Reputation: 3
delete string combobox item C#
Thanks for your help. All of you (Literally)
I checked another part of my code where I was updating an entry and I used that code and modified it. Now it works
Here it is
string sql = "DELETE from Login WHERE UserName = '" + comboBox1.SelectedItem.ToString() + "'";
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.Parameters.Add(new SqlParameter("@UserName", comboBox1.SelectedItem.ToString()));
int rowdel = cmd.ExecuteNonQuery();
MessageBox.Show("Done!");
This is my code for deleting the particular row from a database that is selected through a combo box. My teacher used this same code and his programme worked. However it is showing an error on :
" int rowInserted = cmd.ExecuteNonQuery(); "
it says
An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Additional information: Incorrect syntax near '='.
here is my code:
private void button1_Click(object sender, EventArgs e)
{
string connectionString = "Server = HP-PC\\SQLExpress; Database = CProject; Trusted_Connection = True";
SqlConnection conn = new SqlConnection();
conn.ConnectionString = connectionString;
conn.Open();
string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
int rowInserted = cmd.ExecuteNonQuery();
label7.Text = rowInserted.ToString();
conn.Close();
}
private void AddDeleteUsers_Load(object sender, EventArgs e)
{
string connectionstring = "Server=HP-PC\\SQLExpress;Database=CProject;Trusted_Connection=True;";
SqlConnection conn = new SqlConnection();
conn.ConnectionString = connectionstring;
conn.Open();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select UserName from Login";
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
comboBox1.Items.Add(reader["UserName"].ToString());
reader.Close();
conn.Close();
}
Upvotes: 0
Views: 1476
Answers (5)
Reputation: 5832
In order to prevent SQL Injection Attacks you should use a parameterized Query:
string connectionString = "Server = HP-PC\\SQLExpress; Database = CProject; Trusted_Connection = True";
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
string sql = "delete from [Login] where UserName = @UserName;";
using (SqlCommand cmd = new SqlCommand(sql, conn))
{
SqlParameter p = new SqlParameter("UserName", comboBox1.SelectedText.ToString());
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
}
}
Upvotes: 0
Reputation: 5258
I'll give you a hint.
The error message is in your SQL code, in this line:
string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();
The problem is that SQL needs text in single quotes, such as 'text' ...
Without providing the answer (since this is homework) I think this give you enough to figure it out?
Edit "by popular demand"
By the way, one of the reasons that it is not recommended to just take a value from the HTML input (your ComboBox) is that it could be manipulated by a malicious person and replaced with SQL code, which is known as SQL Injection.
To avoid that, the use of Parameters is recommended.
An example would be
string sql = "delete from [Login] where UserName = @UserName"
Then you would have to add a parameter to your command before you execute it
command.Parameters.AddWithValue("@UserName", comboBox1.SelectedText.ToString());
This prevents someone from mutating your SQL statement into something sinister.
Upvotes: 4
Reputation: 5921
string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString()+ "'";
is better, no?
Be carefull with Sql injection by the way...
Upvotes: 1
Reputation: 33381
Try this:
string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString() + "'";
It is better to use SqlParameter to avoid sql injection.
string sql = "delete from [Login] where UserName = @username";
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.Parameters.AddWithValue("@username", comboBox1.SelectedText.ToString());
int rowInserted = cmd.ExecuteNonQuery();
Upvotes: 1
Reputation: 7898
Change
string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();
to this
string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString() + "'";
You need single quotes around around the text.
Upvotes: 2
Related Questions
- How to delete object from combobox?
- How to delete items from a ComboBox at runtime using C# / WinForms
- Remove all instances of specific item from a combobox in C#
- How to delete row from database depending on what is selected within a combobox
- Errors with codes for deleting using linq
- Remove combo box item c#
- DELETE FROM combobox.text database
- How to remove more items from combobox?
- Deleting row from Database via Combobox
- delete the id from combobox during runtime after deleting from database in vb.net