Click here to Skip to main content
13,703,250 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
the second row data do not enter into database in c# correct it plz

What I have tried:

SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-C8H8UQI\SQLEXPRESS;Initial Catalog=IMSDatabase;Integrated Security=True");

public Form2()
{
InitializeComponent();
}

private void button4_Click(object sender, EventArgs e)
{

dataGridView2.Rows.Add(textBox3.Text);

}

private void button1_Click(object sender, EventArgs e)
{
for (int j = 0; j < dataGridView2.Rows.Count; j++)
{
string query = "insert into Rough(itemName)values('" + dataGridView2.Rows[j].Cells[0].Value + "')";
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
dataGridView2.Rows.Clear();
Posted 4 days ago
Updated 4 days ago

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Um.
Look at your code:
for (int j = 0; j < dataGridView2.Rows.Count; j++)
    {
    string query = "insert into Rough(itemName)values('" + dataGridView2.Rows[j].Cells[0].Value + "')";
...
    dataGridView2.Rows.Clear();
So once you've been round the loop once, you have removed all the other rows from it ... Move the clear to after the loop, and it;ll work better.

But ... there are a load of other things wrong here.
1) Don't hard-code connection strings - they need to be in a config file or similar, or you have to recompile your app for each new installation.
2) Connection, Command, and similar objects are scarce resources - you should Dispose of them when you are finished. The simplest way is to us a using block:
using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con))
        {
        cmd.Parameters.AddWithValue("@C1", myValueForColumn1);
        cmd.Parameters.AddWithValue("@C2", myValueForColumn2);
        cmd.ExecuteNonQuery();
        }
    }

3) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web06-2016 | 2.8.180906.1 | Last Updated 16 Sep 2018
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100