loading values from Junction Table to Windows Form

Question

1.00/5 (1 vote)

See more:

loading values from Junction Table to Windows Form not Working.
I want to load values from Junction table with Particular ID and to assign those values to Windows Form but it seems not working.
Here is my code
Programming prog = new programming();
SqlCeConnection con = null;
string query = "Select * from ProgragrammingLanguage where ApplicantID = '" + ApplicantID + "'";
try
{
con = new SqlCeConnection(@"Data Source=|DataDirectory|\Db\ApplicantDB.sdf");
con.Open();
Utils.daBewerber = new SqlCeDataAdapter(query, con);
SqlCeCommandBuilder cmb = new SqlCeCommandBuilder(Utils.daBewerber);
}
catch (SqlCeException ex)
{
string s = ex.Message;
}
DataSet dataset = new DataSet();
Utils.daBewerber.Fill(dataset, "ProgragrammingLanguage");
foreach (DataRow row in dataset.Tables[0].Rows)
//dataset.Tables is correct
//My Table looks like no
//ApplicantID ProgID Name Proficiency
25 1 c 3 //(3 for Expert)
25 2 C++ 1 //(Basis)
{

prog.Name = row[3].ToString(); //instance of class prog
//prog.Name is also correct like i get c now i want to
//assing those values to my Form, My Form contain Text box to hold Name like c,c#
and 3 radio Buttons if Prificiency = 1, Radio Button Basic checked....

uc.Name = prog.Name;
//Now i want to assing thise values To my Form(User control)But its not working

}
}

Posted 26-Mar-15 4:43am

Member 11000455

Add a Solution

Comments

Sascha Lefèvre 26-Mar-15 11:11am

Do you get an exception? If yes, what's the message? If no, in which way does it not work as you intend it to?
Is "ProgragrammingLanguage" the actual name of the table in the database? -> gragra

Richard Deeming 26-Mar-15 11:26am

Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Sergey Alexandrovich Kryukov 26-Mar-15 11:39am

I credited your comment, Solution 1.
Thank you.
—SA

Vamshi Krishna Naidu 26-Mar-15 11:40am

When you have 1 text box to load data from database, Why are you using Foreach row? So when you are expecting Multiple Results, How can you use single textbox to bind everytime?

I can ask you 100 More questions, so please explain yourself what are you trying to bind result set to?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2015-03-26T05:37:00

Your approach is wrong from the very beginning. You should never create a query by concatenation of string taken from your UI. Instead, you need to use parametrized statements. Please see: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

If you do it your way, you make your application totally vulnerable to a well-known exploit: SQL Injection. The user can write anything in the UI, including some SQL fragment. Are you getting the idea? This is how: http://xkcd.com/327.

(Credit to the comment to the question by Richard Deeming.)

Please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

—SA