0

I am reading from a file and inserting values into my table. However i'm not inserting into all columns. I'm getting an overflow exception i can't place. The file content are such as:

Huseyin Sabirli 13/11/1978 Nicosia MBRh+ 05333768275 Kelebek Street, No:11, Taskinkoy, Nicosia, KKTC

the code for creating the table

c.CommandText = "CREATE TABLE patients (patientid AUTOINCREMENT PRIMARY KEY, firstlastname CHAR, birthdate CHAR, birthplace CHAR, gender CHAR, bloodtype CHAR, telnum long, address CHAR)";

the code for insertion is:

 c.CommandText = "INSERT INTO patients (" +
                            "firstlastname, birthdate, birthplace, bloodtype, telnum, address" +
                                ") VALUES ('" +
                                info.Substring(0, 15) + "', '" +
                                info.Substring(24, 10) + "', '" +
                                info.Substring(35, 9) + "', '" +
                                info.Substring(47, 5) + "', '" +
                                info.Substring(53, 11) + "', '" +
                                info.Substring(64) + "')";


            c.ExecuteNonQuery();

The overflow exception is thrown at the line c.ExecuteNonQuery();.

NOTE: the spacing in the actual file is different from that shown above. This explains the variant lengths in the substring function. Thanks

4

1 に答える 1

0

I think you have problems with your substring expression. It is not quite right.
Also the comment from @Remou identify the current cause of the exception.
Of course you have a big problem with string concatenation.
It is not the right thing to do when passing values to a database engine.
(Quoting problems, Sql Injection Attacks)

The correct approach should be:
(AFTER creating the table with the telnum filed changed to char datatype because it is not a real numeric value)

CREATE TABLE patients 
     (patientid AUTOINCREMENT PRIMARY KEY, 
     firstlastname CHAR(15), 
     birthdate CHAR(10), 
     birthplace CHAR(8), 
     gender CHAR(1), 
     bloodtype CHAR(4), 
     telnum CHAR(12), 
     address CHAR(255))
......

string info = "Huseyin Sabirli 13/11/1978 Nicosia MBRh+ 05333768275 " + 
              "Kelebek Street, No:11, Taskinkoy, Nicosia, KKTC";

string name = info.Substring(0, 15);
string date = info.Substring(16, 11)
string place = info.Substring(27, 8);
string blood = info.Substring(37, 4);
string num = info.Substring(41, 12);
string address = info.Substring(53);

string cmdText = "INSERT INTO patients (" +
                 "firstlastname, birthdate, birthplace, bloodtype, telnum, address) " +
                 "VALUES (?,?,?,?,?,?)"
using(OleDbConnection cn = getConnection())
{
    cn.Open();
    using(OleDbCommand cmd = new OleDbCommand(cmdText, cn))
    {
        cmd.Parameters.AddWithValue("name", name);
        cmd.Parameters.AddWithValue("date", date);
        cmd.Parameters.AddWithValue("place", place);
        cmd.Parameters.AddWithValue("blood", blood);
        cmd.Parameters.AddWithValue("num", num);
        cmd.Parameters.AddWithValue("address", address);
        cmd.ExecuteNonQuery();
    }
}
于 2012-12-22T11:19:19.850 に答える