Click here to Skip to main content
15,507,388 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
when ever i try to save any arabic text selected from combobox it replaced to ?????????

What I have tried:

iCreated table in database countain
column typeuser nvarchar

in my code i tried to load another table in combobox
C#
string queryert = "select * from YETBUsings where YETBUSaction=1 order by YETBUSid desc";
SqlCommand daert = new SqlCommand(queryert, conn);
SqlDataReader myreader;
try 
{
   conn.Open();
   myreader = daert.ExecuteReader();
   while(myreader.Read())
   {
     string sname = myreader.GetString(1);
     UserType.Items.Add(sname);
   }
   conn.Close();
   }
   catch (Exception ex)
   {
      MessageBox.Show(ex.Message);
   }

INSERT CODE 

string UT = Convert.ToString(UserType.SelectedItem);
SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES ('" + UT + "')", conn);

but when ever i select any item in the combobox to save it in database
it saved in this form ??????? ????
Posted
Updated 20-Sep-22 3:11am
v2
Comments
Daniel Pfeffer 18-Sep-22 8:08am    
I am not an SQL expert, but perhaps the problem is in the database schema. Are you certain that the strings stored in the database are Unicode strings? If they are ASCII strings, it is quite possible that the database won't recognize them - Arabic is not defined in ASCII.

See the following: https://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver15
0x01AA 18-Sep-22 8:19am    
OP mentioned the type of the field is nvarchar which means it can hold unicode data.
Richard MacCutchan 18-Sep-22 8:55am    
The problem is most likely that you are trying to display the data without selecting the Arabic font.
Dave Kreskowiak 18-Sep-22 12:35pm    
Most likely, the font you're using to display this data doesn't support Arabic characters. Pick a different font that does.

1 solution

Quote:
C#
SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES ('" + UT + "')", conn);
Don't do it like that!

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

And it just so happens that by fixing this critical security vulnerability in your code, you will also fix your encoding problem as a free bonus. Instead of concatenating your text into your SQL command as a non-Unicode literal, you will pass it through as a Unicode parameter. So long as your table column is defined as nvarchar(...) instead of varchar(...), your Arabic text will be stored and retrieved correctly.
C#
using (SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES (@YETBType)", conn))
{
    sqlcmd.Parameters.AddWithValue("@YETBType", UT);
    sqlcmd.ExecuteNonQuery();
}
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900