decimal point changes to comma in INSERT Querystring

  • Thread starter Thread starter G.Esmeijer
  • Start date Start date
G

G.Esmeijer

Friends

When I use a Querystring for insertdating data into a Tabel (going to
SQLserver)
the decimal pint changes to a comma. The result is that I get a system error
(which I can understand)

sSQL = "INSERT A,B INTO TABEL VALUES (aValue, BValue");
where A ="aaa"
and B = 12.5

is a string and B is a float.

the result is INSERT A , B INTO TABEL VALUES ( "AAA", 12,5); Now SQL Server
assumes 3 variables

How to solve this??
Regards
gerrit Esmeijer
 
G.Esmeijer said:
When I use a Querystring for insertdating data into a Tabel (going to
SQLserver)
the decimal pint changes to a comma. The result is that I get a system error
(which I can understand)

sSQL = "INSERT A,B INTO TABEL VALUES (aValue, BValue");
where A ="aaa"
and B = 12.5

is a string and B is a float.

the result is INSERT A , B INTO TABEL VALUES ( "AAA", 12,5); Now SQL Server
assumes 3 variables

How to solve this??
Click to expand...

Don't put the values into the SQL directly at all - use parameters, and
set the values of the parameters.
 
Are you using adhoc SQL, or typed parameters? You should be using typed
parameters.

That is, do not do this:
aSQL = "INSERT A,B INTO TABLE VALUES (" + aValue + ", " + bValue + ");";

Not only do you run into culture issues, as you are below, but there are
also HUGE security problems if somebody injects bad strings into aValue.

You should instead be using the SqlCommand class, and it's typed parameters.
It takes a little bit more code, but in the long run you'll have less
headaches.

Do something like:
aSQL = "INSERT A,B INTO TABLE VALUES (@A, @B);";
SqlCommand insCmd = new SqlCommand(aSQL, connection);
SqlParameter param1 = new SqlParameter("@A", System.Data.SqlDbType.NVarChar,
length);
param1.Value = aValue;
insCmd.Parameters.Add(param1);
SqlParameter param1 = new SqlParameter("@B", System.Data.SqlDbType.Int);
param1.Value = bValue;
insCmd.Parameters.Add(param2);

The above should be close, although I can't gurantee it will compile as
written. Look up the specific classes for more info.
 
Michael,

Thanks for taking the effort to help me out. I will try it and let you know
if it works.
The sucurity problems are not such an issue here. Im reading data from a
text-file which is then stored in SQLserver-table.

Regards
gerrit esmeijer
 
The sucurity problems are not such an issue here. Im reading data from a
text-file which is then stored in SQLserver-table.
Click to expand...
Since the price is so small, I would be concerned about security.
Two years from now someone will decide to get the strings from the
user and not realize all the implications.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Use commas as decimal separator 2
Decimal comma / point problem in sql 6
Decimal dot to Decimal Comma 3
Decimal point/comma issue 3
Problems filling image field in MSSQL server 4
Combobox changes the decimal commas to dots - How to prevent it? 2
tiny discrepancies in fixed-point numbers 3
The fastest way to determine c = (byte)a & b 7

Back
Top