I want to insert data to sql server wiht loop throught !! I have two list 1> FieldName 2> Textbox.text

Question

0.00/5 (No votes)

See more:

I want to insert data to sql server wiht loop throught !! I have two list 1> FieldName 2> Textbox.text

I am working on save class want to make class library for save button which can implement to my all forms including save button for my window application.

I have made save_rec function with parameters like this

public void SaveRec(String Con_String, String Table_Name, Form Frm, int AddFlag, int EditFlag)

my code is below

  public void SaveRec(String Con_String, String Table_Name, Form Frm, int AddFlag, int EditFlag)
        {
             List<Control> TB_List = new List<Control>();
             List<String> Field_Name = new List<String>();
             List<String> TB_Name = new List<String>();


             foreach (Control childcontrol in Frm.Controls)
             {

                 if (childcontrol is GroupBox)
                 {
                     foreach (Control cc in childcontrol.Controls)
                     {


                         if (cc is TextBox)
                         {
                             TB_List.Add(cc);

                         }

                     }
                 }
             }


            if (AddFlag == 1)
            {
                using (SqlConnection con = new SqlConnection(Con_String))
                {

                    foreach (Control Txt_Name in TB_List)
                    {
                        String TxtName = Txt_Name.Text;
                        String field_name = Txt_Name.Name.Substring(3);
                       
                        Field_Name.Add(field_name);
                       
                        TB_Name.Add(TxtName);
                    }




                    SqlCommand cmd = new SqlCommand("Insert into "+ Table_Name + "('"+ Field_Name + "') Values('" + TB_Name + "')", con);
                   
                    
                    
                    
                    con.Open();
                    //SqlDataReader dr = new SqlDataReader();
                    cmd.ExecuteNonQuery(); 
                    

                }
            }
       }

    }
}

I am getting error -

Invalid column name 'System.Collections.Generic.List`1[System.String]'.

Can you give me way to solve this friends ?

Posted 27-May-15 19:40pm

Md Jamaluddin Saiyed

Updated 27-May-15 19:43pm

v2

Add a Solution

Comments

Sinisa Hajnal 28-May-15 2:59am

NEVER use user input directly in your SQL! Use parametrized query or stored procedure. You are open to SQL Injection (google it) this way.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Maciej Los · Answer 1 · 2015-05-27T20:41:00

Wrong approach!

First of all: you have to work on data, not on controls! There's no chance to write proper code this way. Imagine what happens, when your database objects will change... you'll be in need to change the name of controls, etc.

Second of all: your code is SQL Injection[^] vulnerable! Rather than it, use SQL Stored procedures[^] together with Data Access Layes + Business Logic Layer[^]

Sinisa Hajnal · Answer 2 · 2015-05-27T20:56:00

This line:

C#

SqlCommand cmd = new SqlCommand("Insert into "+ Table_Name + "('"+ Field_Name + "') Values('" + TB_Name + "')", con);

Field name and TB_name are lists not single values. You cannot avoid looping in this particular format. And since you're already looping to fill the lists, you could call sqlcommand immediately anyway (just don't forget to opentransaction at the start and commit on the end - that is, insert all or nothing)

You could, instead of filling collections (lists), fill datatable object and then use
SqlBulkCopy to save all at once[^]

I want to insert data to sql server wiht loop throught !! I have two list 1> FieldName 2> Textbox.text

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0