0

My SQL Server database table

This is my code for the Register button:

private void button1_Click(object sender, EventArgs e)
{
    string gender = "Male";

    if (radioButton1.Checked)
    {
        gender = "Male";
    }
    else if (radioButton2.Checked)
    {
        gender = "female";
    }

    SqlConnection con = new SqlConnection("Data Source=LAPTOP-78IBEHAB;Initial Catalog=student;Integrated Security=True");
    con.Open();

    SqlCommand cmd2 = new SqlCommand("select Regno from Register where Regno = @Regno",con);
    cmd2.Parameters.AddWithValue("Regno",comboBox1.Text);

    SqlDataReader sdr = cmd2.ExecuteReader();

    if (sdr.Read())
    {
        con.Close();
        MessageBox.Show("Duplicate Reg No");
    }
    else
    {
        con.Close();

        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandType = CommandType.Text;

        cmd.CommandText = "insert into Register(Firstname, Lastname, DOB, GENDER, ADDRESS, EMAIL, MOBILE, HOME, PARENT, NIC, CONTACT,COURSE)\r\nvalues\r\n('" + textBox1.Text + "', '" + textBox2.Text + "', '" + dateTimePicker1.Text + "', '" + gender + "', '" + textBox3.Text + "', '" + textBox4.Text + "', '" + textBox5.Text + "', '" + textBox6.Text + "', '" + textBox7.Text + "', '" + textBox8.Text + "', '" + textBox9.Text + "','"+comboBox2.Text+"')";

        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();

        MessageBox.Show("Registration successfull");

        textclear();
        comboBox1.Items.Clear();

        comdata();
    }
}

I just want to pop a message box when trying to insert irrelevant values to given textbox eg: name = 123456(int),phone = john(varchar) and NotNUll

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Bakeer
  • 11
  • Hi, currently I do not see any code in your example where you are checking these values. It may be useful to write a new method that handles validation of your desired inputs and returns some value that indicates whether validation passed or failed and then decide whether you should show the message box. You could perform this validation at the beginning of your click event method. I am assuming you are working with Windows Forms, so here is a link to the MessageBox class: [messagebox](https://learn.microsoft.com/en-us/dotnet/api/system.windows.forms.messagebox?view=windowsdesktop-7.0) – Ryan Wilson Mar 02 '23 at 14:44
  • Where is the attempt to solve the problem and which are the difficulties you did encounter? – Olivier Jacot-Descombes Mar 02 '23 at 14:46
  • [Images](//meta.stackoverflow.com/q/285551/90527) should not be used for textual data, such as code, error messages or sample data/schema. – outis Mar 03 '23 at 00:04
  • Since SQL includes data definition, a [mcve] for an [SQL question](//meta.stackoverflow.com/q/333952/90527) should include [DDL](//en.wikipedia.org/wiki/Data_definition_language) statements for sample tables (rather than an ad hoc table specification) and [DML](//en.wikipedia.org/wiki/Data_manipulation_language) statements for sample data (rather than a dump or ad hoc format). Desired results don't need to be presented as sample code, as results are the output of code and not code themselves. – outis Mar 03 '23 at 00:04
  • You've described what you want, but not the problem you're facing. What, specifically, do you need help on? – outis Mar 03 '23 at 00:04
  • See the [help] for more on [how to ask good questions](/help/how-to-ask) and many other helpful topics. See also the [tips for asking a good Structured Query Language (SQL) question](//meta.stackoverflow.com/questions/271055) and "[How much research effort is expected of Stack Overflow users?](//meta.stackoverflow.com/q/261592/90527)". – outis Mar 03 '23 at 00:05

1 Answers1

2

First of all, you should not use SQL statements like this, because it makes your application vulnerable for SQL injection attacks (read about it in Microsofts SQL Docs, for example). Instead, use SqlParameters as described in the same link.

Now, for the question at hand, with an approach like this you have to validate and/or parse the user input yourself or use specialized controls, for example the NumericUpDown control for values that are actual numbers.

You can also restrict the key presses a textbox will accepted, as described here: Numeric TextBox

t.haeusler
  • 76
  • 5