Click here to Skip to main content
14,334,458 members
Rate this:
Please Sign up or sign in to vote.
See more:
I have created a windows form app. So there are some forms like: login form, sign up form, main page. So if you sign up and ready to sign in, you will be redirected to main page. I wanna write a code there lets say if I am registered like "Ali", that username sees only those contacts in the main form. The main form consists of contacts page. So A user can add,update and delete values from there. But as I said before only the one who made that record must do it. So I have datagridview in the contacts(main) form to display the records

What I have tried:

SqlConnection con = new SqlConnection();
       SqlCommand cmd = new SqlCommand();
       private void button1_Click(object sender, EventArgs e)
       {
           con = new SqlConnection(DALC.Getconnectionstring());
           con.Open();
           cmd = new SqlCommand("INSERT INTO CONTACTS VALUES(@name,@surname,@company,@country_code,@prefix,@number,@insert_user)",con);
           cmd.Parameters.AddWithValue("@name", textBox1.Text);
           cmd.Parameters.AddWithValue("@surname", textBox2.Text);
           cmd.Parameters.AddWithValue("@company", textBox3.Text);
           cmd.Parameters.AddWithValue("@country_code", textBox4.Text);
           cmd.Parameters.AddWithValue("@prefix", textBox5.Text);
           cmd.Parameters.AddWithValue("@number", textBox6.Text);
           cmd.Parameters.AddWithValue("insert_user", textBox7.Text);
           if (con.State == ConnectionState.Closed)
           {
               con.Open();
           }
           try
           {
               cmd.ExecuteNonQuery();
               MessageBox.Show("Success");
           }
           catch (SqlException ex)
           {

               MessageBox.Show(ex.Message);
           }
           finally
           {
               con.Close();
               con.Dispose();
           }
           contacts form = new contacts();
           form.Show();
           this.Hide();
       }
   }
Posted
Updated 10-Jul-19 19:03pm
Comments
Gerry Schmitz 10-Jul-19 20:23pm
   
Put the user id in the record. Then compare id's next time around.

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Without your actual database we can't be specific, but as Gerry says, "put the ID in the record". So add a "AuthorisedUser" column, and when you INSERT the row, set it to the ID of the user performing teh INSERT.

You can then add that to the WHERE clause when you do SELECT and UPDATE operations:
UPDATE ... WHERE AuthorisedUser = @UID AND RowID = ...

I suspect that is what your "insert_user" columns is there for, but we can;t realaly tell.

A couple of other things though:
1) Do yourself a favour, and stop using Visual Studio default names for everything - you may remember that "TextBox8" is the mobile number today, but when you have to modify it in three weeks time, will you then? Use descriptive names - "tbMobileNo" for example - and your code becomes easier to read, more self documenting, easier to maintain - and surprisingly quicker to code because Intellisense can get to to "tbMobile" in three keystrokes, where "TextBox8" takes thinking about and 8 keystrokes...

2) Check your columns types. You are passing text strings for every value there, and while that's probably right for Name, Surname, and so on, for "insert_user" it's probably very wrong, since that UserID is most likely a numeric IDENTITY field (or if it isn't it probably should be) - you shouldn't be storing a userID as a string more than once in the whole app!
Normally, you'd have two tables: one holding the user details: UserID, name, password... and a separate one that stores data. The use of a string here implies that you are using strings for everything, and that's a very poor idea which will give you problems later on. Always store values in the most appropriate type!

3) Always list your columns, never INSERT using default column order:
INSERT INTO MyTable ([Name], Surname, ...) VALUES (@NAME, @SURNAME, ...)
Instead of
INSERT INTO MyTable VALUES (@NAME, @SURNAME, ...)
as that does two things: it makes your code more "future proof" - if the DB order gets changed your code doesn't fall over, or worse pout data in the wrong columns; and it means it still works when your row ID value (which if you don't have you damn well should) is an IDENTITY field. If you don't specify the columns, SQL will start from the "top most" column and assume the order, which is dangerous.

4) Rather than using try...finally consider a using block instead:
private void button1_Click(object sender, EventArgs e)
{
   using (SqlConnection con = new SqlConnection(DALC.Getconnectionstring()))
   {
       con.Open();
       using (SqlCommand cmd = new SqlCommand("...",con))
       {
           ...
           try
           {
               ...
           }
           catch (SqlException ex)
           {
               ...
           }
       ...
       }
   }
That way, the DB objects will be closed and disposed automatically when they go out of scope.
   
Comments
Alish93 11-Jul-19 6:15am
   
how can I show you it with pictures? I know your 3rd and 4th recommendation. That was the test code thats why I did not notice them.
I have two tables:

1)CONTACTS(where users` information stored) table like:
Column name: Data type:
ID int
NAME varchar(30)
SURNAME varchar(30)
COMPANY varchar(30)
INSERT_USER int

2)USERS(users` login information) like this:
COLUMN NAME: DATA TYPE:
ID int
USERNAME varchar(30)
SURNAME varchar(30)
NAME varchar(30)
SURNAME varchar(30)



So my point is if a registered user sign in the main page=> he/she will go to contacts table. in that form I have datagridview below, add,update and delete button. So If I add some contacts to that table(in form 3. form 1 is login page, form 2 is sign up page), me myself should see that contacts. How can I write a code not let other signed in user be able to see that contact? I think insert_user column is my foreign key while ID IN THE USER TABLE is primary key. IF you have something to keep in touch with, i`d be able to show it

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100