Click here to Skip to main content
15,922,533 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Please correct the code:

C#
cmdupdate.CommandText = "Insert Into RawMat " +
                " (ProductDimension) " +
                " VALUES ('" + txtwidth.Text + "', '" + txtheight.Text + "', '" + txtunitofmeasurement.Text + "')";
            cmdupdate.ExecuteNonQuery();


Output:

Given:
height = 5
width = 7
unit = feet

Answer:
dimension = 5 x 7 feet
Posted

SQL
cmdupdate.CommandText = "Insert Into RawMat " +
                " (ProductDimension) " +
                " VALUES ('" + txtwidth.Text + " X " + txtheight.Text + " " + txtunitofmeasurement.Text + "')";
            cmdupdate.ExecuteNonQuery();
 
Share this answer
 
1) you can concatenate in tsql with + sing

2) why don't you concatenate in C#?
3) use parameters for statement building (avoid exposing your app to SQLinjection)

C#
cmdupdate.CommandText = "Insert Into RawMat (ProductDimension) VALUES (@dim)";
cmdupdate.Parameters.AddWithValue("@dim", string.Format("{0} x {1} {2}", txtwidth.Text, txtheight.Text, txtunitofmeasurement.Text));
 
Share this answer
 
v2
Comments
wolfsor 3-Jul-12 3:48am    
how do you add WHERE ProductNo=@Pno
Zoltán Zörgő 3-Jul-12 4:05am    
WHERE clause in this insert statement? I don't understand. In a select you can do it just like here. If data type of the parameter is not detectable, you can use Add method and then set the value. Consult MSDN.
Zoltán Zörgő 4-Jul-12 17:14pm    
any progress?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900