1

I have this problem, visual studio don't show any kind of error, but when i try to save the data and i go check my data base, it's empty, don't know where the error is, little help please

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.Sql;
using System.Data.SqlClient;
using System.IO;
using System.Runtime.InteropServices;


namespace PAPA
{
    public partial class Form11 : Form
    {
        SqlConnection cn = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=E:\Documents\basededadospap.mdf;Integrated Security=True;Connect Timeout=30");
        SqlCommand cmd = new SqlCommand();

        public Form11()
        {
            InitializeComponent();
        }
        void Fillcombo() {
        }
        private void button1_Click(object sender, EventArgs e)
        {

            if (textBox1.Text != "" & textBox2.Text != "" & textBox3.Text != "" & textBox4.Text != "" & textBox5.Text != "")
            {
                using (var connection = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=E:\Documents\basededadospap.mdf;Integrated Security=True;Connect Timeout=30"))
                {
                    connection.Open();
                    var cmd = connection.CreateCommand();
                    cmd.CommandText = "INSERT INTO fornecedor (nomefornecedor,nmrcontribuinte,morada,email,obs) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "', '" + textBox3.Text + "', '" + textBox4.Text + "' , '" + textBox5.Text + "')";
                    cmd.Clone();
                    MessageBox.Show(" Fornecedor inserido com sucesso! ");
                    cn.Close();

                }
            }
        }
Improve this question
4
  • is an exception being thrown? Commented Jul 1, 2015 at 13:51
  • when you go and check the database, are you looking at the LocalDB instance? Commented Jul 1, 2015 at 13:51
  • 7
    You're never executing the command, as far as I can see... Also, you should absolutely learn about SQL injection attacks and parameterized SQL, right now. Commented Jul 1, 2015 at 13:51
  • thanks everyone, i'm new sorry about that Commented Jul 1, 2015 at 13:56

1 Answer 1

Reset to default
7

Obviously, you never execute your command.

Use ExecuteNonQuery to execute it. And your Clone seems unnecessary since you don't keep the copied command of that.

But much more important, you should always use parameterized queries. This kind of string concatenations are open for SQL Injection attacks.

string conString = @"Data Source=(LocalDB)\v11.0;AttachDbFilename=E:\Documents\basededadospap.mdf;Integrated Security=True;Connect Timeout=30");
using(var connection = new SqlConnection(conString))
using(var cmd = connection.CreateCommand())
{
     cmd.CommandText = @"INSERT INTO fornecedor (nomefornecedor,nmrcontribuinte,morada,email,obs) 
                         VALUES (@nome, @nmr, @mora, @email, @obs)";
     cmd.Parameters.AddWithValue("@nome", textBox1.Text);
     cmd.Parameters.AddWithValue("@nmr", textBox2.Text);
     cmd.Parameters.AddWithValue("@mora", textBox3.Text);
     cmd.Parameters.AddWithValue("@email", textBox4.Text);
     cmd.Parameters.AddWithValue("@obs", textBox5.Text);

     connection.Open();
     cmd.ExecuteNonQuery();
}

I used AddWithValue method in my example since I didn't know your column types but you don't use this method. It may generate unexpected and surprising results sometimes. Use Add overloads to specify your parameter type and it's size.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.