Click here to Skip to main content
15,881,413 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlServerCe;

namespace Assignment2
{
    public partial class Form1 : Form
    {
        SqlCeConnection con = new SqlCeConnection(Properties.Settings.Default.StaffConnectionString);
        SqlCeCommand cmd;
       
        public Form1()
        {
            InitializeComponent();


        }

       

        private void Savebtn_Click(object sender, EventArgs e)
        {
            try 
            {
                con.Open();
                cmd = new SqlCeCommand("INSERT INTO Staff(Sambungan,Nama,Email,Jawatan,Jabatan)VALUES('" + TBSambungan.Text + "','" + TBNama.Text + "','" + TBEmail.Text + "' '" + TBJawatan.Text + "', '" + TBJU.Text + "' )", con);
                cmd.ExecuteNonQuery();
                MessageBox.Show("SAVED");
                con.Close();
            }

            catch ( Exception ex)
            {
                MessageBox.Show(ex.Message);
            }

        }

        private void Form1_Load(object sender, EventArgs e)
        {

        }

       
    }
}


What I have tried:

can someone help me fix the problem
the assign task is
Work in a group of no more than 3 people todevelop an application for displayingthe details fora given FKMPT staff. The information can be accessed from http://uctati.edu.my/eDirectory/mainPage.php.
The program should:
1.Offer users at least TWO criteria for staff search.
2.Store staff information on a database.

Evaluation will take into consideration:
3.The use of appropriate controls including manipulation of properties (20 marks).
4.Program running flawlessly and producing expected results (20 marks).
Posted
Updated 13-Dec-22 21:55pm

1 solution

One of your textfields contains a character that's making the parsing the query impossible (Most probably a "'").
Use Parameters instead: SqlCeCommand.Parameters Property (System.Data.SqlServerCe) | Microsoft Learn[^]

Actually, you should NEVER use text concatenation to create a query, it opens you up to SQL injection.
xkcd: Exploits of a Mom[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900