Click here to Skip to main content
14,382,515 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hi i am a newbie to C# and are trying to create a inventory management system for my team.

I have created the form and i have tested that the data goes into the sql database table, however everytime i launch my form the dataGridView automatically adds a row.. Secondly i want my Wkst_Status field to allow ACTIVE to be true or visible and not have the default name select visible. hope you can help me in this regard.
Thanks in advance
Jason

see code below:

this.workstationsTableAdapter.Fill(this.stockInventoryDataSet.Workstations);
            using (SqlConnection con = new SqlConnection())

            {

                con.ConnectionString = (@"Data Source=SH-JASONK\DEV;Initial Catalog=StockInventory;Integrated Security=True");
                con.Open();
                bool status = false;
                if (combostatus.SelectedIndex == 0)
                {
                    status = true;
                }
                else
                {
                    status = false;
                }
                using (SqlCommand cmd = con.CreateCommand())
                {
                    cmd.CommandText =
                       cmd.CommandText = (@"INSERT INTO [StockInventory].[dbo].[Workstations](Emp_Name, 
               Emp_Surname, 
               Department, 
               Company, 
               Hostname, 
               Wkst_Status, 
               Make, Model, 
               SerialNumber, 
               ProductNumber, 
               PurchaseDate, 
               ExpiryDate, 
               Memory, 
               Processor, 
               HDD, 
               OS, 
               MSOffice) 
        VALUES ('" + txtname.Text + "',
                '" + txtsurname.Text + "',
                '" + combodept.Text + "',
                '" + combocompany.Text + "',
                '" + txthostname.Text + "',
                '" + combostatus.Text + "',
                '" + combomake.Text + "',
                '" + txtmodel.Text + "',
                '" + textsn.Text + "',
                '" + txtprodnum.Text + "',
                '" + dateTimePicker1.Value.ToString("yyyy/MM/dd") + "',
                '" + dateTimePicker2.Value.ToString("yyyy/MM/dd") + "',
                '" + combomem.Text + "',
                '" + txtproc.Text + "',
                '" + combohdd.Text + "',
                '" + comboOS.Text + "',
                '" + combooffice.Text + "')");
                    cmd.ExecuteNonQuery();
                    con.Close();

                    //Reading Data:

                    SqlDataAdapter sda = new SqlDataAdapter("SELECT * FROM 
                    [StockInventory].[dbo].[Workstations] ", con);
                    DataTable dt = new DataTable();
                    sda.Fill(dt);
                    
                    foreach (DataRow item in dt.Rows)
                    {
                        int n = dataGridView1.Rows.Add();
                        
dataGridView1.Rows[n].Cells[0].Value = item["Emp_Name"].ToString();
dataGridView1.Rows[n].Cells[1].Value = item["Emp_Surname"].ToString();
dataGridView1.Rows[n].Cells[2].Value = item["Department"].ToString();
dataGridView1.Rows[n].Cells[3].Value = item["Company"].ToString();
dataGridView1.Rows[n].Cells[4].Value = item["Hostname"].ToString();
 bool combostatus = true;
 if (combostatus)
    {
     dataGridView1.Rows[n].Cells[5].Value = "ACTIVE";
    }
       else
    {
       dataGridView1.Rows[n].Cells[5].Value = "INACTIVE";
    }

                        
dataGridView1.Rows[n].Cells[5].Value = item["Make"].ToString();
dataGridView1.Rows[n].Cells[6].Value = item["Model"].ToString();
dataGridView1.Rows[n].Cells[7].Value = item["SerialNumber"].ToString();
dataGridView1.Rows[n].Cells[8].Value = item["ProductNumber"].ToString();
dataGridView1.Rows[n].Cells[9].Value = item["PurchaseDate"].ToString();
dataGridView1.Rows[n].Cells[10].Value = item["ExpiryDate"].ToString();
dataGridView1.Rows[n].Cells[11].Value = item["Memory"].ToString();
dataGridView1.Rows[n].Cells[12].Value = item["Processor"].ToString();
dataGridView1.Rows[n].Cells[13].Value = item["HDD"].ToString();
dataGridView1.Rows[n].Cells[14].Value = item["OS"].ToString();
dataGridView1.Rows[n].Cells[15].Value = item["MSOffice"].ToString();
                    }
                    
                }
            }

        }


What I have tried:

i have set the AllowUserToAddRows to False in the properties of the dataGridView
Posted
Updated 17-Jun-19 10:32am
Rate this:
Please Sign up or sign in to vote.

Solution 1

Just - don't do that.

0) Put the query into a stored proc. That way, if the query in the stored proc is wrong/needs adjustment, you don't have to touch the app to get it to work.

1) If you insist on using query text in the app, use "parameterized queries" (google is your friend). If you do it the way you're doing it now, you're begging for hack attempts, and you deserve all the evil that will befall you as a result.

2) When you fix those things, edit your question here to show the new code, and we'll help you.
   
Rate this:
Please Sign up or sign in to vote.

Solution 2

Your code is Sql Injection[^] vulnerable!

Do not use concatenated strings, use parametrerized queries intead!

I have no idea why DataGridView is displaying extra row. You have to debug programme to find out why it happens.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100