Click here to Skip to main content
14,733,955 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
I am making telephone directory but one error is coming in this line "
cmd.ExecuteNonQuery();" in the delete functionality please tell me what
I am doing wrong and My problem is that if I click the delete button to delete the data from table this error appears and data does not delete from database my c# code is something like this :-

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace Telephone
{
public partial class Phone : Form
{
SqlConnection con = new SqlConnection(@"Data Source = ZOHAIB\SQLEXPRESS; Initial Catalog = bscs; Integrated Security = True");

public Phone()
{
InitializeComponent();
}

private void Phone_Load(object sender, EventArgs e)
{
Display();
}
private void button1_Click(object sender, EventArgs e)
{
textBox1.Text = "";
textBox2.Clear();
textBox3.Text = "";
textBox4.Clear();
comboBox1.SelectedIndex = -1;
textBox1.Focus();
}

private void button2_Click(object sender, EventArgs e)
{
con.Open();

SqlCommand cmd = new SqlCommand(@"INSERT INTO [5th]

([First Name], [Last Name], [Mobile], [Email], [Catagory])

VALUES ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + comboBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("sucessfuly saved");
Display();
}
void Display()
{
SqlDataAdapter sda = new SqlDataAdapter("select * from [5th]", con);
DataTable dt = new DataTable();
sda.Fill(dt);
dataGridView1.Rows.Clear();
foreach (DataRow item in dt.Rows)
{
int n = dataGridView1.Rows.Add();
dataGridView1.Rows[n].Cells[0].Value = item["First Name"].ToString();
dataGridView1.Rows[n].Cells[1].Value = item[1].ToString();
dataGridView1.Rows[n].Cells[2].Value = item[2].ToString();
dataGridView1.Rows[n].Cells[3].Value = item[3].ToString();
dataGridView1.Rows[n].Cells[4].Value = item[4].ToString();



}

}

private void dataGridView1_MouseClick(object sender, MouseEventArgs e)
{
textBox1.Text= dataGridView1.SelectedRows[0].Cells[0].Value.ToString();
textBox2.Text= dataGridView1.SelectedRows[0].Cells[1].Value.ToString();
textBox3.Text=dataGridView1.SelectedRows[0].Cells[2].Value.ToString();
textBox4.Text = dataGridView1.SelectedRows[0].Cells[3].Value.ToString();
comboBox1.Text = dataGridView1.SelectedRows[0].Cells[4].Value.ToString();

}

private void button3_Click(object sender, EventArgs e)
{
con.Open();

SqlCommand cmd = new SqlCommand(@"DELETE FROM [5th]

WHERE ([5th]='" + textBox1.Text + "')", con);


cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Delete sucessfully");
Display();
}
}
}>
Posted

1 solution

Just guessing, but:
SqlCommand cmd = new SqlCommand(@"DELETE FROM [5th] WHERE ([5th]='" + textBox1.Text + "')", con);

Do you really have a column called 5th in your table called 5th?

I doubt it.

But more importantly, don't do any of that like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900