-2

In my windows form applications, I could passed login user's username from my login form to main form. This will display in a label.When I going to make a Purchase Order(in PO form), I want to save this username to PO table.

How can I access username label value from Main form to PO class?

Login Form:

 con.sqlquery("select count (*) from Login where UserName='" + textBox1.Text + "' and Password='" + textBox2.Text + "'");
 con.datatable();
 int count = Convert.ToInt32(con.cmd.ExecuteScalar());
 if (count == 1)
 {
     this.Hide();
     Main2 frm2 = new Main2();
     frm2.UserNameLableText(textBox1.Text);
     frm2.Show();
  }

Main Form

public void UserNameLableText(string UserName)
{
    this.lblusername.Text = UserName;
}

And PO class

public void savePurchseOrder(int Supplier_ID,string Date,string RequiredDate,double GrandTotal)
{
    DynamicConnection con = new DynamicConnection();
    Main2 main = new Main2();
    con.mysqlconnection();
    con.sqlquery("Insert into TBL_PO(Supplier_ID,Date,RequiredDate,GrandTotal) values(@Supplier_ID,@Date,@RequiredDate,@GrandTotal)");
    con.cmd.Parameters.Add(new SqlParameter("@Supplier_ID", SqlDbType.Int));
    con.cmd.Parameters["@Supplier_ID"].Value = Supplier_ID;
    con.cmd.Parameters.Add(new SqlParameter("@Date", SqlDbType.Date));
    con.cmd.Parameters["@Date"].Value = Date;
    con.cmd.Parameters.Add(new SqlParameter("@RequiredDate", SlDbType.Date));
    con.cmd.Parameters["@RequiredDate"].Value = RequiredDate;
    con.cmd.Parameters.Add(new SqlParameter("@GrandTotal", SqlDbType.Money));
    con.cmd.Parameters["@GrandTotal"].Value = GrandTotal;
    con.nonquery();
}
TheGeneral
  • 79,002
  • 9
  • 103
  • 141
Kith
  • 117
  • 3
  • 17
  • 1
    Possible duplicate of [What are good ways to prevent SQL injection?](https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection) – mjwills Jul 04 '18 at 12:14
  • who downward this without giving a single comment : | – Kith Jul 04 '18 at 12:14
  • Does this code compile? I am surprised that `nonquery` compiles? – mjwills Jul 04 '18 at 12:15

1 Answers1

-2

Your public void is overrided :

public void savePurchseOrder(int Supplier_ID,string Date,string RequiredDate,double GrandTotal)
    {
        DynamicConnection con = new DynamicConnection();
        Main2 main = new Main2();
        con.mysqlconnection();
        con.sqlquery("Insert into TBL_PO(Supplier_ID,Date,RequiredDate,GrandTotal) values(@Supplier_ID,@Date,@RequiredDate,@GrandTotal)");
        con.cmd.Parameters.Add(new SqlParameter("@Supplier_ID", SqlDbType.Int));
        con.cmd.Parameters["@Supplier_ID"].Value = Supplier_ID;
        con.cmd.Parameters.Add(new SqlParameter("@Date", SqlDbType.Date));
        con.cmd.Parameters["@Date"].Value = Date;
        con.cmd.Parameters.Add(new SqlParameter("@RequiredDate", SqlDbType.Date));
        con.cmd.Parameters["@RequiredDate"].Value = RequiredDate;
        con.cmd.Parameters.Add(new SqlParameter("@GrandTotal", SqlDbType.Money));
        con.cmd.Parameters["@GrandTotal"].Value = GrandTotal;
        con.nonquery();
    }

It should be: 

public void savePurchseOrder(int Supplier_ID,string Date,string RequiredDate,double GrandTotal)
    {
        DynamicConnection con = new DynamicConnection();
        Main2 main = new Main2();
        con.mysqlconnection();
        con.sqlquery("Insert into TBL_PO(Supplier_ID,Date,RequiredDate,GrandTotal) values(@Supplier_ID,@Date,@RequiredDate,@GrandTotal)");
        con.cmd.Parameters.Add(new SqlParameter("@Supplier_ID", SqlDbType.Int));
        con.cmd.Parameters["@Supplier_ID"].Value = Supplier_ID;
        con.cmd.Parameters.Add(new SqlParameter("@Date", SqlDbType.Date));
        con.cmd.Parameters["@Date"].Value = Date;
        con.cmd.Parameters.Add(new SqlParameter("@RequiredDate", SqlDbType.Date));
        con.cmd.Parameters["@RequiredDate"].Value = RequiredDate;
        con.cmd.Parameters.Add(new SqlParameter("@GrandTotal", SqlDbType.Money));
        con.cmd.Parameters["@GrandTotal"].Value = GrandTotal;
        con.nonquery();
    }
Super Yuda
  • 3
  • 1