Click here to Skip to main content
15,885,546 members
Search within:


Parameterize my queries
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
I was advised to Parameterize all my queries. I am having trouble changing my queries. when I click save nothing happens. I refeshed my database and it is inserting metroName1 into Name in the database not what I am typing into the metroName1 textbox

C#
UniConnection connection = new UniConnection("Provider=MySQL;host=127.0.0.1;user=###;password=###;database=dscomputers");
            try
            {
                UniCommand cmd = connection.CreateCommand();
                cmd.CommandText = "INSERT INTO customer (Name, Mobile, Landline, Othernumber, Address) VALUES (@Name, @Mobile, @Landline, @Othernumber, @Address)";
                UniParameter parameter = cmd.Parameters.Add("@Name", UniDbType.VarChar);
                parameter.Value = "metroName1";
                
                cmd.Parameters.Add(parameter);
                parameter = cmd.Parameters.Add("@Mobile, UniDbType.VarChar);
                parameter.Value = "metroMobile2";
                cmd.Parameters.Add(parameter);
                parameter = cmd.Parameters.Add("@Landline", UniDbType.VarChar);
                parameter.Value = "metroLand3";
                cmd.Parameters.Add(parameter);
                parameter = cmd.Parameters.Add("@Othernumber", UniDbType.VarChar);
                parameter.Value = "metroOther5";
                cmd.Parameters.Add(parameter);
                parameter = cmd.Parameters.Add("@Address", UniDbType.VarChar);
                parameter.Value = "metroOther4";
                cmd.Parameters.Add(parameter);
                connection.Open();
                cmd.ExecuteNonQuery();
            }
            finally
            {
                connection.Close();
            }

        }
    }
}


What I have tried:

I've tried different options but cant seem to get it at all. I know I have something wrong but never used Parameterized queries before
Posted
Updated 5-Oct-16 20:21pm
v3
Add a Solution

3 solutions

Got it working by using 
parameter.Value = metroMobile2.Text;
 
Share this answer
 
Posted
You are adding each parameter to the collection twice. Your code is using a pattern:
C#
parameter = cmd.Parameters.Add(name, type);
parameter.Value = value;
cmd.Parameters.Add(parameter);

either remove the last Add(parameter) statement, or use a pattern like:
C#
parameter = cmd.CreateParameter(name, type);
parameter.Value = value;
cmd.Parameters.Add(parameter);


or even change the cmd.CreateParameter to simply new SQLParameter (or whichever Db prefix you're using)
 
Share this answer
 
Posted
As pointed out, you add the parameters twice to the parameter collection. This causes some confusion. Also you provide static values for the parameters instead of getting them from UI objects. Is that really the point since all the rows get the same values. Instead for example for all text boxes use the Text property[^] or if Windows Forms then Text[^]

Also you should properly dispose the connection and the command for releasing the resources. You might find reading the following useful: Properly executing database operations[^]

Oh, and one more thing. Never post username or password to public forums. I edited them away.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
LINQ and Parameterized Queries
Is this a parameterize Query ?
SELECT parameterizes query
Parameterized query issue
Parameterized query for like
how to parameterized query
Problem with parameterized query
Inserting a parameterized query
performance of parameterized query
Parameterized query and stored procedure

Advertise
Privacy
Cookies
Terms of Use
Last Updated 6 Oct 2016
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900