Searching VARCHAR2 in oracle 11g DB - oracle

I am seraching varchar2 column "DF_FORM_COMP_VALUE" that includes ID Number with address to retrieve data by searching according to the ID Number only in oracle 11g DB. I built the following code to retrieve the data
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.OracleClient;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
String mycon = "DATA SOURCE=mydatasource/example;USER
ID=user;Password=mypassword;Unicode=True";
String myquery = "Select * From DF_FORM_COMP_VALUE Where VALUE_STR =" +
TextBox1.Text;
OracleConnection con = new OracleConnection(mycon);
OracleCommand cmd = new OracleCommand();
cmd.CommandText = myquery;
cmd.Connection = con;
OracleDataAdapter da = new OracleDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
Label1.Text = "Particular ID found successfully";
Label2.Text = ds.Tables[0].Rows[0]["ID_TRANSACTION"].ToString();
Label3.Text = ds.Tables[0].Rows[0]["ID_FORM_COMPONENT"].ToString();
Label4.Text = ds.Tables[0].Rows[0]["ID"].ToString();
}
else
{
Label1.Text = "ID Not Found - Please Serach Again";
Label2.Text = "";
Label3.Text = "";
Label4.Text = "";
}
con.Close();
}
protected void TextBox1_TextChanged(object sender, EventArgs e)
{
}
}
it keeps throwing Error ORA-01722: invalid number! Can someone help please

I'm assuming TextBox1.Text is some sort of input from the user on a web page somewhere? If the contents of that variable are "x", you're going to wind up with this query:
Select * From DF_FORM_COMP_VALUE Where VALUE_STR = x
That's not going to work because you need the string "x", but here it looks like a variable.
You probably want this line to look like:
String myquery = "Select * From DF_FORM_COMP_VALUE Where VALUE_STR = '" +
TextBox1.Text + "'";
THIS IS A VERY BAD IDEA. DO NOT DO THIS.
You need to read up on SQL Injection. Never put unsafe, user-specified text directly into a SQL query. Doing so will make your application trivially hackable.
I'm not sure what you're using to connect to Oracle, but you want to create a parameterized query and put the user input as a bind variable. One example on doing that is here. So you really want your query to look like this:
String myquery = "Select * From DF_FORM_COMP_VALUE Where VALUE_STR = :myinput"
Then you bind TextBox1.Text to :myinput, depending on what you're using to access Oracle. This is also more efficient if you run the query multiple times, because your query will not need to be hard parsed each time it is executed.

Related

ALTER TABLE doesn't work

I'm trying to change my column datatype in the table item. Now it has just 0(it's int now). What will happen when I run it? I tried to use int num = cmd.ExecuteNonQuery() but didn't work, it came an error. With this code I don't see changes. I found that LONGBLOB is the particular datatype for saving images in the database. This is my code:
public partial class alterOneSec : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
OleDbConnection con = DAL.GetConnection();
con.Open();
if(con.State == ConnectionState.Open)
{
string sql = "ALTER TABLE item ALTER COLUMN picture LONGBLOB NOT NULL";
OleDbCommand cmd = DAL.GetCommand(con, sql);
}
con.Close();
Response.Redirect("homepage.aspx?err=case3");
}
}
The GetCommand method is this:
public static OleDbCommand GetCommand(OleDbConnection con, string sql)
{
OleDbCommand cmd = new OleDbCommand();
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
return cmd;
}

insert into access table syntax error where

i want to insert some data in access table but it gives me syntax error for my insert into staatements....
so i share my code to you and hope you can help me....
private OleDbConnection conn;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;
`Data Source=D:\\Database3.mdb;Persist Security Info=False");
}`
`private void button1_Click(object sender, EventArgs e)`
{
conn.Open();
string query = "INSERT INTO Table([Kaargah],[Manager])" +
"VALUES('"+textBox1.Text+"','"+textBox2.Text+"')";
OleDbCommand command = new OleDbCommand();
command.CommandText = query;
command.Connection = conn;
command.ExecuteNonQuery();
conn.Close();
MessageBox.Show("داده‌ها با موفقیت ثبت گردید!");
}
Try to change your table name to anything other than 'Table'. Like this... Some name such as 'Table' are probably reserved. Avoid using such names.
string query = "INSERT INTO Table1([Kaargah],[Manager]) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "')";
well you can write below query it is fine
string query = "INSERT INTO Table1([Kaargah],[Manager]) VALUES('textBox1.Text','textBox2.Text')";

The name does not exist in the current context

I'm trying to upload files to Oracle database Using C# vs2012. Its my first time I do so especially with Oracle. I just followed an example I found online but I got some errors before I even run the codes showing me that some of the type or name spaces don't exist.
The example I followed : Blob Example
Here are the codes that are underlined red in my Resources_to_upload.aspx.cs
objCmd
objConn
My code :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OracleClient;
using System.Configuration;
using System.Data;
using System.IO;
using System.Text;
public partial class Resources_to_upload : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void cmdUpload_Click(object sender, EventArgs e)
{
try
{
if (fileUploadDocument.PostedFile.ContentLength > 0)
{
// Get the File name and Extension
string FileName = Path.GetFileName(fileUploadDocument.PostedFile.FileName);
string FileExtension = Path.GetExtension(fileUploadDocument.PostedFile.FileName);
//
// Extract the content of the Document into a Byte array
int intlength = fileUploadDocument.PostedFile.ContentLength;
Byte[] byteData = new Byte[intlength];
fileUploadDocument.PostedFile.InputStream.Read(byteData, 0, intlength);
//
// Save the file to the DB
string strConn = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
object Conn = new OracleConnection(strConn);
//
StringBuilder strQueryBuilder = new StringBuilder("INSERT INTO RESOURCES(RESOURCES_ID, FILE_NAME, TYPE, RESOURCE_FILE) VALUES (");
strQueryBuilder.Append("'1', ");
strQueryBuilder.Append("'" + FileName + "', ");
strQueryBuilder.Append("'" + FileExtension + "', ");
strQueryBuilder.Append(" :RESOURCE_FILE)");
String strQuery = strQueryBuilder.ToString();
//
OracleParameter blobParameter = new OracleParameter();
blobParameter.ParameterName = "Resources_FILE";
blobParameter.OracleType = OracleType.Blob;
blobParameter.Direction = ParameterDirection.Input;
blobParameter.Value = byteData;
objCmd = new OracleCommand(strQuery, objConn);
objCmd.Parameters.Add(blobParameter);
//
objConn.Open();
objCmd.ExecuteNonQuery();
objConn.Close();
//
lblMsg.Text = "Document Uploaded Succesfully";
}
}
catch (Exception ex)
{
lblMsg.Text = " Error uploading Document: " + ex.Message.ToString();
}
}
}
Please help solve this issue. Thank you
StringBuilder is in the System.Text namespace. So you can either reference it explicitly:
System.Text.StringBuilder strQueryBuilder ...
Or add a using directive to the file:
using System.Text
...
StringBuilder strQueryBuilder ...
As for objCmd and objConn, where do you define those? They're not created in the code you posted. You do create a connection object here:
object Conn = new OracleConnection(strConn);
Maybe you mean to use Conn instead of objConn? But you don't create a command object anywhere. You need to declare and instantiate variables before you can use them.

Show image from SQL Server 2008 in datagridview C#

I'm tired of searching for a solution. please help me.
I have a table with columns
p_id (int)
p_name (varchar50)
category (int)
price (money)
picture (Image)
Insertion process works perfectly, it is also showing me my database records.. but it sow me my filepath in gridview rather than show image...
Please help me... it is part of my project... and I don't know how to show retrieve image from database in Datagridview
I have done all my SQL connection work in Dall Class
Here is my code:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
namespace Image_task
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void insert_btn_Click(object sender, EventArgs e)
{
try
{
int count;
dall insert = new dall();
int id = Convert.ToInt32(id_txt.Text);
string name = name_txt.Text;
int cat = Convert.ToInt32(cat_txt.Text);
decimal price = Convert.ToDecimal(price_txt.Text);
string image=pic_txt.Text;
count = insert.insrt_up_del("insert into product values('" + id + "','" + name + "','" + cat + "','" + price + "','" + image + "')");
MessageBox.Show("Insert Successfully", "Successfull", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
private void Form1_Load(object sender, EventArgs e)
{
insert_btn.Enabled=false;
}
private void browse_txt_Click(object sender, EventArgs e)
{
insert_btn.Enabled = true;
openFileDialog1.Filter = "Images (*.BMP;*.JPG;*.GIF,*.PNG,*.TIFF)|*.BMP;*.JPG;*.GIF;*.PNG;*.TIFF|" + "All files (*.*)|*.*";
if (openFileDialog1.ShowDialog()==DialogResult.OK)
{
pictureBox1.Image = new Bitmap(openFileDialog1.FileName);
pic_txt.Text = openFileDialog1.FileName;
}
}
private void search_btn_Click(object sender, EventArgs e)
{
dall select = new dall();
DataTable dt = new DataTable();
dt = select.select("Select * from product");
dataGridView1.DataSource = dt;
//DataGridViewImageColumn img = new DataGridViewImageColumn();
//img.DataPropertyName = "Picture";
//img.Width = 200;
//img.HeaderText = "Picture Column";
//img.ReadOnly = true;
//img.ImageLayout = DataGridViewImageCellLayout.Normal;
//dataGridView1.Columns.Add(img);
//dataGridView1.DataSource = new BindingSource(dt,null);
}
}
}
use data adapter
DataAdapter da = new DataAdapter("Select * from product",youconnection);
DataTable dt = new DataTable();
da.Fill(dt);
dataGridView1.DataSource = dt;

how can i auto genrete a number in vb.net?

i want to genrete a auto number in my project....
i used vb .net 2008 and SQl server 2005 as backend ??
i want to create a serial no that is like abc/2010/01..In this..
the abc is same in all the serial no.
the 2010 is used from the running Year.(using date for year)
the 01 is a actual serial no that can be auto genrete...
But how can i do this ....??
and How can i find max number from my serial no.....???
how can i maintain it if i delete it then all after delete serial no will place it's place..(there is no break in serial no on delete)
??????
Please help me.....
here is the code snippet for generate newid
i have taken a simple label and textbox
label will auto generate newid and textbox will insert a new record in database
take a label and textbox in your design page
using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
public partial class _Default : System.Web.UI.Page
{
public static int temp;
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
newcode();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;Initial Catalog=practice;Integrated Security=True;");
con.Open();
SqlCommand cmd = new SqlCommand("Insert into frmlogin(id,username) values ("+ temp+",'"+TextBox1.Text+"')", con);
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("username", TextBox1.Text);
cmd.ExecuteNonQuery();
con.Close();
TextBox1.Text = "";
Label1.Text = "";
newcode();
}
public void newcode()
{
SqlConnection con1 = new SqlConnection("Data Source=.\\SQLEXPRESS;Initial Catalog=practice;Integrated Security=True;");
con1.Open();
SqlCommand cmd2 = new SqlCommand("Select Max(id) as empid from frmlogin", con1);
cmd2.CommandType = CommandType.Text;
SqlDataReader r = cmd2.ExecuteReader();
r.Read();
if (r["empid"].ToString() != "")
{
temp = int.Parse(r["empid"].ToString()) + 1;
}
else
{
temp = 1;
}
Label1.Text= temp.ToString();
r.Close();
con1.Close();
}
}
The main thing is that you should maintain your incremented number somewhere, In my case i have used textbox and label.
But I did rather recommend you to go for GUID or Random Number.
for GUID :
System.Guid.NewGuid().ToString();
Have Look here as well
for Random Number Generation
::: Program that uses Random type [C#] :::
using System;
class Program
{
static void Main()
{
Random random = new Random();
Console.WriteLine(random.Next());
Console.WriteLine(random.Next());
}
}
::: Output of the program :::
1592498984
1526415661
Try this
You could store the serial numbers in a database table where the third component of the number is the primary key of the table as an identity field. Any time you create a new serial number, you'd insert the current year and the static text into the table. An easy way to do this would be to wrap that logic in a stored procedure which takes no arguments, internally inserts the current year and the text, and returns the entire serial number as a single scalar value.
Something like:
INSERT INTO SerialNumbers (Year, Name) VALUES (year(getdate()), 'abc')
and:
SELECT Name + '/' + CAST(Year AS nvarchar) + '/' + CAST(ID AS nvarchar) FROM SerialNumbers WHERE ID = SCOPE_IDENTITY()

Resources