0

I want to show message if my sql request is done with no problems. In this moment i have code that show MessageBox for every successful done request, but if there is no username and is didn't done again it's showing the same messagebox.

try
{
    using (SqlConnection con = new SqlConnection(constring))
    {
        con.Open();
        using (SqlCommand command = new SqlCommand("DELETE FROM dbo.Admin WHERE UserName  = '" + txtUserName.Text +"'", con))
        {
            command.ExecuteNonQuery();
            MessageBox.Show("Successful operation!");
        }
        con.Close();
    }

How can i fix that? I want to show successful operation only if there is result from sql request, not everytime when i am doing that command.

juharr
  • 31,741
  • 4
  • 58
  • 93
BlackStock
  • 11
  • 4
  • 2
    First off you really should use sql parameters to avoid potential SQL injection attacks. Second `ExecuteNonQuery` returns the number of rows effected, so from that you'll know if a row was deleted or not. – juharr Mar 30 '17 at 22:10

3 Answers3

0

You could just get the number of rows affected as below:

var numbersOfAffectedRows = command.ExecuteNonQuery();

and then check if it is greater than zero.

if(numbersOfAffectedRows>0)
{
    MessageBox.Show("Successful operation!");
}
Christos
  • 53,228
  • 8
  • 76
  • 108
0

Look at the result of ExecuteNonQuery method, it returns the number of row that's affected. So if it's higher than 0, u can show the message box:

if(command.ExecuteNonQuery() > 0)
{
    MessageBox.Show("Successful operation!");
}

There is another problem in your code in terms of security, you should never build an sql query by concatenating plain user input, instead you should use Sql parameters, you can learn more about that and sql injection in general from the below links:

Community
  • 1
  • 1
Selman Genç
  • 100,147
  • 13
  • 119
  • 184
  • Thank you for advice for my security. But for now this is complex of component for university project. I really want to know how to make my code more secure and more protected. I'll look to this links. Thank you again, and have a nice day. – BlackStock Mar 31 '17 at 11:31
0

You should check on the number of rows affected which is retuned from ExecuteNonQuery command as follows:

   using (SqlConnection con = new    SqlConnection(constring))
   {
       con.Open();
       using (SqlCommand command = new   SqlCommand("DELETE FROM dbo.Admin WHERE  UserName  = '" + txtUserName.Text +"'", con))
       {
           if( command.ExecuteNonQuery() > 0)
              MessageBox.Show("Successful operation!");
       }
       con.Close();
  }
Abdullah Dibas
  • 1,499
  • 1
  • 9
  • 13
  • Thank you so much. If i want to show messagebox when it's not deleting something, what i can do for this situation? Thank you again. – BlackStock Mar 31 '17 at 11:30
  • You are welcome. If the numbers of rows affected is equal to zero then no rows are deleted, so you should just add the "no rows deleted" message in the else part of the if statement. – Abdullah Dibas Mar 31 '17 at 13:22