0

There is no error in the code but no data is inserted in the database

follwing is the code of each layer

User Layer :

private void btnSave_Click(object sender, EventArgs e)
    {
        EmpProps p = new EmpProps();
        p.Code1 = Convert.ToInt32(tfId.Text);
        p.Name1 = tfName.Text;
        p.Cell1 = tfCell.Text;
        p.Adrs1 = tfAdrs.Text;
        p.Dept1 = cmbDept.Text;
        EmpBll eb = new EmpBll();
        bool b =eb.InsertEmpBll(p);
        if(b)
        { MessageBox.Show("Saved successfully");
        }
        else
        { MessageBox.Show("Error Ocurred");
        }
    }

Logic Layer :

public class EmpBll
{
    public bool InsertEmpBll(EmpProps p)
    {
        EmpDal empdal = new EmpDal();
        bool b =empdal.InsrtEmpDal(p);

        if (b)
            return true;
        else
            return false;

    }

}

Data Access layer : 

public class EmpDal
{
   public bool InsrtEmpDal(EmpProps p)
   {
       SqlConnection conn = new SqlConnection("Data Source=DASTGIRKHAN\\SQLEXPRESS;Initial Catalog=MultilayerManagementSystem;Integrated Security=True;Pooling=False");
       SqlCommand cmd = new SqlCommand("Insert INTO EmployeeRecord Values(" + p.Code1.GetType() + ",'" +p.Name1 + "','" + p.Cell1 + "','" +p.Adrs1 + "','" + p.Dept1 + "')", conn);
       conn.Open();
       int c= cmd.ExecuteNonQuery();
       conn.Close();
       if (c > 0)
           return true;
       else

          return false;
   }
}
dcastro
  • 66,540
  • 21
  • 145
  • 155
DastgirKhan
  • 191
  • 1
  • 1
  • 6
  • Do you have try-catch's that you removed from your code when you posted your example? – Scott Chamberlain Feb 22 '14 at 18:03
  • No I have not applied try catch but but no exception occured... – DastgirKhan Feb 22 '14 at 18:10
  • 2
    There are other issues with your program too. You really should be using [`using`](http://msdn.microsoft.com/en-us/library/yh598w02.aspx) statements on your disposeable objects (like `SqlConnection` and `SqlCommand`), also you should be using [parameterised queries](http://stackoverflow.com/questions/5468425/how-do-parameterized-queries-help-against-sql-injection) instead of string adding to pass in to your query. If you don't can you tell me what would happen if my department was called `Hax!'); DROP TABLE EmployeeRecord; --`? – Scott Chamberlain Feb 22 '14 at 18:20
  • am unable to understand. if possible kindly change the given code ...Thanks – DastgirKhan Feb 22 '14 at 18:26

0 Answers0