How to solve this error(an unhandled exception of type 'System.FormatException'

Question

0.00/5 (No votes)

See more:

hii,everyone
How to solve this error(an unhandled exception of type 'System.FormatException'...)

in button search when put characters give me this error .

SQL

da.SelectCommand = new SqlCommand("select * from tblcontacts where id like " +Int32.Parse( textBox3.Text), cs);
            dt.Clear();
            da.Fill(dt);

            dataGridView1.DataSource = dt;

Posted 15-Jan-14 4:53am

mhassan083

Add a Solution

3 solutions

Solution 1

There is no need to convert to an integer just to convert it back to a string again. Just use:

C#

new SqlCommand("select * from tblcontacts where id like " + textBox3.Text, cs)

But you should learn about parameterized queries and SQL injection attacks. This opens you up to major hacking in your database.

Posted 15-Jan-14 4:56am

Ron Beyer

Comments

mhassan083 15-Jan-14 11:33am

when try it give me error ('System.Data.Sqlcient.SqlException'...invalid column name 'mh').

Christian Graus 16-Jan-14 17:13pm

That means that your text was not just a number. There's no way adding a number to this SQL, would give that error.

Solution 3

If you're doing a like statement, that suggests to me that you are trying to pass multiple values across from your textbox through to your SQL. If you are trying to validate anything other than an integer with Int32.Parse, this will fail. A couple of things need to be considered:

Rather than passing parameters like this, you should consider parameterised queries because you have left the code open to SQL Injection attacks[^] (you're lucky that the Int32.Parse is throwing an exception as that has, by accident, acted as protection for your database).
Is a like statement really the best way to do this? Consider the execution query you will end up with. You might want to put a table based query[^] in there instead.

Posted 15-Jan-14 5:16am

Pete O'Hanlon

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Karthik_Mahalingam · Accepted Answer · 2014-01-15T05:11:00

Solution 2

Try this

as Ron said , be aware of SQL_injection[^]

SQL

string query = string.Format("select * from tblcontacts where id like '{0}'",textBox3.Text);
       da.SelectCommand = new SqlCommand(query, cs);

Posted 15-Jan-14 5:11am

Karthik_Mahalingam

Updated 15-Jan-14 19:53pm

v2

Comments

mhassan083 15-Jan-14 11:28am

there is three braces make error

Karthik_Mahalingam 15-Jan-14 11:43am

if your issue is resolved, pls close this post..

mhassan083 15-Jan-14 12:00pm

not resolved
your solution make error

Karthik_Mahalingam 15-Jan-14 12:03pm

what error you are getting

mhassan083 16-Jan-14 1:29am

error before running under brace " ' "),cs); have red line under it

Karthik_Mahalingam 16-Jan-14 1:51am

compile error or runtime error ?

Karthik_Mahalingam 16-Jan-14 1:53am

try my updated solution..

mhassan083 16-Jan-14 3:15am

good,thanks

Karthik_Mahalingam 16-Jan-14 3:16am

welcome hassan :)

Christian Graus 16-Jan-14 17:12pm

If he parses the value as an int, he's never going to have to worry about SQL injection in this code, at least.

Karthik_Mahalingam 16-Jan-14 20:33pm

yes Christian, you r right, this didn't strike to my mind, my bad :(