Add in BD in c#

Asked

Viewed 50 times

-2

I’m doing a little project in my college and I started to work with classes in c#, but I’m finding problems when it comes to inserting (my amount of values in Insert does not match values) in my BD and I don’t understand. my User class:

    private int _codigo;
    private string _senha, _username;
    private byte[] _vetorImagens;

    public int Codigo
    {
        get
        {
            return _codigo;
        }

        set
        {
            _codigo = value;
        }
    }

    public string Senha
    {
        get
        {
            return _senha;
        }

        set
        {
            _senha = value;
        }
    }

    public string Username
    {
        get
        {
            return _username;
        }

        set
        {
            _username = value;
        }
    }

    public byte[] VetorImagens
    {
        get
        {
            return _vetorImagens;
        }

        set
        {
            _vetorImagens = value;
        }
    }

    public string Inserir()
    {


        return "insert into Usuario(Username,Senha,Foto) values ('" + _username+ "''" + _senha + "''" + _vetorImagens +"')";
    }
}

}

c# database

  • Welcome to stackpt! Your code alone does not Insert, it just returns a string. Can you show us how you are actually doing Insert? Also as answer below the syntax of your SQL is wrong, commas are missing.

1 answer

-1


Some commas are missing from your insert syntax.

I in your case would do it this way for better visualization of the Insert mount:

string sql = "",
        sqlInsert = "",
        sqlValues = "";

sqlInsert += " INSERT INTO usuario(";
sqlInsert += "        Username ";
sqlInsert += "       ,Senha";
sqlInsert += "       ,Foto)";

sqlValues += " Values(";
sqlValues += "'" + _username + "',";
sqlValues += "'" + _senha + "',";
sqlValues += "'" + _vetorImagens + "')";


sql = sqlInsert + sqlValues;

return sql;

  • Out of curiosity, because of the negative?

  • 2

    Parameterized query is bad (sql inject). I did not negatively because the scope of the code provided by the AP does not include the relevant parts of the Insert, so it is more difficult to point out how it would be ideal

  • Got it, in case it is worth editing and demonstrate the Insert using the Parameters.Add?

  • Yeah, that’d be great!

Browser other questions tagged c# database

You are not signed in. Login or sign up in order to post.