C3 Newbie DataAdapter question

G

Guest

Hi, I'm studying C# now, but I'm used to work with DB in other programming
languages.
I'm reading about DataAdapters and inserting, updating, and deletting data
from in a table. I got the example below:

provate static void InsertNewCar(SqlDataAdapter dAdapter)
{

//Get info about new car to insert
....
string sql = string.Format("Insert Into Invetory"+
"CarId, Make, Color, PetName) Values"+
"('{0}', '{1}', '{2}', '{3}')",
newCarId, newCarMake, newCarColor, newCarPetName);
dAdapter.InsertCommand = new SqlCommand(sql);
dAdapter.InsertCommand.Connection = cnObj;

DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
....
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
}

What I don't understand here is why it seems to be duplicated the insert to
the DB. First an SQL statement is created, this statment by itself is able to
insert the new Car to the DB. After that a new row is inserted manually
directly to the table.
Please, can anyone explain me this example.

Thanks a lot.
 
N

Nicholas Paldino [.NET/C# MVP]

Allende,

The example that you are using is a VERY bad example.

Your SQL statement should look like this:

string sql = "insert into Inventory (CarId, Make, Color, PetName) values
(@carId, @make, @color, @petName)";

And then, you should create SqlParameter instances for each of the
parameters, setting the values on each of the parameter instances. You want
to use parameters so you can protect yourself from an injection attack.

Hope this helps.
 
G

Guest

Thanks Nicholas, I suppose this example is that simple just for clarify the
use of DataAdapter.
My question is: why to use the SQL statement and the manual assigment of
each field to the table. They both do the same.

thanks.

Nicholas Paldino said:
Allende,

The example that you are using is a VERY bad example.

Your SQL statement should look like this:

string sql = "insert into Inventory (CarId, Make, Color, PetName) values
(@carId, @make, @color, @petName)";

And then, you should create SqlParameter instances for each of the
parameters, setting the values on each of the parameter instances. You want
to use parameters so you can protect yourself from an injection attack.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Allende said:
Hi, I'm studying C# now, but I'm used to work with DB in other programming
languages.
I'm reading about DataAdapters and inserting, updating, and deletting data
from in a table. I got the example below:

provate static void InsertNewCar(SqlDataAdapter dAdapter)
{

//Get info about new car to insert
...
string sql = string.Format("Insert Into Invetory"+
"CarId, Make, Color, PetName) Values"+
"('{0}', '{1}', '{2}', '{3}')",
newCarId, newCarMake, newCarColor, newCarPetName);
dAdapter.InsertCommand = new SqlCommand(sql);
dAdapter.InsertCommand.Connection = cnObj;

DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
...
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
}

What I don't understand here is why it seems to be duplicated the insert
to
the DB. First an SQL statement is created, this statment by itself is able
to
insert the new Car to the DB. After that a new row is inserted manually
directly to the table.
Please, can anyone explain me this example.

Thanks a lot.
Click to expand...
Click to expand...
 
N

Nicholas Paldino [.NET/C# MVP]

Allende,

Do you mean using SqlParameters as opposed to not using the
SqlParameters?


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Allende said:
Thanks Nicholas, I suppose this example is that simple just for clarify
the
use of DataAdapter.
My question is: why to use the SQL statement and the manual assigment of
each field to the table. They both do the same.

thanks.

Nicholas Paldino said:
Allende,

The example that you are using is a VERY bad example.

Your SQL statement should look like this:

string sql = "insert into Inventory (CarId, Make, Color, PetName) values
(@carId, @make, @color, @petName)";

And then, you should create SqlParameter instances for each of the
parameters, setting the values on each of the parameter instances. You
want
to use parameters so you can protect yourself from an injection attack.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Allende said:
Hi, I'm studying C# now, but I'm used to work with DB in other
programming
languages.
I'm reading about DataAdapters and inserting, updating, and deletting
data
from in a table. I got the example below:

provate static void InsertNewCar(SqlDataAdapter dAdapter)
{

//Get info about new car to insert
...
string sql = string.Format("Insert Into Invetory"+
"CarId, Make, Color, PetName) Values"+
"('{0}', '{1}', '{2}', '{3}')",
newCarId, newCarMake, newCarColor,
newCarPetName);
dAdapter.InsertCommand = new SqlCommand(sql);
dAdapter.InsertCommand.Connection = cnObj;

DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
...
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
}

What I don't understand here is why it seems to be duplicated the
insert
to
the DB. First an SQL statement is created, this statment by itself is
able
to
insert the new Car to the DB. After that a new row is inserted manually
directly to the table.
Please, can anyone explain me this example.

Thanks a lot.
Click to expand...
Click to expand...
Click to expand...
 
C

Carl Daniel [VC++ MVP]

Allende said:
Thanks Nicholas, I suppose this example is that simple just for
clarify the use of DataAdapter.
My question is: why to use the SQL statement and the manual assigment
of each field to the table. They both do the same.
Click to expand...

No, they don't.

The SQL statement lets the DataAdapter insert a row into the database. A
DataRow is an offline row - it need not have any manifestation in the
database at all. The call to DataAdapter.Update actually inserts the row
into the database by using the InsertCommand. (But since you've defined a
hard-wired insert command, it'll always insert the same row, no matter what
you put in the DataRow).

As Nicholas already mentioned, this is a very bad example.

-cd
 
G

Guest

No Nicholas, I'm aware of the use of parameters and I agree with you that is
much better use them in this case.
My question is that in the code I posted the author assign a SQL statement
to the DataAdapter:

This statemente in fact insterts a new row to the table in the DB. Then he
writes manually these values again to the table:
DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
...
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
Click to expand...
Click to expand...
Click to expand...

In my opinion he is doing twice the same thing....why?

thanks again

Nicholas Paldino said:
Allende,

Do you mean using SqlParameters as opposed to not using the
SqlParameters?


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Allende said:
Thanks Nicholas, I suppose this example is that simple just for clarify
the
use of DataAdapter.
My question is: why to use the SQL statement and the manual assigment of
each field to the table. They both do the same.

thanks.

Nicholas Paldino said:
Allende,

The example that you are using is a VERY bad example.

Your SQL statement should look like this:

string sql = "insert into Inventory (CarId, Make, Color, PetName) values
(@carId, @make, @color, @petName)";

And then, you should create SqlParameter instances for each of the
parameters, setting the values on each of the parameter instances. You
want
to use parameters so you can protect yourself from an injection attack.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hi, I'm studying C# now, but I'm used to work with DB in other
programming
languages.
I'm reading about DataAdapters and inserting, updating, and deletting
data
from in a table. I got the example below:

provate static void InsertNewCar(SqlDataAdapter dAdapter)
{

//Get info about new car to insert
...
string sql = string.Format("Insert Into Invetory"+
"CarId, Make, Color, PetName) Values"+
"('{0}', '{1}', '{2}', '{3}')",
newCarId, newCarMake, newCarColor,
newCarPetName);
dAdapter.InsertCommand = new SqlCommand(sql);
dAdapter.InsertCommand.Connection = cnObj;

DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
...
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
}

What I don't understand here is why it seems to be duplicated the
insert
to
the DB. First an SQL statement is created, this statment by itself is
able
to
insert the new Car to the DB. After that a new row is inserted manually
directly to the table.
Please, can anyone explain me this example.

Thanks a lot.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Hi Carl, thanks for answering.

Ok, I can understand your point. I realize that the SQL statement has to be
commited into the DB. That's what DataAdapter.Update is for?..I thionk so,
but why he uses these:

*****************
DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
....
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
*****************

I think this code is inserting manually all the fields into the database.
It's affecting the same row SQL affects. Can you uderstand me now?
 
M

Mel

the first part DataRow newCar = ds.......... creates a new row.

dsCarInventory.Tables["Inventory"].Rows.Add(newCar); adds the row to the
in memory table.

dAdapter.Update(dsCarInventory.Tables["Inventory"]); commits the changes
to the dataset


Allende said:
Hi Carl, thanks for answering.

Ok, I can understand your point. I realize that the SQL statement has to
be
commited into the DB. That's what DataAdapter.Update is for?..I thionk so,
but why he uses these:

*****************
DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
...
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
*****************

I think this code is inserting manually all the fields into the database.
It's affecting the same row SQL affects. Can you uderstand me now?

Carl Daniel said:
No, they don't.

The SQL statement lets the DataAdapter insert a row into the database. A
DataRow is an offline row - it need not have any manifestation in the
database at all. The call to DataAdapter.Update actually inserts the row
into the database by using the InsertCommand. (But since you've defined a
hard-wired insert command, it'll always insert the same row, no matter
what
you put in the DataRow).

As Nicholas already mentioned, this is a very bad example.

-cd
Click to expand...
Click to expand...
 
G

Guest

Hello Mel,

I understan that...but my doubt is in why use an InsertCommand too? he
InsertCommand has an SQL statement that do the same that the code you
explained for me...isn't it?

Mel said:
the first part DataRow newCar = ds.......... creates a new row.

dsCarInventory.Tables["Inventory"].Rows.Add(newCar); adds the row to the
in memory table.

dAdapter.Update(dsCarInventory.Tables["Inventory"]); commits the changes
to the dataset


Allende said:
Hi Carl, thanks for answering.

Ok, I can understand your point. I realize that the SQL statement has to
be
commited into the DB. That's what DataAdapter.Update is for?..I thionk so,
but why he uses these:

*****************
DataRow newCar = dsCarInventory.Tables["Inventory"].NewRow();
newCar["CarId"] = newCarId;
...
newCar["PetName"] = newCarPetName;
dsCarInventory.Tables["Inventory"].Rows.Add(newCar);
dAdapter.Update(dsCarInventory.Tables["Inventory"]);
*****************

I think this code is inserting manually all the fields into the database.
It's affecting the same row SQL affects. Can you uderstand me now?

Carl Daniel said:
Allende wrote:
Thanks Nicholas, I suppose this example is that simple just for
clarify the use of DataAdapter.
My question is: why to use the SQL statement and the manual assigment
of each field to the table. They both do the same.

No, they don't.

The SQL statement lets the DataAdapter insert a row into the database. A
DataRow is an offline row - it need not have any manifestation in the
database at all. The call to DataAdapter.Update actually inserts the row
into the database by using the InsertCommand. (But since you've defined a
hard-wired insert command, it'll always insert the same row, no matter
what
you put in the DataRow).

As Nicholas already mentioned, this is a very bad example.

-cd
Click to expand...
Click to expand...
Click to expand...
 
Top