C# refund SQL syntax -


i wrote inventory software; have 3 forms 1st 1 had items inventory 2nd 1 sell items inventory , last 1 can refund items sold.

i have problem refund command, here code:

try {     mycon.open();     int y = 0;      (int = 0; < datagridview1.rows.count; i++)     {         sqlcommand cmd5 = new sqlcommand("update pharmacy_items set quantity= quantity + " + datagridview1.rows[y].cells[4].value + " , sold= sold - " + datagridview1.rows[y].cells[4].value + " itemname='" + datagridview1.rows[y].cells[1].value + "'", mycon);         cmd5.executenonquery();         y += 1;     }      mycon.close(); }

with code want add items stock again sometime doesn't work , didn't add items , change items not right. there wrong code or way using?

thanks

sorry bad english : )

use parameterized query more readable , recommended way.

try         {             mycon.open();             int y = 0;             (int = 0; i<datagridview1.rows.count; i++)             {                  string sql = "update [dbo].[pharmacy_items] set quantity= quantity + @quantity , sold= sold - @sold itemname=@itemname";                  using (sqlcommand cmd5 = new sqlcommand(sql, mycon))                 {                     cmd5.commandtype = commandtype.text;                     var qunatityparam = new sqlparameter{value=datagridview1.rows[y].cells[4].value, sqldbtype=sqldbtype.int, parametername="quantity"};                     var soldparam = new sqlparameter{value=datagridview1.rows[y].cells[4].value, sqldbtype = sqldbtype.int, parametername = "sold"};                     var itemnameparam = new sqlparameter{value=datagridview1.rows[y].cells[1].value,sqldbtype = sqldbtype.varchar, parametername = "itemname"};                      cmd5.parameters.add(qunatityparam);                     cmd5.parameters.add(soldparam);                     cmd5.parameters.add(itemnameparam);                     cmd5.executenonquery();                 }                  y += 1;             }             mycon.close();         }

or better way write stored procedure in sql end , call c# code below prevents sql injection.

sql

create procedure editpharmacyitems      @quantity int,     @sold int,     @itemname varchar(max) begin      set nocount on;      update pharmacy_items      set quantity = quantity+@quantity      ,sold = sold - @sold      itemname =@itemname end go

c#

            try             {                  string sqlquery = "[dbo].[editpharmacyitems]";                 int y = 0;                 mycon.open();                  (int = 0; i<datagridview1.rows.count; i++)                 {                     sqlcommand cmd5 = new sqlcommand(sqlquery, mycon);                     cmd5.commandtype=commandtype.storedprocedure;                     var qunatityparam = new sqlparameter{value=datagridview1.rows[y].cells[4].value, sqldbtype=sqldbtype.int, parametername="quantity"};                     var soldparam = new sqlparameter{value=datagridview1.rows[y].cells[4].value, sqldbtype = sqldbtype.int, parametername = "sold"};                     var itemnameparam = new sqlparameter{value=datagridview1.rows[y].cells[1].value,sqldbtype = sqldbtype.varchar, parametername = "itemname"};                       cmd5.parameters.add(qunatityparam);                      cmd5.parameters.add(soldparam);                      cmd5.parameters.add(itemnameparam);                      cmd5.executenonquery();                                      y += 1;                 }                 mycon.close();             }

-

Comments

Post a Comment

Popular posts from this blog

java - SSE Emitter : Manage timeouts and complete() -

i writing web app multiple listeners(evcentsource sse clients js) connected server . want store sse emitter per connected listener : can done in memory or other means assigning id each client able achieve far now question ; how send response/event specific client connected web app ? while doing sseemmiters stored either getting completed or timed out. how prevent ? how keep sseemmiter available open infinite time (till client closes) , send events selectively .
Read more

jquery - uncaught exception: DataTables Editor - remote hosting of code not allowed -

i'm trying implement crud operation using datatableseditor using datatables.but i'm getting error messages: 1)uncaught exception: datatables editor - remote hosting of code not allowed. please see http://editor.datatables.net details on how purchase editor license 2)typeerror: a.editor undefined 3) $.fn.datatable.editor not constructor" what reason? here configuration: <%@ page language="java" contenttype="text/html; charset=iso-8859-1" pageencoding="iso-8859-1"%> <!doctype html public "-//w3c//dtd html 4.01 transitional//en" "http://www.w3.org/tr/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>insert title here</title> <link rel="stylesheet" type="text/css" href="//cdn.datatables.net/1.10.12/css/jquery.datatables.min.css"> <link re...
Read more

java - How to resolve error - package com.squareup.okhttp3 doesn't exist? -

i trying convert json java object use of gson in maven, following youtube video guidance - https://www.youtube.com/watch?v=vqgghm9pwe0 , theres error occurs when in main class error - package com.squareup.okhttp3 doesn't exist. code below: java package com.codebeasty.json; import com.squareup.okhttp3.okhttpclient; public class main { private static okhttpclient client = new okhttpclient(); public static void main (string [] args) { } } i put in dependency in pom.xml: <dependencies> <dependency> <groupid>com.squareup.okhttp3</groupid> <artifactid>okhttp</artifactid> <version>3.4.2</version> </dependency> <dependency> <groupid>com.google.code.gson</groupid> <artifactid>gson</artifactid> <version>2.8.0</version> </dependency> </dependencies> i dont understand why doesn't recognize com.squareup. there may need download? have downl...
Read more