Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

problem in send information to sql database 1

Status
Not open for further replies.
saminetemad

saminetemad

Programmer
Dec 13, 2010
9
IR
Hello
I wantto tell you my problem as a example:
I have two textboxes and one button in the page. When I click on the button, MoneyManagement table in sql database is updated by text of textboxes .Type of this field are nvarchar
I wrote the following code :

protected void Button1_Click(object sender, EventArgs e)
{

string strconnection;
strconnection = ConfigurationSettings.AppSettings["connectionstring"];
SqlConnection DBConnection = new SqlConnection(strconnection);
DBConnection.Open();
string sql = "";
sql = "UPDATE MoneyManagement SET ";
sql += "Name=" + "'" +TextBox1.Text + "'" + ",";
sql += "Explain=" + "'" + TextBox2.Text + "'" + " ";
sql += "WHERE ID=2 ";

SqlCommand cmd = new SqlCommand(sql, DBConnection);

cmd.ExecuteNonQuery();
DBConnection.Close();
}


When the text of textboxes are English, this code works fine. but if text of textboxes are Persian this code doesn't work fine (In the database instead of text placed a question mark)

I'm not going to define the parameters. I want to send data with sql string.



 
Sort by date Sort by votes
Since you are building the update string in code, you need to handle unicode data differently. If you did use parameters, there wouldn't be any need for the special handling because the parameter object handles that for you.

Anyway...

When you hard code a string, SQL Server interprets it as a varchar string (not an nvarchar string). To hard code an nvarchar string, you need to preface the data with N. like this:

Code: 
Update MoneyManagement 
Set    Name = [!]N[/!]'Unicode data here',
       Explain = [!]N[/!]'More Unicode data'
Where  Id = 2

so... try this:

Code: 
        string sql = "";
        sql = "UPDATE MoneyManagement SET ";
        sql += "Name= [!]N[/!]'" +TextBox1.Text + "'" + ",";
        sql += "Explain= [!]N[/!]'" + TextBox2.Text + "'" + "  ";
        sql += "WHERE ID=2 ";


-George
Microsoft SQL Server MVP
My Blogs
SQLCop
"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom
 
Upvote 0 Downvote
Don't embed parameters into string directly - this is very bad practice and opens you to SQL injection attacks. Take a moment to educate yourself about SQL injection attacks and stop using this bad practice in your code once and for all.

PluralSight Learning Library
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

V
  • Locked
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
385
Volvere
V
gbaughma
  • Locked
  • Question
SQL Performance
Replies
11
Views
377
pjw001
pjw001
Andrzejek
  • Locked
  • Question
Eliminate pesky [ ] in SQL Management Studio
Replies
5
Views
287
SaltyTheFrog
SaltyTheFrog
elly00
  • Locked
  • Question
create sql view using batch file
Replies
5
Views
246
Mike Lewis
Mike Lewis
Cpreston
  • Locked
  • Question
Seconds to minutes 2
Replies
5
Views
508
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top