I'm trying to change my column datatype in the table item. Now it has just 0(it's int now). What will happen when I run it? I tried to use int num = cmd.ExecuteNonQuery() but didn't work, it came an error. With this code I don't see changes. I found that LONGBLOB is the particular datatype for saving images in the database. This is my code:
public partial class alterOneSec : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
OleDbConnection con = DAL.GetConnection();
con.Open();
if(con.State == ConnectionState.Open)
{
string sql = "ALTER TABLE item ALTER COLUMN picture LONGBLOB NOT NULL";
OleDbCommand cmd = DAL.GetCommand(con, sql);
}
con.Close();
Response.Redirect("homepage.aspx?err=case3");
}
}
The GetCommand method is this:
public static OleDbCommand GetCommand(OleDbConnection con, string sql)
{
OleDbCommand cmd = new OleDbCommand();
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
return cmd;
}
Related
I am seraching varchar2 column "DF_FORM_COMP_VALUE" that includes ID Number with address to retrieve data by searching according to the ID Number only in oracle 11g DB. I built the following code to retrieve the data
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.OracleClient;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
String mycon = "DATA SOURCE=mydatasource/example;USER
ID=user;Password=mypassword;Unicode=True";
String myquery = "Select * From DF_FORM_COMP_VALUE Where VALUE_STR =" +
TextBox1.Text;
OracleConnection con = new OracleConnection(mycon);
OracleCommand cmd = new OracleCommand();
cmd.CommandText = myquery;
cmd.Connection = con;
OracleDataAdapter da = new OracleDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
Label1.Text = "Particular ID found successfully";
Label2.Text = ds.Tables[0].Rows[0]["ID_TRANSACTION"].ToString();
Label3.Text = ds.Tables[0].Rows[0]["ID_FORM_COMPONENT"].ToString();
Label4.Text = ds.Tables[0].Rows[0]["ID"].ToString();
}
else
{
Label1.Text = "ID Not Found - Please Serach Again";
Label2.Text = "";
Label3.Text = "";
Label4.Text = "";
}
con.Close();
}
protected void TextBox1_TextChanged(object sender, EventArgs e)
{
}
}
it keeps throwing Error ORA-01722: invalid number! Can someone help please
I'm assuming TextBox1.Text is some sort of input from the user on a web page somewhere? If the contents of that variable are "x", you're going to wind up with this query:
Select * From DF_FORM_COMP_VALUE Where VALUE_STR = x
That's not going to work because you need the string "x", but here it looks like a variable.
You probably want this line to look like:
String myquery = "Select * From DF_FORM_COMP_VALUE Where VALUE_STR = '" +
TextBox1.Text + "'";
THIS IS A VERY BAD IDEA. DO NOT DO THIS.
You need to read up on SQL Injection. Never put unsafe, user-specified text directly into a SQL query. Doing so will make your application trivially hackable.
I'm not sure what you're using to connect to Oracle, but you want to create a parameterized query and put the user input as a bind variable. One example on doing that is here. So you really want your query to look like this:
String myquery = "Select * From DF_FORM_COMP_VALUE Where VALUE_STR = :myinput"
Then you bind TextBox1.Text to :myinput, depending on what you're using to access Oracle. This is also more efficient if you run the query multiple times, because your query will not need to be hard parsed each time it is executed.
I have a Problem with DataAdapter Update method :
this is insert code for each row:
private void btnInsert_Click(object sender, EventArgs e)
{
dtTESTDB = dsTESTDB.Tables["dstblTESTDB"];
drTblTESTDB = dtTESTDB.NewRow();
drTblTESTDB.BeginEdit();
drTblTESTDB["ID"] = txtID.Text;
drTblTESTDB["Name"] = txtName.Text;
drTblTESTDB["Family"] = txtFamily.Text;
dtTESTDB.Rows.Add(drTblTESTDB);
dtTESTDB = dsTESTDB.Tables[0].GetChanges(DataRowState.Added);
dtlAdd = dtTESTDB;
drTblTESTDB.EndEdit();
cmd.Parameters.AddWithValue("#ID", int.Parse(txtID.Text));
cmd.Parameters.AddWithValue("#Name", txtName.Text);
cmd.Parameters.AddWithValue("#Family", txtFamily.Text);
cmd.CommandType = CommandType.Text;
cmd.Connection = SQLConnection;
cmd.CommandText = "insert into tblTESTDB
(ID,Name,Family) values (#ID,#Name,#Family)";
cmd.UpdatedRowSource = UpdateRowSource.None;
da.InsertCommand = cmd;
}
now,I want update database after insert multiple rows with :
private void btnSynchronize_Click(object sender, EventArgs e)
{
try
{
da.UpdateBatchSize = 0;// dttblAdd.Rows.Count;
da.Update(dtlAdd);
dsTESTDB.AcceptChanges();
}
catch (SqlException sqlEX)
{
MessageBox.Show(sqlEX.ToString());
}
catch (System.Exception EX)
{
MessageBox.Show(EX.ToString());
}
}
this code work by one row insert without Error ,but if insert two or more record (rows) at a time , DataAdapter insert only last row into DATABASE and throw Exception.
why ?
(sorry - I can't Speak or Writing English very well)
UpdateBatchSize = 0 may be the problem. You need to set it to those many rows as the row count.
i want to insert some data in access table but it gives me syntax error for my insert into staatements....
so i share my code to you and hope you can help me....
private OleDbConnection conn;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;
`Data Source=D:\\Database3.mdb;Persist Security Info=False");
}`
`private void button1_Click(object sender, EventArgs e)`
{
conn.Open();
string query = "INSERT INTO Table([Kaargah],[Manager])" +
"VALUES('"+textBox1.Text+"','"+textBox2.Text+"')";
OleDbCommand command = new OleDbCommand();
command.CommandText = query;
command.Connection = conn;
command.ExecuteNonQuery();
conn.Close();
MessageBox.Show("دادهها با موفقیت ثبت گردید!");
}
Try to change your table name to anything other than 'Table'. Like this... Some name such as 'Table' are probably reserved. Avoid using such names.
string query = "INSERT INTO Table1([Kaargah],[Manager]) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "')";
well you can write below query it is fine
string query = "INSERT INTO Table1([Kaargah],[Manager]) VALUES('textBox1.Text','textBox2.Text')";
Here is my code i want to load a progress bar while dataset filling and data importing in a datagridview.Plz Help me
private void btnLoad_Click(object sender, EventArgs e)
{
string str="select Cert_ID,Card_Number,Name,DOB,Mobile,Gender,Relation ";
str = str + " from dbo.beneficiary";
SqlConnection conn = null;
SqlDataAdapter sqlda = null;
DataSet res = new DataSet();
DataTable dt = new DataTable();
try
{
_connectionString = "xyz.........";
conn = new SqlConnection(_connectionString);
conn.Open();
SqlCommand command = new SqlCommand(str, conn);
sqlda = new SqlDataAdapter(command);
sqlda.Fill(res);
dataGridView1.DataSource=res.Tables[0];
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
finally
{
conn.Close();
}
}
Please provide me sample code for inserting values in a table using stored procedure in NHibernate.
Regards
Jcreddy
Here is a nice example from Ayende demonstrating insert using NHibenate.
Check if this code does what you want. First you need to create the stored procedure in db.
ALTER procedure [dbo].[ninsert]
(#header AS int,#subtype AS varchar(50),#title AS varchar(50),
#description AS
VARCHAR(50)) as insert into
dbo.news(nid,title,subtitle,description) values
(#header,#subtype,#title,#description)
then you must access this code via your data layer in the program....
public class datacheck
{
public SqlConnection con = new SqlConnection(#"Data Source=xxx\SQLEXPRESS;Initia Catalog=eyepax;Integrated Security=True");
public int SQLSP(string strSQL, int headerid, string subtype, string title,string descrip) // stored procedure
{
if (con.State.ToString() == "Closed")
{
con.Open();
}
//con.Open();
SqlCommand sqlCmd = new SqlCommand(strSQL, con);
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlCmd.Parameters.AddWithValue("#header", headerid);
sqlCmd.Parameters.AddWithValue("#subtype", subtype);
sqlCmd.Parameters.AddWithValue("#title", title);
sqlCmd.Parameters.AddWithValue("#description", descrip);
int results = sqlCmd.ExecuteNonQuery();
//sqlCmd.Dispose();
//con.Close();
return 0;
}
public DataSet executeSql()
{
DataSet ds = new DataSet();
if (con.State.ToString() == "Closed")
{
con.Open();
}
string sqlcmd1 = "select * from news";
SqlCommand cmd = new SqlCommand(sqlcmd1, con);
SqlDataAdapter sqlAda = new SqlDataAdapter(cmd);
sqlAda.Fill(ds,"news");
return ds;
}
public DataSet executeSql(sqlcmd)
{
DataSet ds = new DataSet();
if (con.State.ToString() == "Closed")
{
con.Open();
}
SqlCommand cmd = new SqlCommand(sqlcmd, con);
SqlDataAdapter sqlAda = new SqlDataAdapter(cmd);
sqlAda.Fill(ds,"news");
return ds;
}
for insert, update delete
public int SQLC(string strSQL) // for insert, update.delete
//{
// if (con.State.ToString() == "Closed")
// {
// con.Open();
// }
// SqlCommand sqlCmd = new SqlCommand(strSQL, con);
// int result = sqlCmd.ExecuteNonQuery();
// return result;
//}