Error making an Insert in sql server with c#

Asked

Viewed 85 times

1

I am trying to make an Insert in a table and am getting an error message.

Error image:

inserir a descrição da imagem aqui

Code:

private void etqmanual()    
{
     conex.Open();
     SqlCommand comando;

     StringBuilder Query = new StringBuilder();
     Query.Append("   SELECT                                             ");
     Query.Append("   ISNULL(MAX(CB.CB0_CODETI), 0) + 1 AS CB0_CODETI    ");
     Query.Append("  ,CONVERT(varchar, GETDATE(), 112) AS CB0_DTNASC     ");
     Query.Append("   FROM CB0020 AS CB                                  ");

     comando = conex.CreateCommand();
     comando.CommandText = Query.ToString();

     SqlDataReader reader = comando.ExecuteReader();

     etqmanualps.Add("Produto:" + txt_descprod.Text);
     etqmanualps.Add("Lt. Interno:" + txt_lotefrac.Text + "Dt. Fabricação:" + txt_dtfabricfrac.Text + "Dt. Validade:" + txt_dtvalidfrac.Text);
     etqmanualps.Add("QTDA.:" + txt_qtda.Text + "Origem:" + txt_origem.Text + "Fabricante:" + txt_nomefabric.Text);
     etqmanualps.Add("Lt. Fabric.:" + txt_lotefabric.Text + "DCB:" + txt_dcb.Text);
     int qtdeCarac = txt_cas.Text.Length;
     int loop = qtdeCarac / 43;
     int pos = 1;

     if (loop == 0)
     {
         etqmanualps.Add("CAS:" + " " + txt_cas.Text);
     }
     else
     {
         for (int i = 1; i <= loop; i++)
         {
             if ((pos + 43) > qtdeCarac)
                 etqmanualps.Add(txt_cas.Text.Substring(pos));
             else
                 etqmanualps.Add((i == 1 ? "CAS: " : "     ") + txt_cas.Text.Substring(pos, 43));
             pos = (i * 43) + 1;
         }
     }

     etqmanualps.Add("Guia:" + txt_guia.Text);

     while (reader.Read())
     {
         etqmanualps.Add("Cod.:" + "*" + reader[0].ToString() + "*");
     }

     prtmanual.Print();
     etqmanualps.Clear();

     SqlCommand cmd = new SqlCommand();
     cmd.CommandType = CommandType.Text;
     cmd.CommandText = "INSERT INTO CB0020 (CB0_CODETI, CB0_TIPO, CB0_CODPRO, CB0_QTDE, CB0_LOCAL, CB0_LOTE, CB0_DTVALID, CB0_FORNEC, CB0_LOJAFO, CB0_XTARA, CB0_XLOTEF, CB0_XQTDKG, CB0_XORIGE, CB0_XIMP) VALUES ('" + reader[0].ToString() + "', '" + "01" + "', '" + txt_codprod.Text + "', '" + txt_qtda.Text + "', '" + "01" + "', '" + txt_lotefrac.Text + "', '" + txt_dtvalidfrac.Text + "', '" + txt_codfbaric.Text + "', '" + "01" + "', '" + "0" + "', '" + txt_lotefabric.Text + "', '" + txt_qtda.Text + "', '" + txt_codorig.Text + "', '" + "0" + "' )";
     cmd.Connection = conex;

     conex.Close();         
 }
  • 1

    should be your Reader[0]. Tostring(), when you were debugging it did the reading of the field ?

  • something else see how to pass parameters avoiding sql injection https://msdn.microsoft.com/pt-br/library/system.data.sqlclient.sqlcommand.parameters(v=vs.110). aspx

1 answer

1


you are using the Reader after the while(reader.Read()) so at this point he no longer has data.

on the line:

 cmd.CommandText = "INSERT INTO CB0020 (CB0_CODETI, CB0_TIPO, CB0_CODPRO, CB0_QTDE, CB0_LOCAL, CB0_LOTE, CB0_DTVALID, CB0_FORNEC, CB0_LOJAFO, CB0_XTARA, CB0_XLOTEF, CB0_XQTDKG, CB0_XORIGE, CB0_XIMP) VALUES ('" + reader[0].ToString() + "', '" + "01" + "', '" + txt_codprod.Text + "', '" + txt_qtda.Text + "', '" + "01" + "', '" + txt_lotefrac.Text + "', '" + txt_dtvalidfrac.Text + "', '" + txt_codfbaric.Text + "', '" + "01" + "', '" + "0" + "', '" + txt_lotefabric.Text + "', '" + txt_qtda.Text + "', '" + txt_codorig.Text + "', '" + "0" + "' )";

remove the reader[0].ToString(); and follow the advice of the colleague, to avoid Sqlinjection

Browser other questions tagged

You are not signed in. Login or sign up in order to post.