Arabic text replaced by ?

Question

1.00/5 (1 vote)

See more:

when ever i try to save any arabic text selected from combobox it replaced to ?????????

What I have tried:

iCreated table in database countain
column typeuser nvarchar

in my code i tried to load another table in combobox

C#

string queryert = "select * from YETBUsings where YETBUSaction=1 order by YETBUSid desc";
SqlCommand daert = new SqlCommand(queryert, conn);
SqlDataReader myreader;
try 
{
   conn.Open();
   myreader = daert.ExecuteReader();
   while(myreader.Read())
   {
     string sname = myreader.GetString(1);
     UserType.Items.Add(sname);
   }
   conn.Close();
   }
   catch (Exception ex)
   {
      MessageBox.Show(ex.Message);
   }

INSERT CODE 

string UT = Convert.ToString(UserType.SelectedItem);
SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES ('" + UT + "')", conn);

but when ever i select any item in the combobox to save it in database
it saved in this form ??????? ????

Posted 18-Sep-22 1:22am

elmokhtari elhoussaine

Updated 20-Sep-22 2:11am

Dave Kreskowiak

v2

Add a Solution

Comments

Daniel Pfeffer 18-Sep-22 8:08am

I am not an SQL expert, but perhaps the problem is in the database schema. Are you certain that the strings stored in the database are Unicode strings? If they are ASCII strings, it is quite possible that the database won't recognize them - Arabic is not defined in ASCII.

See the following: https://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver15

0x01AA 18-Sep-22 8:19am

OP mentioned the type of the field is nvarchar which means it can hold unicode data.

Richard MacCutchan 18-Sep-22 8:55am

The problem is most likely that you are trying to display the data without selecting the Arabic font.

Dave Kreskowiak 18-Sep-22 12:35pm

Most likely, the font you're using to display this data doesn't support Arabic characters. Pick a different font that does.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2022-09-20T02:11:00

Quote:

C#

SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES ('" + UT + "')", conn);

Don't do it like that!

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

And it just so happens that by fixing this critical security vulnerability in your code, you will also fix your encoding problem as a free bonus. Instead of concatenating your text into your SQL command as a non-Unicode literal, you will pass it through as a Unicode parameter. So long as your table column is defined as nvarchar(...) instead of varchar(...), your Arabic text will be stored and retrieved correctly.

C#

using (SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES (@YETBType)", conn))
{
    sqlcmd.Parameters.AddWithValue("@YETBType", UT);
    sqlcmd.ExecuteNonQuery();
}