Store null integer value from inside c# app

Question

Hie.

So what I'm trying to do is insert a null value in an integer column in MySQL using a C# application.

I'm aware the query to generally do such a thing would be;

INSERT INTO Database.Table (IntColumn) VALUES (NULL);
UPDATE Database.Table set IntColumn = (NULL) where id = '1';

It works great in workbench. Thing is, I'm not even sure if this is possible but I need to do this in C# while still allowing the textbox the flexibility to enter integers into the MySQL database. In this case 'home.text' which is linked up to 'home' column in MySQL which is an integer field.

This is how I made my code.

    using MySql.Data.MySqlClient;
    using MySql.Data;

    namespace Masca.Content
    {

/// <summary>
/// Interaction logic for Login.xaml
/// </summary>
public partial class Login : UserControl
{
    //Function to check if column value is null before fetching string

    public static string GetString(MySqlDataReader reader, string colName)
    {
        if (reader[colName] == DBNull.Value)
            return string.Empty;
        else
            return (string)reader[colName];
    }

    //Function to check if column value is null before fetching int as string
    public static string GetColumnValueAsString(MySqlDataReader reader, string colName)
    {
        if (reader[colName] == DBNull.Value)
            return string.Empty;
        else
            return reader[colName].ToString();
    }

    public Login()
    {
        InitializeComponent();

    }

    public void save_Click(object sender, RoutedEventArgs e)
    {
    //Authentication parameters
        string sqlcon = "datasource = localhost; port = 3306; username = root; password = root";
    //Query to excecute
        string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('" + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','" + this.home.Text + "', '" + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '" + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text + "') ; insert into logon.login (username, password) values ('" +this.username.Text+ "', '" +this.password.Text+ "'); select * from users.employees where member = '" + this.member.Text + "' ;";

        MySqlConnection con = new MySqlConnection(sqlcon);

        MySqlDataReader rdr;

        MySqlCommand cmd = new MySqlCommand(queryadd, con);

     // Excecution
            try
            {
                con.Open();
                rdr = cmd.ExecuteReader();
                MessageBox.Show("Saved");
                while (rdr.Read())
                {
                    //Declarations using function

                    string stag = GetColumnValueAsString(rdr, "tag");
                    string snumber = GetColumnValueAsString(rdr, "tag");
                    string smember = GetColumnValueAsString(rdr, "member");

                    string susername = GetString(rdr, "username");
                    string spassword = GetString(rdr, "password");

                    string ssecurity = GetString(rdr, "question");
                    string sanswer = GetString(rdr, "answer");

                    string sfirst = GetString(rdr, "first");
                    string ssecond = GetString(rdr, "second");
                    string sthird = GetString(rdr, "third");
                    string sfourth = GetString(rdr, "surname");

                    string sdob = rdr.GetString("dob");
                    string sgender = rdr.GetString("gender");
                    string sdoc = rdr.GetString("doc");

                    string sdept = rdr.GetString("dept");

                    string scell = GetColumnValueAsString(rdr, "cell");
                    string shome = GetColumnValueAsString(rdr, "home");
                    string swork = GetColumnValueAsString(rdr, "work");
                    string semail = GetString(rdr, "email");
                    string spemail = GetString(rdr, "pemail");

                    string sstreet = GetString(rdr, "street");
                    string ssurbub = GetString(rdr, "surbub");
                    string scity = GetString(rdr, "city");
                    string sregion = GetString(rdr, "region");

                    string sposition = GetString(rdr, "position");
                    string saccess = GetString(rdr, "access");
                    string sprivilages = GetString(rdr, "privilages");
                    string sbank = GetString(rdr, "bank");
                    string saccount = GetString(rdr, "account");

                    //Binding strings to textboxes

                    tag.Text = stag;
                    number.Text = stag;
                    member.Text = smember;

                    username.Text = susername;
                    password.Text = spassword;

                    question.Text = ssecurity;
                    answer.Text = sanswer;

                    first.Text = sfirst;
                    second.Text = ssecond;
                    third.Text = sthird;
                    surname.Text = sfourth;

                    dob.Text = sdob;
                    gender.Text = sgender;

                    doc.Text = sdoc;
                    dept.Text = sdept;

                    cell.Text = scell;
                    home.Text = shome;
                    work.Text = swork;
                    email.Text = semail;
                    pemail.Text = spemail;

                    street.Text = sstreet;
                    surbub.Text = ssurbub;
                    city.Text = scity;
                    region.Text = sregion;

                    position.Text = sposition;
                    access.Text = saccess;


                    privilages.Text = sprivilages;
                    bank.Text = sbank;
                    account.Text = saccount;
                }


            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }

This is the code behind a form that contains employee details. home.text is supposed to hold the home land line number. Assuming the employee doesn't have a land line at home, they would leave the field blank.

Everytime I do that however, I get an exception thrown saying "Incorrect integer value". To leave it blank in the database, I would have to type (NULL) where '"this.home.text'" currently is in the query. If i do that though, I wont be able to insert information into the database using home.text when need be.

Anyother way to do this?

Answer 1

Insert Usual preamble about your SQL being open to injection attacks (see this question for more information on parameterized SQL).

The problem is, you're inserting strings in to all the columns, irrespective of the underlying database type.

this:

'" + this.home.text + "'

If blank, will produce '', which cannot be converted to an integer. You might want to try something like:

int? homeNumber = null;  // Note the int? is syntactic sugar for Nullable<int>
if(!string.IsNullOrEmpty(home.text))
    homeNumber = Convert.ToInt32(home.Text);

And insert thusly:

," + homeNumber + ",.... etc.

Answer 2

You could try something along the lines of

if (!int.TryParse(shome, out home.Text))
    home.Text = null;

Answer 3

I think instead you should just check for empty or null strings,

 string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('"
                    + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text
                    + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','"
                    + string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text + "', '"  
                    + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '"
                    + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text
                    + "') ; insert into logon.login (username, password) values ('" + this.username.Text + "', '" + this.password.Text + "'); "
                    + " select * from users.employees where member = '" + this.member.Text + "' ;";

look at string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text

I don't think so the SQL that you have formed is right and will work like this, i.e. two SQL separated by ; and also has SELECT SQL merged with INSERT