Insert string into database

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

hi,

how can I solve this problem? should I write some code or this is provided
by Microsoft?

string FirstName = "Monica";
string Number = "123456789";

strCommand = "INSERT INTO Profiles (FirstName, LastName) " +
"VALUES (FirstName, Number)";
.............................................

thisCommand.ExecuteNonQuery();

there are some problem in strCommand. please tell me what's the problem.

thank you,
Monica
 
string FirstName = "Monica";
string Number = "123456789";

strCommand = "INSERT INTO Profiles (FirstName, LastName) " +
"VALUES (FirstName, Number)";
............................................

thisCommand.ExecuteNonQuery();
Click to expand...

how about this:

strCommand = string.Format("INSERT INTO Profiles (FirstName,
LastName) VALUES ('%s', '%s')", FirstName, Number);

That's assuming your Number field is really a string field.
 
hi,

how can I solve this problem? should I write some code or this is provided
by Microsoft?

string FirstName = "Monica";
string Number = "123456789";

strCommand = "INSERT INTO Profiles (FirstName, LastName) " +
"VALUES (FirstName, Number)";
............................................

thisCommand.ExecuteNonQuery();

there are some problem in strCommand. please tell me what's the problem.

thank you,
Monica
Click to expand...

I think you want to try this command string

strCommand = "INSERT INTO Profiles (FirstName, LastName) Values (" +
FirstName + ", " + Number + ")";

I think this will solve your problem but to be sure I would need to
know a little about the design of the table and more of your source
code (connection string, connecting, etc.). Try posting some code
information if it doesn't work.
 
Monica said:
how can I solve this problem? should I write some code or this is provided
by Microsoft?

string FirstName = "Monica";
string Number = "123456789";

strCommand = "INSERT INTO Profiles (FirstName, LastName) " +
"VALUES (FirstName, Number)";
............................................

thisCommand.ExecuteNonQuery();

there are some problem in strCommand. please tell me what's the problem.
Click to expand...

You should write this as a parameterised command, and add the parameter
values to the command. That way you avoid SQL injection attacks.

See http://pobox.com/~skeet/csharp/faq/#db.parameters
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Insert string into database 1
generic class doesn't work but ArrayList work fine 1
MS ACCESS Insert statement problem using Visual Basic 2010 0
error in loading dll 0
Populating Business Entities into UI 12
I am a new C# Programmer 5
Create User Wizard Insert Issue 1
OOP object collections 26

Back
Top