Insert from code or store procedure mysql - mysql

Well i have to do a series of updates and inserts.
I have this code on vb.net
Dim posicion_id As Integer = MysqlObj.ejecutarInsert("INSERT INTO posicion (dispositivoid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada, positiontype) VALUES (" + msj.dispositivoid + "," + msj.mensajeid + ",'" + msj.fechahora + "','" + msj.longitud + "','" + msj.latitud + "'," + msj.altura + "," + msj.velocidad + "," + msj.direccion + "," + msj.resultadoid + ",'" + msj.descripcion + "'," + msj.gpsweek + "," + msj.gpsseconds + "," + msj.notificacionenviada + "," + msj.positiontype + "); SELECT LAST_INSERT_ID()").ToString()
If (Integer.Parse(msj.mensajeid) > 0) Then
MysqlObj.ejecutarInsert("INSERT INTO mensajedescripcion (mensajeid, fechahora, dispositivoid, secuencia) VALUES (" + msj.mensajeid + ",'" + msj.fechahora + "'," + msj.dispositivoid + ",0)")
End If
MysqlObj.ejecutarUpdate("UPDATE dispositivo SET ultimoMensaje = '" + msj.fechahora + "', fechanotificacion = '" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "' WHERE dispositivoid = " + msj.dispositivoid)
If (MysqlObj.hasRows("SELECT * FROM posicion_current WHERE dispositivoid = " + msj.dispositivoid)) Then
MysqlObj.ejecutarUpdate("UPDATE posicion_current SET posicionid = " + posicion_id.ToString() + ", mensajeid = " + msj.mensajeid + ", fechahora = '" + msj.fechahora + "', longitud = '" +
msj.longitud + "', latitud = '" + msj.latitud + "', altura = " + msj.altura + ", velocidad = " + msj.velocidad + ", direccion = " + msj.direccion + ", resultadoid = " + msj.resultadoid + ", descripcion = '" + msj.descripcion +
"', gpsweek = " + msj.gpsweek + ", gpsseconds = " + msj.gpsseconds + ", notificacionenviada = " + msj.notificacionenviada + " WHERE dispositivoid = " + msj.dispositivoid)
Else
MysqlObj.ejecutarInsert("INSERT INTO posicion_current (posicionid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada) VALUES (" + posicion_id + "," + msj.mensajeid + ",'" + msj.fechahora + "','" + msj.longitud + "','" + msj.latitud +
"'," + msj.altura + "," + msj.velocidad + "," + msj.direccion + "," + msj.resultadoid + ",'" + msj.descripcion + "'," + msj.gpsweek + "," + msj.gpsseconds + "," + msj.notificacionenviada + ")")
Is it better for performance to do it like that or a single stored procedure that receives all data and does each insert update
DECLARE existss INT DEFAULT 0;
INSERT INTO posicion (dispositivoid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada, positiontype)
VALUES (_dipositivoid, _mensajeid, _fechahora, _longitud, _latitud, _altura, _velocidad, _direccion, 0, _descripcion, 0, 0, 1, 4219724);
SELECT COUNT(*) INTO #existss FROM posicion_current WHERE dispositivoid = _dispositivoid
IF (#existss > 0) THEN
UPDATE posicion_current SET posicionid = LAST_INSERT_ID(), mensajeid = _mensajeid, fechahora = _fechahora, longitud = _longitud, latitud = _latitud,
altura = _altura, velocidad = _velocidad, direccion = _direccion, resultadoid = 0, descripcion = _descripcion, gpsweek = 0, gpsseconds = 0, notificacionenviada = 1
WHERE dispositivoid = _dispositivoid;
ELSE
INSERT INTO posicion_current (dispositivoid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada)
VALUES (_dipositivoid, _mensajeid, _fechahora, _longitud, _latitud, _altura, _velocidad, _direccion, 0, _descripcion, 0, 0, 1);
END IF;
UPDATE dispositivo SET ultimoMensaje = _fechahora, fechanotificacion = NOW() WHERE dispositivoid = _dispositivoid;
INSERT INTO mensajedescripcion (mensajeid, fechahora, dispositivoid, secuencia) VALUES (_mensajeid, _fechahora, _dispositivoid, 0);


Change the COUNT(*)...IF...UPDATE...ELSE...INSERT into
INSERT ... ON DUPLICATE KEY UPDATE ...
That will be faster and simpler.

Related

Update Set - Syntax error (missing operator) in query expression

I am getting this error:
Syntax error (missing operator) in query expression '10'
My code:
string MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age =" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
System.Data.OleDb.OleDbCommand o_command3 = new System.Data.OleDb.OleDbCommand(MySQL3, o_con);
o_con.Open();
o_command3.ExecuteNonQuery();
o_con.Close();
BTW I know my code is prone to SQL Injection attack, but this is for my school project so it doesn't really matter.

The problem is here
age =" + Request.Form["age"] + "+ "'
It should be
age =" + Request.Form["age"] + ", pass =
and
MySQL3 += " Where uName ='" + Session["uname"];
should be
MySQL3 += " Where uName ='" + Session["uname"] +"'";

String MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age ='" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
Just try above code.
Hope this will helps.

Can't get the SQL query to work with variables b/c of syntax errors

String query = "insert into course_data values(null," + CourseName + ","
+ SCrsDesrpTemp + "," + CrsDes + "," + crsurl + ","
+ youtube + "," + sqlStrDate + "," + crsduration + ","
+ CrsImg + "," + "'Open2Study', 'Free', 'English', 'Yes'," + CrsImgUni + date + ")";
I keep getting syntax errors. The variable names are strings that hold values from scraped websites. I printed them out and they work fine, they all are of type string. But for some reason, I keep getting syntax error in the SQL query.

When presented to the database like this, string (and date) values need to be in single quotes.
String query = "insert into course_data values(null,'" + CourseName + "','"
+ SCrsDesrpTemp + "','" + CrsDes + "','" + crsurl + "','"
+ youtube + "','" + sqlStrDate + "','" + crsduration + "','"
+ CrsImg + "'," + "'Open2Study', 'Free', 'English', 'Yes','" + CrsImgUni + date + "')";
The last part may be incorrect "CrsImgUni + date" and you may need to ensure that dates are formatted correctly.
See also What is SQL injection?

Ole db Query error missing operator

i'm currently making a guide tool. i connected to my accdb file and all works fine.
Now i want wo select the Name of Monster who drops item XY.
the monster has 19 drop fields , namen from a_item_0 to a_item_19.
my query is:
string query = "SELECT a_name FROM waffen WHERE a_item_0= "
+ textBox21.Text + "' OR a_item_1= '" + textBox21.Text
+ "' OR a_item_2= '" + textBox21.Text + "' OR a_item_3 = '"
+ textBox21.Text + "' OR a_item_4= '" + textBox21.Text
+ "' OR a_item_5= '" + textBox21.Text + "' OR a_item_6= '"
+ textBox21.Text + "' OR a_item_7 = '"
+ textBox21.Text + "' OR a_item_8 = '" + textBox21.Text
+ "' OR a_item_9 = '" + textBox21.Text + "' OR a_item_10 = '"
+ textBox21.Text + "' OR a_item_11 = '" + textBox21.Text
+ "' OR a_item_12 = '" + textBox21.Text + "' OR a_item_13 = '"
+ textBox21.Text + "' OR a_item_14 = '" + textBox21.Text
+ "' OR a_item_15 = '" + textBox21.Text + "' OR a_item_16 = '"
+ textBox21.Text + "' OR a_item_17 = '" + textBox21.Text + "' OR a_item_18 = '"
+ textBox21.Text + "' OR a_item_19 = '" + textBox21.Text + ";";
Maybe someone sees the error i look for more than 2 hours now...

I think you've missed the first and last string delimiters
string query = "SELECT a_name FROM waffen WHERE a_item_0= '" + textBox21.Text
+ "' OR a_item_1= '" + textBox21.Text + "' OR a_item_2= '" + textBox21.Text
+ "' OR a_item_3 = '" + textBox21.Text + "' OR a_item_4= '" + textBox21.Text
+ "' OR a_item_5= '" + textBox21.Text + "' OR a_item_6= '" + textBox21.Text
+ "' OR a_item_7 = '" + textBox21.Text + "' OR a_item_8 = '" + textBox21.Text
+ "' OR a_item_9 = '" + textBox21.Text + "' OR a_item_10 = '" + textBox21.Text
+ "' OR a_item_11 = '" + textBox21.Text + "' OR a_item_12 = '" + textBox21.Text
+ "' OR a_item_13 = '" + textBox21.Text + "' OR a_item_14 = '" + textBox21.Text
+ "' OR a_item_15 = '" + textBox21.Text + "' OR a_item_16 = '" + textBox21.Text
+ "' OR a_item_17 = '" + textBox21.Text + "' OR a_item_18 = '" + textBox21.Text
+ "' OR a_item_19 = '" + textBox21.Text + "';";

Looks like you might be missing the very first singe-quote in your query string.
WHERE a_item_0= '" + textBox21.Text + "'

update query and calculation part in GRN

String status = "active", nit = "", grniid = "", sumn = "";
try {
Connection ss = Class_DB.myconnection();
Statement st = ss.createStatement();
ResultSet rs = st.executeQuery("select stock_in_hand from item_supplier where item_ID =('" + TF_GRN_ITEMID.getSelectedItem() + "')");
grniid = TF_GRN_NO_OF_ITEM.getText();
int aa = Integer.parseInt(grniid);
while (rs.next()) {
nit = rs.getString("stock_in_hand");
}
int bb = Integer.parseInt(nit);
sumn = grniid + nit;
int cc = Integer.parseInt(sumn);
st.executeUpdate("insert into grn1 values('" + TF_GRN_GRNNO.getText() + "','" + TF_GRN_SUPPLIERID.getSelectedItem() + "','" + TF_GRN_AMOUNT.getText() + "','" + TF_GRN_DATE.getText() + "')");
st.executeUpdate("insert into grn2 values('" + TF_GRN_GRNNO.getText() + "','" + TF_GRN_ITEMID.getSelectedItem() + "','" + TF_GRN_EXP_DATE.getText() + "','" + TF_GRN_TAX.getText() + "','" + TF_GRN_NO_OF_ITEM.getText() + "','" + TF_GRN_GAMOUNT.getText() + "','" + TF_GRN_NAMOUNT.getText() + "','" + TF_GRN_QTY.getText() + "','" + TF_GRN_UNIT.getText() + "','" + TF_GRN_FREE.getText() + "','" + TF_GRN_DIS.getText() + "')");
st.executeUpdate("update item_supplier set stock_in_hand='" + cc + "' where item_ID='" + TF_GRN_ITEMID.getSelectedItem() + "'");
JOptionPane.showMessageDialog(null, "Data Saved");
clearing();
} catch (Exception ex) {
JOptionPane.showMessageDialog(null, "There is some error.Please contact admin");
ex.printStackTrace();
}
This is the GRN Query. GRN stands for Good Receive Note.
When we recieve Goods/Items from the supplier the company receives a GRN.
The Details of the items will be included in the GRN.
These data/details will be inserted in GRN1 table, GRN2 table and item_Supplier table will be updated according to it.
nit is the variable, using item_id table and item supplier table, stock in hand will be retrieved.
bb is the variable used to pass nit to an integer.
grnid is No of items which we type in the interface will be included in grnidvariable.
aa is the variable used to pass grnid to integer.
class_DB - connection class of the database.
Our problem is
1) he is inserted to GRN1 and GRN2 tables, but item_supplier table is not updated.
2) We want to know if our calculation is correct or not.

DataAdapter.Update() doesn't work to update

my sql statments are as follows
the insert statement only works
update and delete statements don't work
Purchase_InvoiceNo is a primary key column of Purchase table
i get this value like this and insert its value to PurchaseProduct table
"SELECT IDENT_CURRENT ('Purchase') AS [Purchase_InvoiceNo]"
string deletecmd_PurchaseProduct =
#"DELETE FROM PurchaseProduct " +
"PurchaseProduct_No=#PurchaseProduct_No and "+
"Purchase_InvoiceNo=#Purchase_InvoiceNo ";
string updatcmd_PurchaseProduct =
"UPDATE PurchaseProduct "
+ " SET "
+ " PurchaseProduct_SerialNo =#PurchaseProduct_SerialNo"
+ ", Purchase_InvoiceNo =#Purchase_InvoiceNo"
+ ", ProductNo =#ProductNo"
+ " PurchaseProduct_Quantity =#PurchaseProduct_Quantity "
+ ", PurchaseProduct_Unit =#PurchaseProduct_Unit"
+ ", PurchaseProduct_Price =#PurchaseProduct_Price"
+ " Where "
+ " PurchaseProduct_No=#PurchaseProduct_No";
string insertcmd_PurchaseProduct = "INSERT INTO PurchaseProduct" +
"(" +
" PurchaseProduct_SerialNo"+
",Purchase_InvoiceNo" +
",ProductNo" +
",PurchaseProduct_Quantity " +
",PurchaseProduct_Price" +
",PurchaseProduct_Unit" + //6
")" +
"Values" +
"(" +
" #PurchaseProduct_SerialNo"+
",#Purchase_InvoiceNo" +
",#ProductNo " +
",#PurchaseProduct_Quantity " +
",#PurchaseProduct_Price" +
",#PurchaseProduct_Unit" + //6
");";

Your Delete command appears to be incomplete:
string deletecmd_PurchaseProduct =
#"DELETE FROM PurchaseProduct " +
"PurchaseProduct_No=#PurchaseProduct_No and "+
"Purchase_InvoiceNo=#Purchase_InvoiceNo ";
should be:
string deletecmd_PurchaseProduct =
#"DELETE FROM PurchaseProduct WHERE" +
"PurchaseProduct_No=#PurchaseProduct_No and "+
"Purchase_InvoiceNo=#Purchase_InvoiceNo ";
I can't see why the INSERT should fail unless you're inserting a duplicate primary key value or you're not inserting data into a non-nullable field which does not have a default.
string updatcmd_PurchaseProduct =
"UPDATE PurchaseProduct "
+ "SET PurchaseProduct_SerialNo = #PurchaseProduct_SerialNo, "
+ "Purchase_InvoiceNo = #Purchase_InvoiceNo, "
+ "ProductNo = #ProductNo, "
+ "PurchaseProduct_Quantity = #PurchaseProduct_Quantity, "
+ "PurchaseProduct_Unit = #PurchaseProduct_Unit, "
+ "PurchaseProduct_Price = #PurchaseProduct_Price "
+ "Where PurchaseProduct_No = #PurchaseProduct_No";
There was a missing comma above.