finding error

capri · April 1st, 2008, 10:07 PM

hi all,

i get error in my application .plz help to recover the error

i add time in the database .before adding in database it
check this time is already exit or not .if exits it don't allow
me to add the same time again

i have two comobox one for hour and second for minute and it contain
int value.i get value from comobox and concatenate both value
and send to database

on running application it give me system error message

private void btnAdd_Click(object sender, System.EventArgs e)
        {
    //cbxHr.Text hour combo box
    //cbxMin.Text min combo box
    SaveTiming(cbxHr.Text,cbxMin.Text);
            }

    private void SaveTiming(string hr, string std_min)
        {
    bool flag = false;
    string connectionString = "Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Testing;Data Source=(local)";
    string test = hr+""+ std_min;

string i****ist = "SELECT * FROM timing WHERE s_time=" + test + "";
string sqlInst = "Insert into timing(s_test)Values(" + test + ")";

using (SqlConnection connection = new SqlConnection(connectionString))
            {
    SqlCommand command = new SqlCommand(i****ist, connection);
    connection.Open();
    SqlDataReader reader = command.ExecuteReader();
    if (reader.HasRows)
    {
    MessageBox.Show("Timing already has been assigned");
    flag = true;
                }
    reader.Close();
       if (!flag)
                {
        SqlCommand cmd = new SqlCommand(sqlInst, connection);
                    cmd.ExecuteNonQuery();

                }
            }
        }

weicco · April 2nd, 2008, 12:51 AM

First of all, never concatenate SQL strings like that! Use @param place holders and SqlCommand.Parameters collection. For example:

SqlCommand cmd = new SqlCommand("SELECT * FROM MyTable WHERE Foo = @foo");
cmd.Parameters.AddWithValue("foo", some_value);

Second, I'd suggest you to make stored procedure which handles inserting. Something like:

Code:

CREATE PROCEDURE InsertTiming(@timing nvarchar(255))
BEGIN
  SET NOCOUNT ON;

  -- Check if timing already exists
  DECLARE @tmp nvarchar(255);
  SELECT @tmp = s_time FROM timing WHERE s_time = @timing;
  IF @tmp IS NOT NULL
  BEGIN
    raiserror(N'Timing %s already assigned',
      10,
      1,
      @timing);
  END

  -- Insert new value
  INSERT INTO timing(s_test) VALUES (@timing);
END

Then just call it like this:

Code:

SqlCommand cmd = new SqlCommand("InsertTiming", connection);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("timing", test);

try
{
  cmd.ExecuteNonQuery();
}
catch (SqlException e)
{
  MessageBox.Show(e.Message);
}

weicco · April 2nd, 2008, 12:53 AM

Ah. Stupid me. You could just add unique index to s_test field and catch the exception which is thrown when you try to insert duplicate value :)