Hi @Abhishek Prasad ,
It is better to use SqlCommand
with parameters.
Check it out below.
I don't know your data. Same with your target table structure, and column data types.
That's why you need to double check data types in SqlDbType
, and their lengths.
c#
String query = ""insert into orderdetails (orderid,sno,medicineid,medicinename,mrp,quantity,dateoforder) VALUES (@orderid,@sno,@medicineid,@medicinename,@mrp,@quantity,@dateoforder)";
using(SqlCommand command = new SqlCommand(query, connection))
{
command.Parameters.Add("@orderid", SqlDbType.Int).Value = Label3.Text;
command.Parameters.Add("@sno", SqlDbType.VarChar, 30).Value = dt.Rows[i]["sno"];
command.Parameters.Add("@medicineid", SqlDbType.Int).Value = dt.Rows[i]["medicineid"];
command.Parameters.Add("@medicinename", SqlDbType.VarChar, 30).Value = dt.Rows[i]["medicinename"];
command.Parameters.Add("@mrp", SqlDbType.Int).Value = dt.Rows[i]["mrp"];
command.Parameters.Add("@quantity", SqlDbType.Int).Value = dt.Rows[i]["quantity"];
command.Parameters.Add("@dateoforder", SqlDbType.DateTime).Value = Label4.Text;
connection.Open();
int result = command.ExecuteNonQuery();
// Check Error
if(result < 0)
Console.WriteLine("Error inserting data into Database!");
}