Menu
What the problem on my coding? I cannot insert data to ms sql.. I'm using C# as front end and MS SQL as databases...
name = tbName.Text; userId = tbStaffId.Text; idDepart = int.Parse(cbDepart.SelectedValue.ToString()); string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) " + " VALUES ('" + name + "', '" + userId +"', '" + idDepart + "');"; SqlCommand querySaveStaff = new SqlCommand(saveStaff); try { querySaveStaff.ExecuteNonQuery(); } catch { //Error when save data MessageBox.Show("Error to save on database"); openCon.Close(); Cursor = Cursors.Arrow; } 
372
INSERT INTO Syntax 1. Specify both the column names and the values to be inserted: INSERT INTO table_name (column1, column2, column3, ...)
Syntax: INSERT INTO table_name(column_name1, column_name2...) VALUES(column1_value, column2_value...); Here, we will insert data into the following Employee table which we created in the Create Table chapter.
You have to set Connection property of Command object and use parametersized query instead of hardcoded SQL to avoid SQL Injection.
using(SqlConnection openCon=new SqlConnection("your_connection_String")) { string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) VALUES (@staffName,@userID,@idDepartment)"; using(SqlCommand querySaveStaff = new SqlCommand(saveStaff)) { querySaveStaff.Connection=openCon; querySaveStaff.Parameters.Add("@staffName",SqlDbType.VarChar,30).Value=name; ..... openCon.Open(); querySaveStaff.ExecuteNonQuery(); } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
