Click here to Skip to main content
13,832,066 members
Rate this:
Please Sign up or sign in to vote.
See more:
the second row data do not enter into database in c# correct it plz

What I have tried:

SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-C8H8UQI\SQLEXPRESS;Initial Catalog=IMSDatabase;Integrated Security=True");

public Form2()

private void button4_Click(object sender, EventArgs e)



private void button1_Click(object sender, EventArgs e)
for (int j = 0; j < dataGridView2.Rows.Count; j++)
string query = "insert into Rough(itemName)values('" + dataGridView2.Rows[j].Cells[0].Value + "')";
SqlCommand cmd = new SqlCommand(query, con);
Updated 15-Sep-18 22:21pm

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Look at your code:
for (int j = 0; j < dataGridView2.Rows.Count; j++)
    string query = "insert into Rough(itemName)values('" + dataGridView2.Rows[j].Cells[0].Value + "')";
So once you've been round the loop once, you have removed all the other rows from it ... Move the clear to after the loop, and it;ll work better.

But ... there are a load of other things wrong here.
1) Don't hard-code connection strings - they need to be in a config file or similar, or you have to recompile your app for each new installation.
2) Connection, Command, and similar objects are scarce resources - you should Dispose of them when you are finished. The simplest way is to us a using block:
using (SqlConnection con = new SqlConnection(strConnect))
    using (SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con))
        cmd.Parameters.AddWithValue("@C1", myValueForColumn1);
        cmd.Parameters.AddWithValue("@C2", myValueForColumn2);

3) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Member 13985914 27-Sep-18 2:13am
Thank you so much sir! i have completed the inventory management system in c# and also got its setup file by publishing..
Now i want to give this to customer what should i install on the customer computer!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Cookies | Terms of Service
Web01 | 2.8.190114.1 | Last Updated 16 Sep 2018
Copyright © CodeProject, 1999-2019
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100