0

As you can check in attached screenshot that null values are inserted instead of Actual Value Screenshot

I have an INSERT query further bound with Gridview

The query is:

string cmdStr = fun.insert("SD_Cust_Quotation_Details_Temp", 
    "SessionId,CompId,FinYearId,ItemDesc,TotalQty,Rate", 
    "'" + SId + "','" + CompId + "','" + FinYearId + "','" + ProductName + "','" + Qty + "','" + r + "'");
Klaus Gütter
  • 11,151
  • 6
  • 31
  • 36
Test Synergy
  • 9
  • 4
  • If you put a breakpoint at this line, what is the value of `SId`? – Klaus Gütter Feb 09 '19 at 06:53
  • It shows NULL Value. – Test Synergy Feb 09 '19 at 07:50
  • 2
    So this is your answer, you send a null to DB so you get a null in DB – Aldert Feb 09 '19 at 07:55
  • 1
    You should really be parametrising your code. That looks very only to open to injection – Thom A Feb 09 '19 at 10:13
  • The **above code** should not be causing a `NULL` to be inserted (it can't, it has quotes around it - so it would be inserting `''` instead). For us to be 100% sure though, you'd need to provide a [mcve]. – mjwills Feb 09 '19 at 12:28
  • You should change `SessionID` in the `SD_Cust_Quotation_Details_Temp` table to be `NOT NULL`able so you can find the exact code that is inserting those `NULL`s. Then, consider using Dapper or PetaPoco or the like to handle data insertion, so it can handle `NULL`s for you. Your code, as is, is open to SQL Injection. – mjwills Feb 09 '19 at 12:29
  • 3
    Possible duplicate of [Dapper and SQL Injections](https://stackoverflow.com/questions/13653461/dapper-and-sql-injections) – mjwills Feb 09 '19 at 12:31
  • @mjwills, true, probably it's the string 'NULL' and not a real DBNull. – yv989c Feb 09 '19 at 16:39
  • That is possible, yes @yv989c. – mjwills Feb 09 '19 at 21:38

0 Answers0