Click here to Skip to main content
15,851,387 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
i used the following connection string in the app.config file

XML
<configuration>
  <connectionStrings>
    <add name="winningways" connectionString="datasource=localhost; port=3306; username=root; password=chilochp;" providerName="MySql.Data.MySqlClient" />
  </connectionStrings>
</configuration>


and the following in my code to insert some information into the database
C#
public partial class Admin : Window
{
    string connection, username, password;
    public Admin()
    {
        connection = ConfigurationManager.ConnectionStrings["winningways"].ConnectionString;
        InitializeComponent();
    }

    private void addemp_Click(object sender, RoutedEventArgs e)
    {
            try
            {
                MySqlConnection conn = new MySqlConnection(connection);
                MySqlCommand add = new MySqlCommand("insert into winningways.staff (name, address, mobileNumber, position, username, password) values ('" + empname.Text + "', '" + empadd.Text + "', '" + empnum.Text + "', '" + emppos.Text + "', '" + empname.Text + "', '" + password + "')", conn);
                MySqlDataReader read;
                conn.Open();
                read = add.ExecuteReader();
                read.Close();

                MessageBox.Show("Staff added successfully \n Username: '"+empname.Text+"' \n Password: '"+password+"'", "New Staff");
                conn.Close();
            }
            catch (MySqlException myex)
            {
                MessageBox.Show(myex.Message, "Admin Add New Staff Error");
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "Admin Add New Staff Error");
            }
        }
    }

but it doesn't insert nor displays d message box. please assist
Posted
Updated 12-Dec-14 19:48pm
v2

It is good practice not to use concatenated SQL queries as it opens up for injection of malicious commands, especially when using user input directly.
You should use parameters instead. See the code example below.

It is also good practice to use the using clause as it will close the connection automatically when leaving the scope.
using works like try-catch-finally, where you close the connection in the finally clause.
(In your original code, you never close the connection if you have an exception)

In this case you should use ExecuteNonQuery as you do an INSERT and might not get a reply from the DB.
C#
string cs = ConfigurationManager.ConnectionStrings["winningways"].ConnectionString;
using (MySqlConnection connection = new MySqlConnection(cs))
{
    connection.Open();

    MySqlCommand command = new MySqlCommand();
    command.Connection = connection;

    command.CommandText = "insert into winningways.staff (name, address, mobileNumber, position, username, password) values (@name, @address, @mobileNumber, @position, @username, @password)";
    command.Parameters.Add("@name", empname.Text);
    command.Parameters.Add("@address", empadd.Text);
    command.Parameters.Add("@mobileNumber", empnum.Text);
    command.Parameters.Add("@position", emppos.Text);
    command.Parameters.Add("@username", empname.Text);
    command.Parameters.Add("@password", password);
    command.ExecuteNonQuery();
}
 
Share this answer
 
Instead of this
read = add.ExecuteReader();
                read.Close();


just use
add.ExecuteNonQuery();


simply it will help you!!
 
Share this answer
 
Comments
EasyHero 14-Dec-14 2:03am    
Thanks guys. It helped a lot

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900