Hi,
I'm using VS2005 and I'm trying to link the C# windows form to MSSQL.
I used BindingNavigator Control to read the data. After that I add
sqlcommand and sqldataadapter to send the data to the database. My
code is this

sqlDataAdapter1. InsertCommand. CommandText =
"INSERT INTO SUDENT (" +
"S_ID, S_NAME, S_ADDRESS, S_PHONE" +
") VALUES ('" +
S_IDComboBox. Text + "', '" +
S_NAMETextBox. Text + "', '" +
S_ADDRESSTextBox. Text + "', '" +
S_PHONETextBox. Text + "')";

sqlDataAdapter1. InsertCommand. ExecuteNonQuery( );

It gave me this error
"NulleferenceExcept ion was Unhandled"and " Object refrence not set to
an instance of an object" so I add this line

sqlCommand1 = ("INSERT INTO STUDENT (S_ID,S_NAME, S_ADDRESS, S_PHONE)
VALUES (@S_ID,@S_NAME, @S_ADDRESS, @S_PHONE) " ,sqlConnection1) ;

Then it gave me some stupid error. By the way it didn't make a new
object of SqlCommand although I tired ....

So can u help me to solve my problem ? Thank you

(projectid2007 (AT) yahoo (DOT) com) writes:
Since you ask this in an SQL Server newsgroup, I will tell you what is
wrong with this query from an SQL Server perspective. What do you think
happens if the user in the PhoneTextBoxs types:

'); DROP TABLE SUDENT'

Oops! Table gone!

You should use parameterised commands:

"INSERT INTO SUDENT (" +
"S_ID, S_NAME, S_ADDRESS, S_PHONE" +
") VALUES (@ID, @Name, @Address, @Phone)"

and then use the CreateParameter method to define your parameters.


You are probably better off asking in a .Net newsgroup about how to
write .Net programs. Particularly, if you want to link them to
forms.



--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx