13

When I log in, I am storing my username in the session. My requirement is that I want to store my username in my database. Here I am storing it in username1. When the username is entered, I can print it using response.write() and it is printing perfectly. However, when I am storing it in the database it is producing this error:

**sqlException was unhandled by user code
and exception at       cmd.ExecuteScalar();
String or binary data would be truncated.
The statement has been terminated.**

Following is my ado.net code:

using (SqlConnection con = 
    new SqlConnection("Data Source=.;database=testdb1;Integrated Security=SSPI")) {

    con.Open();
    //  SqlCommand cmd = new SqlCommand("delete from fileinfo where ID=" + Convert.ToInt32(Request.Params["one"]), con);                            

    string uname = (string) Session["fname"].ToString() + " " + Session["lname"].ToString(); //Session["fname"].ToString()+" "+Session["lname"].ToString();

    // Response.Write(uname);
    // uname = "sri hari";
    uname = uname + " ";
    string uname1 = uname;
    uname = uname.Trim();
    SqlCommand cmd = new SqlCommand("insert into qry_details values('" + txt_query_name.Text + "','pending for approval','" + txt_query_description.Text + "','" + DateTime.Now.ToString("yyyy-MM-dd") + "','" + qry + "','" + uname1 + "')", con);
    cmd.ExecuteScalar();
}
Improve this question
3
  • What is the data type of the column into which you are trying to insert the username? The value stored in uname is longer than the length of this column. Commented Jun 26, 2013 at 6:23
  • 1
    @srihari: you need to check your table schemas, datatypes and query like INSERT INTO table_name (column1,column2,column3,...) VALUES (@value1,@value2,@value3,...); you might be facing column mismatch Commented Jun 26, 2013 at 6:24
  • Am I the only person trying to analyse injection risk? Commented Mar 2, 2017 at 6:56

3 Answers 3

Reset to default
26

check the length of qry_details table and see if its smaller than the string you send to the db?

basically the exception says you are trying to something bigger than the column length.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

but if asigning string value directly it is inserting like uname="srihari" if iam inserting with session it is giving exception
i gave uname value 50 length
@srihari, then what is the value of uname.Length?
10

I would recommend you using a parametrized query. Your code is now vulnerable to SQL injection. Also you should use the ExecuteNonQuery method on the SQL command instead of ExecuteScalar when inserting values to the database: 

var connectionString = "Data Source=.;database=testdb1;Integrated Security=SSPI";
using (SqlConnection con = new SqlConnection(connectionString))
using (SqlCommand cmd = con.CreateCommand())
{
    con.Open();
    cmd.CommandText = "INSERT INTO qry_details VALUES (@query_name, 'pending for approval', @query_description, @date, @qry, @username)";
    cmd.Parameters.AddWithValue("@query_name", txt_query_name.Text);
    cmd.Parameters.AddWithValue("@query_description", txt_query_description.Text);
    cmd.Parameters.AddWithValue("@date", DateTime.Now);
    cmd.Parameters.AddWithValue("@qry", qry);
    cmd.Parameters.AddWithValue("@username", uname1);
    cmd.ExecuteNonQuery();
}
Improve this answer

4 Comments

string uname 1= (string)Session["fname"].ToString() + " " + Session["lname"].ToString();
But what about the "string or binary data would be truncated" error?
then also same exception is coming.exception is String or binary data would be truncated. The statement has been terminated.
it is giving at cmd.ExecuteNonQuery();
1

This error mostly happen when the inserting value is larger than the field width defined in table on SQL Server.

Check if you are inserting date and time using DateTime.Now c# fuction, your Table must be of type DateTime. not Date or Time only.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.