Click here to Skip to main content
15,996,416 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Hi friends first I am stuck in this problem I could not solve it and I already published here brief I will copy the status description "I will explain the state after I will give you my need
I have a DataGridView with a check box I check the rows after I click the "save" button and normally the rows I check that they will have to be inserted in both the other table but I find that Just a line that was inserted twice
The second problem is that I want the rows I inserted that I want the most to see when I click the search button because they are already assigned in the table
You will find the two interfaces that process the "
I hope I have described my condition well and thank you in advance

What I have tried:

C#
//script search button
private void button4_Click(object sender, EventArgs e)
        {
            dataGridView2.Rows.Clear();
            Program.cmd.CommandText = "select * from bon_reception_marche where Date_reception between '" + dateTimePicker1.Value.Date + "' and '" + dateTimePicker2.Value.Date + "' and Id_marche in (select TOP 1 Id_marche from marche where Num_marche = '" + textBox1.Text + "')";
            Program.dr = Program.cmd.ExecuteReader();
            while (Program.dr.Read())
            {
                dataGridView2.Rows.Add(Program.dr[0], Program.dr[2], Program.dr[3], Program.dr[5], Program.dr[6], Program.dr[7], Program.dr[8], Program.dr[9], Program.dr[10], Program.dr[11], Program.dr[12]);
            }
            Program.dr.Close();
        }
        //script click datagridview
        private void dataGridView2_CellClick(object sender, DataGridViewCellEventArgs e)
        {
            if (e.ColumnIndex == 11/*myColumn*/ && e.RowIndex >= 0 /*myRow*/)
            {
                button1.Enabled = true;
            }
        }
        //script button save :
        private void button1_Click(object sender, EventArgs e)
        {
            int colIndex = dataGridView2.Columns["CheckBox"].Index;
            try
            {
                var rows = dataGridView2.Rows
                .Cast<DataGridViewRow>()
                .Where(row => row.Cells[colIndex].Value != null)
                .Where(row => (bool)row.Cells[colIndex].Value)
                .ToList();
                foreach (DataGridViewRow row in rows)
                    insertRowData(row);
                MessageBox.Show("c'est ajouté avec succés");
            }
            catch (FormatException)
            {
                MessageBox.Show("Only input numbers into the table!",
                "Only Numbers", MessageBoxButtons.OK);
            }
            catch (Exception)
            {
                MessageBox.Show("There was an error while saving!",
                "Error", MessageBoxButtons.OK);
            }
        }
        private void insertRowData(DataGridViewRow row)
        {
            double montantValue = Convert.ToDouble(row.Cells["Column7"].Value);
            int id_br_value = Convert.ToInt32(row.Cells["Column11"].Value);
            string check;
            if (checkBox1.Checked == true)
            {
                check = "O";
            }
            else
            {
                check = "N";
            }
            Program.cmd.Parameters.Clear();
            Program.cmd.CommandText = "insert into attachement_marche (Id_bon_reception_marche,Id_marche,Num_attachement,Date_debut,Date_fin,Flag_dernier,Montant,User_create,Date_create) values ( " + id_br_value + ",(select TOP 1 Id_marche from marche where Num_marche = '" + textBox1.Text + "'),'" + textBox3.Text + "','" + dateTimePicker1.Value.Date + "','" + dateTimePicker1.Value.Date + "','" + check + "'," + montantValue + ",'" + values.username + "','" + DateTime.Now.Date + "')";
            Program.cmd.ExecuteNonQuery();
        }
Posted
Updated 18-Mar-17 18:12pm
v2
Comments
Patrice T 18-Mar-17 18:38pm    
Reposting the same question will not help you
It just upset helpers here.

1 solution

Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash.
SQL injection - Wikipedia[^]
SQL Injection[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900