Home/ Questions/Q 3310166
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T21:43:38+00:00

So I am just learning .NET, WinForms, SQL Server and C#…. I previously have

  • 0

So I am just learning .NET, WinForms, SQL Server and C#…. I previously have used VB and MS Access, so I know this is a lot different but I am looking for a place to start.

I typically used unbound forms for data entry in MS Access, then saved the data to tables on btn_Click, or button event handler with Visual Basic (DAO or SQL).

So I have experimented with Visual Studio, creating WinForms with VB.NET & C#, and SQL Server. I have learned how to created a WinForm, then through VS create a DB within, and databind form to database table.

I haven’t been able to reproduce the unbound form, and saving to external database through code (btn click) though. So lets say I already have created a Database through SSMS, and am now creating a WinForm for data entry. Now on the btn click, I am looking for the C# code that would transfer that entered data from the form to a database table.

So for the sake of example let’s say that the form only has one text box called txtData, and I want to transfer it to a Database named DBExample, in a Table named tblExample, and a field named fldExample.

Can anyone help me with this. I have looked up a lot online about doing this, but everything i came across has to do with databinding the control, and I am looking for doing it through code.

thanks
justin

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For a good general reference on .NET data access, see

    http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson01.aspx

    or

    http://www.startvbdotnet.com/ado/default.aspx

    A more specific answer to your example problem:

    The rudimentary C# syntax, filtering out potentially malicious data, to prevent SQL Injection is:

     System.Data.SqlClient.SqlConnection cn = new System.Data.SqlClient.SqlConnection("SomeConnectionString")

System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
cmd.CommandText = "Insert Into tblExample (fldExample) Values (@fldExample)"; // Use a parameterized query to avoid SQL Injection
cmd.Connection = cn;

cmd.Parameters.AddWithValue("@fldExample", txtData.Text);  // Set the value of the parameter to the value of the textbox.
// Use a try... catch...finally block to ensure the connection is closed properly
try
{
   cn.Open();
   cmd.ExecuteNonQuery();
   lblStatus.Text = "Item Inserted";
}
catch(Exception ex)
{
   lblStatus.Text = ex.ToString();
}
finally
{
   cn.Close(); // will happen whether the try is successful or errors out, ensuring your connection is closed properly.
}

    PLEASE pay close attention to how to avoid SQL Injection. This is very important, and it’s something that newer developers often miss, because they, like you, are worrying about the basic syntax and getting the update to work. You CAN build your SQL statement without parameterized queries, but it’s best to learn it right immediately.

    Here’s an article on Parameterized queries. http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/

    And an article from OWASP on SQL Injection so you can see why I say it’s important. (Actually, you should become familiar with the OWASP site and ALL of the OWASP Top 10, but this article is relevant to your question.) http://www.owasp.org/index.php/SQL_Injection

    AND for a list of how to build connection strings, for SQL Server AND other DB’s, my favorite reference is http://www.carlprothman.net/Default.aspx?tabid=81

    • 0