Iqra Iqra - 4 months ago 17
MySQL Question

Error: String or binary data would be truncated. The statement has been terminated. aspx

i want to insert data into my tbl_Transaction_Master table.
here is my database table tbl_Transaction_Master
enter image description here

and my query for database insert command is

SqlCommand cmd2 = new SqlCommand("insert into tbl_Transaction_Master(Supplier_ID,Order_Price,Unique_ID,Supplier_Name,He_Is_a,Transaction_Date) values ('" + WebUserID + "','" + Session["Order_Price"] + "','" + Session["WebUserid"] + "','"+User+"','WebCustomer',getdate()); SELECT SCOPE_IDENTITY()", conn);
int temp = cmd2.ExecuteNonQuery();
Session["order_ID"] = temp;

i am getting the error as mentioned above.


There are many problems in your code, not just the one that raises the current exception.

First: You have text fields with a precise size, you cannot insert more characters than the size of the field. We don't know anything about the value passed for the SupplierName but the string WebCustomer is 11 chars and you try to insert it in a field with space only for 10 chars.

Second: Using nchar means that your fields are always filled with spaces to reach the length required. Of course this is inefficient with a lot of records, not to mention the work required to trim away those spaces when you need to show your data.

Third: ExecuteNonQuery returns the number of rows affected by your command. In this case it is always 1, you don't get the return value of SELECT SCOPE_IDENTITY(). Use ExecuteScalar.

Fourth: Some of your fields are numeric, you insert strings for them. This means that the database engine try to convert them back to the correct datatype. Usually, for integers, you can go away freely, but with floats there is a higher chance that you get a datatype mismatch error caused by difference between the locale settings of your code and the locale settings of your database. Fix for that in the next point.

Fifth: You should use parameters not string concatenation. This avoids the Sql Injection hack or the parsing error caused by automatic conversion of a string back to a numeric value. A mismatch from the locale settings used in your code and the database setting will cause errors. With a parameter you specify the type and do not convert the value. The database engine is happy.

So.....(after changing to nvarchar and after checking the length of the values)

string cmdText = @"insert into tbl_Transaction_Master 
     Supplier_Name,He_Is_a,Transaction_Date) values 
    (@webid, @price,@sessionid,@user,'WebCust.',getdate()); 

SqlCommand cmd2 = new SqlCommand(cmdText, conn);
cmd2.Parameters.Add("@webid", SqlDbType.Int).Value = WebUserID 
cmd2.Parameters.Add("@price", SqlDbType.Decimal).Value = Session["Order_Price"];
cmd2.Parameters.Add("@sessionid", SqlDbType.Int).Value = Session["WebUserid"];
cmd2.Parameters.Add("@user", SqlDbType.NVarChar).Value =User;
int temp = Convert.ToInt32(cmd2.ExecuteScalar());
Session["order_ID"] = temp;