Numeric value out of range

Question

1.00/5 (2 votes)

See more:

I'm excuting following code

OdbcConnection con;
            OdbcCommand cmd;
            con = new OdbcConnection(@"Dsn=chaitudi;dbq=C:\project\Distributor.accdb;driverid=25;fil=MS Access;maxbuffersize=2048;pagetimeout=5;uid=admin");
            con.Open();
            cmd = new OdbcCommand("insert into Company(ID,CompanyName,StreetName,City,ZipCode,State,TelePhone) values('" +textBox12.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox7.Text + "','" + textBox8.Text + "','" + textBox10.Text + "')", con);
            cmd.ExecuteNonQuery();
            con.Close();
            MessageBox.Show("Stroed Successfully");

Bt getting the error "Numeric value out of range"...
plz help me...
thanx in advance

Posted 1-Mar-13 5:19am

chaitali chandane

Updated 1-Mar-13 5:21am

Richard C Bishop

v2

Add a Solution

Comments

Richard C Bishop 1-Mar-13 11:22am

First off, your setting yourself up for sql injection that could destroy your database. You should really consider using parameterized queries. Second, what line is the code throwing an exception?

Sergey Alexandrovich Kryukov 1-Mar-13 11:38am

Agree. The question is nearly the same as OP's previous one, please see. OP needs to learn how to learn lessons from questions/answers, before asking another one. :-)
—SA

Mike Meinz 1-Mar-13 11:51am

What if one of your user enters data in a textbox that is larger than or doesn't match the datatype of the associated database column?
* Error on execution of the INSERT - You need to validate user input

What if one of your users puts SQL statements to delete your database in one of the textboxes?
* SQL Injection Attack - You need to use parameters rather than concatenated strings

What if one of your users enters data in a textbox that contains an apostrophe?
* Error on execution of the INSERT - You need to replace single apostrophe with double apostrophe in any string columns.

Avoid run-time errors by coding to prevent user data entry errors!

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2013-03-01T05:45:00

Since the only numbers in there are trivial: "25" and "2048" it has to be the values you are trying to insert from your textboxes. So start by checking them against the datatypes in your database.

But don't do it that way! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Also, you should be disposing your connections and commands - they are scarse commodities, so they should not be kept longer than you need to.

Oh, and stop using the VS default names for controls: you may remember today that "textbox12" holds the user ID, but you won't in a coupe of weeks time when you need to maintain this. Call them somethign sensible: it makes your code easier to read, understand and maintain. It is also quicker to type, since intelisense can sort them out quicker for you...

C#

using (OdbcConnection con = new ODbcConnection(strConnect))
    {
    con.Open();
    using (OdbcCommand com = new OdbcCommand("INSERT INTO Company (ID,CompanyName) VALUES (@UID, @CON)", con))
        {
        com.Parameters.AddWithValue("@UID", tbUserID.Text);
        com.Parameters.AddWithValue("@CON", tbCompanyName.Text);
        com.ExecuteNonQuery();
        }
    }