Try
MySqlConn.Open()
Dim Query = "Select * From venuesdb.cost where EventDate >= ('" & DateTimePicker1.Text & "') AND =< ('" & DateTimePicker2.Text & "')"
Command = New MySqlCommand(Query, MySqlConn)
SQLDataAdapter.SelectCommand = Command
SQLDataAdapter.Fill(DatabaseDatSet)
Bindsource.DataSource = DatabaseDatSet
DataGridView1.DataSource = Bindsource
SQLDataAdapter.Update(DatabaseDatSet)
MySqlConn.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
MySqlConn.Dispose()
I keep getting error saying that there is a SQL error here '>= ('" & DateTimePicker2 & " ')'
Your syntax is incorrect, you can either use between without <= and >=(mind symbol sequence in the operators):
Dim Query = "select *
from venuesdb.cost
where EventDate between '" & DateTimePicker1.Text & "' AND '" & DateTimePicker2.Text & "'"
or specify field each time you specify condition:
Dim Query = "select *
from venuesdb.cost
where EventDate >= '" & DateTimePicker1.Text & "' AND EventDate <= '" & DateTimePicker2.Text & "'"
You missed a EventDate in your query. Change your code to this:
Dim Query = "Select * From venuesdb.cost where EventDate >= ('" & DateTimePicker1.Text & "') AND EventDate =< ('" & DateTimePicker2.Text & "')"
Also, you should use parameters in your query to avoid SQL-injection attacks. You can read more about it in this SO question.
Related
This is a practicum attendance management system. I'm only using one button to make the attendance work.
Dim query2 As String = "UPDATE attendance att, practicum prac SET att.LastName = prac.LastName, att.FirstName = prac.FirstName WHERE att.PracticumID = prac.PracticumID"
Try
If TextBox1.Text = "" Then
MessageBox.Show("retry")
Else
reloadtxt("SELECT * FROM practicum WHERE PracticumID = '" & TextBox1.Text & "'")
If dt.Rows.Count > 0 Then
reloadtxt("SELECT * FROM attendance WHERE PracticumID = '" & TextBox1.Text & "' AND DATE = '" & logdate _
& "' AND AM_Status = 'OUT'")
If dt.Rows.Count > 0 Then
MessageBox.Show("you've had enough for this day", "attention", MessageBoxButtons.OK, MessageBoxIcon.Information)
Else
reloadtxt("SELECT * FROM attendance WHERE PracticumID = '" & TextBox1.Text & "' AND AM_Status = 'IN'")
If dt.Rows.Count > 0 Then
Dim amout As String = "UPDATE attendance SET TimeLogOut_AM = '" & timeout_am & "', AM_Status = 'Out' WHERE PracticumID = '" & TextBox1.Text & "'"
Dim QueryString2 As String = String.Concat(amout, ";", query2)
updates(QueryString2)
load_PracticumAttendance()
MessageBox.Show("AM TimeOut")
Else
Dim amin As String = "INSERT INTO attendance (PracticumID, Date, TimeLogIn_AM, AM_Status) " _
& " VALUES ('" & TextBox1.Text & "', '" & logdate & "', '" & timein_am & "', 'IN')"
Dim QueryString As String = String.Concat(amin, ";", query2)
create(QueryString)
load_PracticumAttendance()
MessageBox.Show("AM TimeIn")
End If
End If
Else
End If
End If
this is my sample output
Now, how will I make it to have an output on TimeIn - PM and TimeOut - PM? I mean, for example, a practicum will time in by 8am then time out at 12nn. Then they will have a lunch break in which after that, they will time in again by 1pm then out by 5pm. I'm using the PracticumID to input it to the textbox. How do I make it possible to make an attendance afterlunch? because I can only do time in and time out in the morning.
Good day! Can someone help me fix my code? I would like to show an error message if there is a duplication of record. For example, I entered a username "admin" but it is already in my database so it should show a message saying "Username already exists!". Otherwise, If the username isn't used yet then it will be added in my database. I'm using Visual Studio 2005 and Navicat for MySQL
Here is my code:
conn.Open()
Dim qadd As String = "SELECT * FROM tbl_user WHERE uname='" & txt_uname.Text & "'"
Dim cmd As New MySqlCommand(qadd, conn)
Dim data As MySqlDataReader = cmd.ExecuteReader
If data.Read Then
If data(0) = txt_uname.Text Then
MsgBox("User " & data(0) & " already exists! ", MsgBoxStyle.Critical)
Else
Dim qstr As String = "INSERT INTO tbl_user (uname, pword, ulvl) VALUES ('" & txt_uname.Text & "' , '" & txt_pword1.Text & "' , '" & txt_pword2.Text & "') ON DUPLICATE KEY UPDATE uname = '" & txt_uname.Text & "'"
Dim cm As New MySqlCommand(qstr, conn)
Dim dat As MySqlDataReader = cm.ExecuteReader
MsgBox("User has been added!", MsgBoxStyle.Information)
txt_uname.Clear()
txt_pword1.Clear()
txt_pword2.Clear()
txt_uname.Focus()
End If
End If
conn.Close()
Still a lot of room for improvement, and I typed this out on my phone with no syntax checking, but think it should get you heading in the right direction. Things for you to read up on is parametrising your query/insert statements and the Using keyword which can help with managing your db connections.
Dim qadd As String = "SELECT Count(uname) FROM tbl_user WHERE uname='" & txt_uname.Text & "'"
Dim cmd As New MySqlCommand(qadd, conn)
Dim userCounter as int = cmd.ExecuteScaler
if userCounter > 0 then
MsgBox("User " & data(0) & " already exists! ", MsgBoxStyle.Critical)
Else
Dim qstr As String = "INSERT INTO tbl_user (uname, pword, ulvl) VALUES ('" & txt_uname.Text & "' , '" & txt_pword1.Text & "' , '" & txt_pword2.Text & "') ON DUPLICATE KEY UPDATE uname = '" & txt_uname.Text & "'"
Dim cm As New MySqlCommand(qstr, conn)
Dim dat As MySqlDataReader = cm.ExecuteReader
MsgBox("User has been added!", MsgBoxStyle.Information)
txt_uname.Clear()
txt_pword1.Clear()
txt_pword2.Clear()
txt_uname.Focus()
End If
I'm having a problem about my code, i already tried to put the specified table for each column, In which part of my code was having a problem?
clientid = clientid.Substring(0, 3)
rnd = random.Next(100, 999)
clientid = clientid & "-" & Format(Now, "MMdd") & "-" & rnd
query = "SELECT COUNT(*) FROM tbl_clients WHERE clients_Record_Num ='" & clientid & "'"
sqlcmd = New MySqlCommand(query, conn)
chkclientid = sqlcmd.ExecuteScalar()
While chkclientid > 0
clientid = clientid.Substring(0, 3)
rnd = random.Next(100, 999)
clientid = clientid & "-" & Format(Now, "MMdd") & "-" & rnd
query = "SELECT COUNT(*) FROM tbl_clients WHERE clients_record_num ='" & clientid & "'"
sqlcmd = New MySqlCommand(query, conn)
chkclientid = sqlcmd.ExecuteScalar()
End While
query = "Insert into tbl_clients(clients_record_num,clients_client_id,clients_name,clients_contact_number,clients_address,clients_industry,clients_status,clients_delegate,clients_notes) values ('" & clientid.Substring(0, 3) &_ "-" & dttime & "-" & rnd &_ "','" & clientid & _
"', '" & txtClientName.Text & "','" & txtClientContactNum.Text & "','" & txtClientAddress.Text & _
"','" & cmbIndustry.Text & "', '" & cmbStatus.Text & "', '" & cmbDelegate.Text & "','" & txtNotes.Text & "','0')"
sqlCommand.Connection = conn
sqlCommand.CommandText = query
sqlCommand.ExecuteNonQuery()
As #jmcilhinney commented, change your insert query to use parameters as it will be easier to read and to ensure that the number of values matches the number of columns.
Here's some 'template' code for you to expand on:
Dim InsertCmdText As String =
"Insert into tbl_clients(clients_record_num,clients_client_id,clients_name,clients_contact_number,clients_address,clients_industry,clients_status,clients_delegate,clients_notes) " &
"values (#clients_record_num,#clients_client_id,#clients_name,#clients_contact_number,#clients_address,#clients_industry,#clients_status,#clients_delegate,#clients_notes)"
Dim SqlConnectionString As String = "Your Connection Info"
Using cmd As New SqlCommand(InsertCmdText, New SqlConnection(SqlConnectionString))
Try
cmd.Parameters.AddWithValue("#clients_record_num", "Value Needed")
cmd.Parameters.AddWithValue("#clients_client_id", "Value Needed")
cmd.Parameters.AddWithValue("#clients_name", "Value Needed")
'repeat above for all params
cmd.Connection.Open()
cmd.ExecuteNonQuery()
Catch ex As Exception
'Handle your exception
Finally
cmd.Connection.Close()
End Try
End Using
Alternatively use Parameters.Add instead of AddWithValue. For discussion on merits of each, see SqlCommand Parameters Add vs. AddWithValue
i'm having a problem i insert a value it will show a error:
incorrect integer value: "for column 'student_no' at row 1
this is the code
Try
MySqlConnection.Open()
Dim query As String
query = " insert into mcs.payment(student_no, mode, registration_fee, miscellaneous_fee, tuition_fee, ptca_fee, computer_fee, user) values ('" & lblstudentno.Text & "', '" & ComboBox1.Text & "','" & txtregfee.Text & "', '" & txtmisfee.Text & "', '" & txttuitionfee.Text & "', '" & txtptcafee.Text & "', '" & txtcompfee.Text & "', '" & lbluser.Text & "') "
Dim Command As New MySqlCommand(query, MySqlConnection)
READER = Command.ExecuteReader
MessageBox.Show("OK")
Catch ex As Exception
MessageBox.Show(ex.Message)
Finally
MySqlConnection.Dispose()
End Try
can you help me???
The student_no is an integer column but you try to insert a string value in it.
"'" & lblstudentno.Text & "'"
You just need to remove those single quotes and it will insert an integer... of course I assuming that the lblstudentno.Text is a number (other column may also raise errors).
HOWEVER You should NEVER build a query like this because it will leave the door open for SQL injection. Parameterized queries is the right way to handle sql queries.
Within Access, I am trying to build a WHERE clause with a Max(Date) functionality, but it is not working. Any help would be greatly appreciated.
strSQL1 = "Update tTbl_LoginSessions SET fldLogoutEvent = '" & Now() & "'" & _
" WHERE fldUserName = " & IntMSIDAutoNum And fldLoginEvent = MAX(fldLoginEvent)
fldLoginEvent is the date/time in which the User Logged in
fldLogoutEvenr is the date/time in which the User will be logged out
The most obvious correction:
strSQL1 = "Update tTbl_LoginSessions SET fldLogoutEvent = '" & _
Now() & "'" & " WHERE fldUserName = " & IntMSIDAutoNum & _
" And fldLoginEvent = (select top 1 fldLoginEvent from " & _
" tTbl_LoginSessions )"