Click here to Skip to main content
15,880,608 members
Search within:


how do I insert the values into the sqlserver database in visual studio 2008
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hello everybody, Every time I got the error when I am trying to insert the values into the SQLServer database in visual studio 2008 and I got the Unhandled Sqlexception and the error is "An explicit value for the identity column in table 'Emp' can only be specified when a column list is used and IDENTITY_INSERT is ON.".So please help to solve my this problem.Here's below is code

private void button1_Click(object sender, EventArgs e)
       {
           SqlConnection con = new SqlConnection("Data Source=PS201\\SQLEXPRESS;Initial Catalog=EmployeeInfo;Integrated Security=True;Pooling=False");
           con.Open();
           SqlCommand sc = new SqlCommand("insert into Emp values(" + textBox1.Text + ",'" + textBox2.Text + "','" + textBox3.Text + "'," + textBox4.Text + ",'" + textBox5.Text + "');",con);
           int o = sc.ExecuteNonQuery();
           MessageBox.Show(o+"Insert value successfully..");
           con.Close();


       }

       public static void main(string[] arg)
       {
         Application.Run(new Form1());
       }

       private void button2_Click(object sender, EventArgs e)
       {
           Application.Exit();
       }
Posted
Updated 5-Sep-14 22:40pm
v2
Add a Solution

3 solutions

Always list the columns you want to insert or alter: if you don't then SQL assumes you mean in it's current column order starting from the "Left" - and the problem you are meeting is one of the results of that (The other is much worse - your DB gets irretrievably corrupted after a "small change" to the DB which appears to work fine until data problems are seen six months later).

Basically, you can't write to an identity column.
So specify your SQL INSRT like this:
SQL
INSERT INTO Emp (MyColumnName1, MyColumnName2) VALUES (...)

And that problem will go away.

But...don't do it the way you are! That is spectacularly dangerous. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
 
Share this answer
 
Posted
Comments
AnoopGharu 6-Sep-14 5:15am    
Thank you so much for your Best concern, I use your above given step in the coding but still the error can't go away and this time the error is "Cannot insert explicit value for identity column in table 'Emp' when IDENTITY_INSERT is set to OFF.".
OriginalGriff 6-Sep-14 5:26am    
You didn't read what I said, did you?
"you can't write to an identity column"
So list the fields you *are* trying to write to...the ones that will take the values from your text boxes...
AnoopGharu 6-Sep-14 6:12am    
Thank you so much Sir.Now I got it.
OriginalGriff 6-Sep-14 6:26am    
You're welcome!
sir, please see the below link it might help you :-

http://stackoverflow.com/questions/2005437/an-explicit-value-for-the-identity-column-in-table-can-only-be-specified-when-a/2005449#2005449[^]
 
Share this answer
 
Posted
Updated 5-Sep-14 22:51pm
v3
C#
Actually you have one Identity Column so You have to specify rest of  Column Name for Inserting Value into the table.

For Example :

INSERT INTO EMP_TBL (NAME,ADDRESS) VALUES ('"+TextBox1.Text+"','"+TextBox2.Text+"')
 
Share this answer
 
Posted
Comments
OriginalGriff 6-Sep-14 6:28am    
Reason for my vote of one: Never, ever, encourage people to concatenate textbox contents into SQL strings! It is seriously dangerous: any user can delete your database just by typing in the text box!

Google for "Bobby Tables" and don't assume it's just a joke...
aarif moh shaikh 6-Sep-14 7:58am    
If we take that TextBoxes value into a String Variable or any Parameterized Variables .. but finally these varible also will take values from that textboxes , than how you saying like this.
OriginalGriff 6-Sep-14 8:08am    
There is a difference between a concatenated query:
string sql = "INSERT INTO MyTable (MyColumn) VALUES('" + "x');DROP TABLES MyTable" + "')";
using (SqlCommand cmd = new SqlCommand(slq, con))
{
...

and a parametrized one:

string sql = "INSERT INTO MyTable (MyColumn) VALUES(@VAL)";
using (SqlCommand cmd = new SqlCommand(slq, con))
{
cmd.Parameters.AddWithValue("@VAL", "x');DROP TABLES MyTable");
...

The former sends two commands to SQL: an INSERT to put "x" into the column, and a second one which deletes the table. SQL executes both!
The send sends one command, which inserts the whole string into the column and can't let the user corrupt your DB.

This is called an SQL Injection attack, and it lets users bypass your login security, alter or delete your database, and so forth. And it's is unbelievably simple for a user to do...

And if you think I'm joking: try it on your code. Make sure you backup your database first though... :laugh:
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Visual Studio .Net 2005 and sqlServer 2008
how to insert default values in sqlserver 2008
c sharp,sqlserver 2008
Visual Studio 2008 Insert Into SQL DB
Insert row at selected row in SSRS (visual studio 2008)
How Do I Setup The Access 2007 Database And Visual Studio 2008
vb.net code for inserting values of textbox at runtime in sqlserver database
Insert byte array into SqlServer 2008
Insert and registration data not show in database table visual studio 2019
Visual Studio 2008

Advertise
Privacy
Cookies
Terms of Use
Last Updated 6 Sep 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900