommand("SELECT  SubjectName From databse.subject WHERE SubjectName LIKE @name",con);
            cmd.Parameters.Add(new MySqlParameter("@name", "%" + txtSubject.Text + "%"));

            MySqlDataReader dr = cmd.ExecuteReader();

            AutoCompleteStringCollection subjectColl = new AutoCompleteStringCollection();

            while (dr.Read()) { 
                subjectColl.Add(dr.GetString(0));
             }
            
            txtSubject.AutoCompleteCustomSource = subjectColl;
            con.Close();


        }

   }

Posted 8-Feb-18 11:19am

Liu Lily

Updated 8-Feb-18 19:52pm

Add a Solution

Comments

j snooze 8-Feb-18 17:38pm

That error can be caused by the platform you chose to compile the app as. x86, 64 or any cpu. Also I would recommend using a parameterized query for your insert like you do on the select statement.

Richard Deeming 9-Feb-18 10:03am

string newcon = "Insert into tutorials(TutorialName) VALUES ('" + txtTuName.Text + " ')";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

You already know how to use parameters, as you're doing it correctly in the txtSubject_TextChanged method.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

saimanisha · Answer 1 · 2018-02-08T19:52:00

i have question do you want to perform both actions on same textbox .like you are trying to insert sub name and same time you are trying to search the subjects which are there in database .you have to analyse which scenario is suitable for your application.
the error is because when you try to insert data into database you have written cimmand for selecting subject which are there in database.i suggest you to perform this only when action is done.
first you try to perform selecting data from database n check for match .

if (match)
{
//here you display matched subjects
}
else if(!match)
{
//here you allow user to add the particular subject and keep any button or something to perform action for inserting .when no match occurs if you want to insert this functionality would work.display a control like button or checkbox and click on it then write code for insertion.when insertion is done successfully.make it invisible.
}