-2

I wanted to insert a data to my database with textBox.

But I don't want to add duplicate ID to my database and I want to show a message box.

Actually I did it but when I want to add a new data which is different than all ID's, I get an error

NullReferenceException was unhandled (Object reference not set to an instance of an object)

This is my code

for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
    if (textBox1.Text == dataGridView1.Rows[i].Cells[0].Value.ToString())
    {
        MessageBox.Show("This ID is already exist", "Something went wrong", MessageBoxButtons.OK, MessageBoxIcon.Warning);
        textBox1.Focus();
        return;
    }
}

DataTable dt = new DataTable();
string query = "insert into InOrder(InodID, OrderNum, SuppID, CarID, Price, Amount, OrderDate) values ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + dateTimePicker1.Text + "')";

SqlDataAdapter sda = new SqlDataAdapter(query, connect);
sda.Fill(dt);
dataGridView1.DataSource = dt;

MessageBox.Show("Your data successfully saved", "Congratulation", MessageBoxButtons.OK, MessageBoxIcon.None);

How can I solve this problem?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Bakhtiyar_Dler
  • 7
  • 2
  • [SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection - check out [Little Bobby Tables](http://bobby-tables.com/) – marc_s Mar 18 '23 at 15:45
  • but how can i do that? can give me more detail? – Bakhtiyar_Dler Mar 18 '23 at 17:49
  • Search for *SQL Server parametrized queries* - there's gotta be literally ***thousands*** of tutorials on how to do this the proper way! – marc_s Mar 18 '23 at 17:51
  • Start here: https://learn.microsoft.com/en-us/aspnet/web-forms/overview/data-access/accessing-the-database-directly-from-an-aspnet-page/using-parameterized-queries-with-the-sqldatasource-cs – marc_s Mar 18 '23 at 17:52

1 Answers1

-1

The issue you're facing is most likely due to the fact that you're using a DataAdapter to insert data into your database, but you're not actually executing the query. Instead, you're trying to fill a DataTable with the results of the query, which doesn't make sense in this context.

To fix the issue, you should change your code to use a SqlCommand object to execute the insert query directly. Here's an updated version of your code that should work:

// Check for duplicate ID
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
    if (textBox1.Text == dataGridView1.Rows[i].Cells[0].Value.ToString())
    {
        MessageBox.Show("This ID is already exist", "Something went 
wrong", MessageBoxButtons.OK, MessageBoxIcon.Warning);
        textBox1.Focus();
        return;
    }
}

// Insert data into database
string query = "insert into InOrder(InodID, OrderNum, SuppID, CarID, 
Price, Amount, OrderDate)values('" + textBox1.Text + "','" + 
textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + 
textBox5.Text + "','" + textBox6.Text + "','" + dateTimePicker1.Text + 
"')";
using (SqlCommand cmd = new SqlCommand(query, connect))
{
    cmd.ExecuteNonQuery();
}

// Refresh the DataGridView with the updated data
DataTable dt = new DataTable();
string selectQuery = "select * from InOrder";
SqlDataAdapter sda = new SqlDataAdapter(selectQuery, connect);
sda.Fill(dt);
dataGridView1.DataSource = dt;

MessageBox.Show("Your data successfully saved", "Congratulation", 
MessageBoxButtons.OK, MessageBoxIcon.None);

Note that I've also added code to refresh the DataGridView with the updated data after the insert operation is complete. This ensures that the user sees the updated data immediately.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Samuel Bouchard
  • 1
  • 1
    Reproducing the SQL-Injection-Vulnerable code without even *commenting* on it being a huge security hole is not great IMO. (I doubt that this is actually the cause of an NRE anyway, to be honest.) – Jon Skeet Mar 18 '23 at 15:56