Error making an insert in sql server with c # [closed]

Navigation
1

I'm trying to make an insert into a table and I'm getting an error message.

Error Image:

Code:

privatevoidetqmanual(){conex.Open();SqlCommandcomando;StringBuilderQuery=newStringBuilder();Query.Append("   SELECT                                             ");
     Query.Append("   ISNULL(MAX(CB.CB0_CODETI), 0) + 1 AS CB0_CODETI    ");
     Query.Append("  ,CONVERT(varchar, GETDATE(), 112) AS CB0_DTNASC     ");
     Query.Append("   FROM CB0020 AS CB                                  ");

     comando = conex.CreateCommand();
     comando.CommandText = Query.ToString();

     SqlDataReader reader = comando.ExecuteReader();

     etqmanualps.Add("Produto:" + txt_descprod.Text);
     etqmanualps.Add("Lt. Interno:" + txt_lotefrac.Text + "Dt. Fabricação:" + txt_dtfabricfrac.Text + "Dt. Validade:" + txt_dtvalidfrac.Text);
     etqmanualps.Add("QTDA.:" + txt_qtda.Text + "Origem:" + txt_origem.Text + "Fabricante:" + txt_nomefabric.Text);
     etqmanualps.Add("Lt. Fabric.:" + txt_lotefabric.Text + "DCB:" + txt_dcb.Text);
     int qtdeCarac = txt_cas.Text.Length;
     int loop = qtdeCarac / 43;
     int pos = 1;

     if (loop == 0)
     {
         etqmanualps.Add("CAS:" + " " + txt_cas.Text);
     }
     else
     {
         for (int i = 1; i <= loop; i++)
         {
             if ((pos + 43) > qtdeCarac)
                 etqmanualps.Add(txt_cas.Text.Substring(pos));
             else
                 etqmanualps.Add((i == 1 ? "CAS: " : "     ") + txt_cas.Text.Substring(pos, 43));
             pos = (i * 43) + 1;
         }
     }

     etqmanualps.Add("Guia:" + txt_guia.Text);

     while (reader.Read())
     {
         etqmanualps.Add("Cod.:" + "*" + reader[0].ToString() + "*");
     }

     prtmanual.Print();
     etqmanualps.Clear();

     SqlCommand cmd = new SqlCommand();
     cmd.CommandType = CommandType.Text;
     cmd.CommandText = "INSERT INTO CB0020 (CB0_CODETI, CB0_TIPO, CB0_CODPRO, CB0_QTDE, CB0_LOCAL, CB0_LOTE, CB0_DTVALID, CB0_FORNEC, CB0_LOJAFO, CB0_XTARA, CB0_XLOTEF, CB0_XQTDKG, CB0_XORIGE, CB0_XIMP) VALUES ('" + reader[0].ToString() + "', '" + "01" + "', '" + txt_codprod.Text + "', '" + txt_qtda.Text + "', '" + "01" + "', '" + txt_lotefrac.Text + "', '" + txt_dtvalidfrac.Text + "', '" + txt_codfbaric.Text + "', '" + "01" + "', '" + "0" + "', '" + txt_lotefabric.Text + "', '" + txt_qtda.Text + "', '" + txt_codorig.Text + "', '" + "0" + "' )";
     cmd.Connection = conex;

     conex.Close();         
 }
    
asked by anonymous 03.08.2017 / 14:01

1 answer

1

you are using the reader after while(reader.Read()) so at this point it no longer has any data.

on line: 

 cmd.CommandText = "INSERT INTO CB0020 (CB0_CODETI, CB0_TIPO, CB0_CODPRO, CB0_QTDE, CB0_LOCAL, CB0_LOTE, CB0_DTVALID, CB0_FORNEC, CB0_LOJAFO, CB0_XTARA, CB0_XLOTEF, CB0_XQTDKG, CB0_XORIGE, CB0_XIMP) VALUES ('" + reader[0].ToString() + "', '" + "01" + "', '" + txt_codprod.Text + "', '" + txt_qtda.Text + "', '" + "01" + "', '" + txt_lotefrac.Text + "', '" + txt_dtvalidfrac.Text + "', '" + txt_codfbaric.Text + "', '" + "01" + "', '" + "0" + "', '" + txt_lotefabric.Text + "', '" + txt_qtda.Text + "', '" + txt_codorig.Text + "', '" + "0" + "' )";

Remove reader[0].ToString(); and follow your colleague's advice to avoid SQLInjection

    
03.08.2017 / 14:48
By pressing the backspace key, delete the previous input fields How to perform query via AJAX and store the data in a javascript variable?