Home/ Questions/Q 6675195
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T03:49:27+00:00

I’m executing an Insert statement from c# with values extracted from TextBox Controls in

  • 0

I’m executing an Insert statement from c# with values extracted from TextBox Controls in my gui.

I’ve only 2 columns with not null constrain in my DB

for eg : my insert statement is all are VARCHAR fields including ssn and dbate is date type

insert into emp (fname,minit,lname,dbate,ssn,sex) values ('arun','','','','12345','')

This works fine if all values are entered but when I enter null values, I get Data MisMatch error like a statement above while executing the statement .while executing sql directly in sql2005 the query works fine .

string myInsertQuery = "INSERT INTO Employee (fname,minit,lname,ssn,bdate,address,sex) values  ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox7.Text + "')";


 OleDbCommand myCommand2 = new OleDbCommand(myInsertQuery, mycon)


myCommand2.ExecuteNonQuery();
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You might wanna try:

    insert into emp (fname,minit,lname,dbate,ssn,sex) values ('arun', NULL, NULL, NULL,'12345', NULL)

    Check if the user is typing some characters like ‘ and — it can easily corrupt your syntax!!!

    OFF-TOPIC BUT RELATED: By getting your values directly from the textbox youre allowing anyone to inject SQL on your application, its therefore a flaw. You can avoid it by parametrizing your query, such as follow:

    SqlCommand cmd = new SqlCommand("select * where Pk = @param1");
cmd.Parameters.Add("@param1", SqlDbType.Int);
cmd.Parameters["@param1"].Value = txtPk.text;
    • 0