-1

Okay so I am trying to use parameters in C# sql code block but I am getting @Data in my SQL table please help

            string connectionString = @"Network Library=DBMSSOCN;Data Source=**********,1433;database=*******;User id=*****;Password=******;";
            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                connection.Open();
                //
                // Description of SQL command:
                // 1. It selects all cells from rows matching the name.
                // 2. It uses LIKE operator because Name is a Text field.
                // 3. @Name must be added as a new SqlParameter.
                //
                using (SqlCommand command = new SqlCommand(
                "INSERT INTO [dbo].[event_logs] ([event_level],[date_and_time],[source],[event_id],[task_category],[event_data],[channel],[computer_id],[created_at],[updated_at])VALUES('" + entry.EntryType + "','" + entry.TimeWritten + "','" + entry.Source + "','" + entry.InstanceId + "','" + entry.Category + "',' @Data ','" + logtype + "','" + computerID + "','" + DateTime.Now.ToString() + "','" + DateTime.Now.ToString() + "')", connection))
                {
                    //
                    // Add new SqlParameter to the command.
                    //
                    command.Parameters.Add(new SqlParameter("@Data", entry.Message));
                    //
                    // Read in the SELECT results.
                    //
                    SqlDataReader reader = command.ExecuteReader();
                    while (reader.Read())
                    {

                    }
                }
            }
Improve this question
2
  • And by the way, you are running an INSERT query, which SELECT results do you expect to get?
    – Steve
    Commented Aug 12, 2014 at 15:55
  • Instead of passing through DateTime.Now, use GETDATE() in SQL
    – Muster Station
    Commented Aug 12, 2014 at 15:56

4 Answers 4

Reset to default
2

INSERTs don't return results. Use .ExecuteNonQuery() instead of .ExecuteReader().

Improve this answer
1

You are getting @Data because you SQL string is formatted like "',' @Data ','" which is wrong, it is no more a variable, it is itself a SQL String.

What you need to do is fix the SQL query from "',' @Data ','" to "', @Data ,'" it will be fine then.

using (SqlCommand command = new SqlCommand(
"INSERT INTO [dbo].[event_logs] ([event_level],[date_and_time],[source],[event_id],[task_category],[event_data],[channel],[computer_id],[created_at],[updated_at])VALUES('" + entry.EntryType + "','" + entry.TimeWritten + "','" + entry.Source + "','" + entry.InstanceId + "','" + entry.Category + "', @Data ,'" + logtype + "','" + computerID + "','" + DateTime.Now.ToString() + "','" + DateTime.Now.ToString() + "')", connection))
{

    // Add new SqlParameter to the command.

    command.Parameters.Add(new SqlParameter("@Data", entry.Message));
    command.ExecuteNonQuery();
}
Improve this answer
5
  • I think that you should mention that using just one parameter and leaving the string concatenation in place is totally useless.
    – Steve
    Commented Aug 12, 2014 at 16:01
  • @Steve - yes i agree to that, but i think that OP is sure that rest of data is from trusted source, since he knows using SqlParam
    – Parimal Raj
    Commented Aug 12, 2014 at 16:03
  • 1
    I would bet that this code also after your 'fix' will not work. If it works then he/she have dates stored as strings. A mistake of epic proportions
    – Steve
    Commented Aug 12, 2014 at 16:06
  • well, it indeed is saved as string!
    – Parimal Raj
    Commented Aug 12, 2014 at 16:07
  • Nothing to worry. It is just bad code, not life or death (unless you write Airplanes or Medical software)
    – Steve
    Commented Aug 12, 2014 at 16:09
0

You need to specify the name and data type in the constructor, and the value in the new object:

command.Parameters.Add("@Data", SqlDbType.VarChar).Value = entry.Message;
Improve this answer
0 
private void button2_Click(object sender, EventArgs e)
{ 
    try
    {
        string sSQL = "INSERT INTO StuTable (Name, Batch,CGPA, DOB, Program, 
            Picture)VALUES (@Name, @Batch,@CGPA,@DOB,@Program,@Picture)";
        SqlCommand objCmd = new SqlCommand(sSQL, conn);

        objCmd.Parameters.Add("@Name", SqlDbType.VarChar, 50);
        objCmd.Parameters.Add("@Batch", SqlDbType.Int);
        objCmd.Parameters.Add("@CGPA", SqlDbType.Float);
        objCmd.Parameters.Add("@DOB", SqlDbType.VarChar, 50);
        objCmd.Parameters.Add("@Program", SqlDbType.VarChar, 50);
        objCmd.Parameters.Add("@Picture", SqlDbType.VarChar, 500);

        //objCmd.Parameters["@RegdNo"].Value = Convert.ToInt32(textBox3.Text);
        objCmd.Parameters["@Name"].Value = textBox4.Text;
        objCmd.Parameters["@Batch"].Value = textBox5.Text;
        objCmd.Parameters["@CGPA"].Value = textBox6.Text;
        objCmd.Parameters["@DOB"].Value = maskedTextBox1.Text;
        objCmd.Parameters["@Program"].Value = textBox8.Text;
        objCmd.Parameters["@Picture"].Value = textBox9.Text;

        objCmd.ExecuteNonQuery();

        // MessageBox.Show("Record Added");

    }
    catch (Exception te)
    {
        MessageBox.Show(te.Message.ToString());
    }
}
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.