0

I am working on project where i am inserting productid into one of table.But here is something strange. If productid is like(002374) then in table its saving like(2374),missing leading zeros.

I have checked variable fetching correct productid(002374). Datatype of column is nvarchar(255). And productid variable is of string type.

It looks something wrong with datatype or different thing.

Here is my code:

productid = dt.Rows(i)(3)
item = dt.Rows(i)(0)
amount = dt.Rows(i)(1)
qty = dt.Rows(i)(2)
Custid = Session("customerid")
Total = Session("price")

Notes = Session("Notes")

Dim con1 As New Data.SqlClient.SqlConnection
con1.ConnectionString = ConfigurationManager.ConnectionStrings("ConnStringDb1").ConnectionString
Dim strConnString1 As String = ""

strConnString1 &= "INSERT INTO Weborder_Details   (OrderID,Qty,Cost,UnitPrice,ProductID,ItemDescription)  VALUES  ('" & result2 & "','" & qty & "', " & amount & "," & amount & "," & productid & ",'" & item & "'); "

Dim cmd2 As SqlClient.SqlCommand = New SqlClient.SqlCommand(strConnString1, con1)
con1.Open()

cmd.Connection = con1
cmd.CommandType = CommandType.Text

cmd2.ExecuteNonQuery()

Please tell me what i need to solve this issue.

Improve this question
4
  • 2
    if product is nvarchar, then why are you not passing it in single quotes? "," & productid & ",'" should be ",'" & productid & "','" Commented Mar 26, 2014 at 9:45
  • Iv'e removed the C# tag as it didn't seem relevant. Read up on how to parameterize your queries - this way you don't need to remember to mangle and escape strings. Commented Mar 26, 2014 at 9:48
  • ...or even better, a stored procedure Commented Mar 26, 2014 at 9:53
  • 1
    Terrible naming convention btw Commented Mar 26, 2014 at 10:08

1 Answer 1

Reset to default
1

I would strongly recommend that you use parameterized query here. You can read the reasoning here. However, for your problem You are passing productid as integer to database, change this

strConnString1 &= "INSERT INTO Weborder_Details   (OrderID,Qty,Cost,UnitPrice,ProductID,ItemDescription)  VALUES  ('" & result2 & "','" & qty & "', " & amount & "," & amount & "," & productid & ",'" & item & "'); "

to

//note the single quotes around product id
strConnString1 &= "INSERT INTO Weborder_Details   (OrderID,Qty,Cost,UnitPrice,ProductID,ItemDescription)  VALUES  ('" & result2 & "','" & qty & "', " & amount & "," & amount & ",'" & productid & "','" & item & "'); "
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

this is not a good advice - parameterized queries should be used instead.
@Knaģis agreed to what you have said, though i haven't advised him to write that code. I was updating my answer when you commented.
@Ehsan thanks for your suggestion single quotes does the trick...its something wrong to use this???
@sikha yes it is. See the links in my answer of the alternative that should be used. And accept it if it was helpful.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.