System.Data.SqlClient.SqlException Unclosed quotation mark after the character string - mysql

Every time I run this code for putting some Student information, when I click to save it, there are always appear messsage in cmd.Executenonquery()..please help of this..
Imports System.Collections.ObjectModel
Imports System.Data.SqlClient
Imports System.Data
Public Class SI
Dim con As New SqlConnection With {.ConnectionString = "Server=Danica-pc; database=SI;user=dandan;pwd=danica;"}
Dim cmd As New SqlCommand
Dim query As String
Dim stuid, i As Integer
Dim studentID As Integer
Dim StudentBindingSource As Object
Dim TableAdapterManager As Object
Private Sub StudentBindingNavigatorSaveItem_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
Me.Validate()
Me.StudentBindingSource.EndEdit()
Me.TableAdapterManager.UpdateAll(Me.SIDataSet)
End Sub
Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Kasarian.Click
End Sub
Private Sub SI_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'TODO: This line of code loads data into the 'SIDataSet.Studentinfo' table. You can move, or remove it, as needed.
Me.StudentinfoTableAdapter.Fill(Me.SIDataSet.Studentinfo)
End Sub
Private Sub getData()
i = DataGridView1.CurrentCell.RowIndex()
studentID = i
End Sub
Private Sub dataReload()
familynem.Clear()
middlenem.Clear()
givennem.Clear()
usename.Clear()
accpass.Clear()
confirmpass.Clear()
Try
Dim sql As String = "Select * from Studentinfo"
Dim myAdapter As New SqlDataAdapter(sql, con)
con.Open()
Dim myDataset As New DataSet()
myAdapter.Fill(myDataset, "SI")
DataGridView1.DataSource = myDataset
DataGridView1.DataMember = "SI"
DataGridView1.SelectionMode = DataGridViewSelectionMode.FullRowSelect
con.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
End Sub
Private Sub famliynem_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles familynem.TextChanged
End Sub
Private Sub stat_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles stat.SelectedIndexChanged
End Sub
Private Sub HomeToolStripMenuItem_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles HomeToolStripMenuItem.Click
Home.Show()
Me.Hide()
End Sub
Private Sub EventsToolStripMenuItem_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles EventsToolStripMenuItem.Click
EventsForm.Show()
Me.Hide()
End Sub
Private Sub ProductsToolStripMenuItem_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ProductsToolStripMenuItem.Click
Products.Show()
Me.Hide()
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cancel.Click
Home.Show()
Me.Close()
End
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles save.Click
Dim genderval As String
Dim birthdate As String
birthdate = bday.Value.ToString()
If babae.Checked = True Then
genderval = "Female"
Else
genderval = "Male"
End If
query = "insert into studentinfo(Lastname,Firstname,middlename,birthdate,gender,username)""values('" & familynem.Text & "','" & givennem.Text & "','" & middlenem.Text & "','" & birthdate & "','" & genderval & "','" & usename.text & "')"
con.Open()
cmd = New SqlCommand(query, con)
*cmd.ExecuteNonQuery()*
con.Close()
dataReload()
user.Show()
Me.Hide()
End Sub
End Class

You have an unwanted "" in this line:
query = "insert into studentinfo(Lastname,Firstname,middlename,birthdate,gender,username)""values('" & familynem.Text & "','" & givennem.Text & "','" & middlenem.Text & "','" & birthdate & "','" & genderval & "','" & usename.text & "')"
Also, I recommend that you look into using SQL parameters to pass the values:
Edit: You can use SQL parameters by replacing this code:
query = "insert into studentinfo(Lastname,Firstname,middlename,birthdate,gender,username)""values('" & familynem.Text & "','" & givennem.Text & "','" & middlenem.Text & "','" & birthdate & "','" & genderval & "','" & usename.text & "')"
con.Open()
cmd = New SqlCommand(query, con)
*cmd.ExecuteNonQuery()*
con.Close()
with:
Using conn As New SqlConnection("YOUR CONNECTION STRING")
Dim query = "INSERT INTO studentinfo(Lastname,Firstname,middlename,birthdate,gender,username) VALUES(#familynem, #givennem, #middlenem, #birthdate, #genderval, #usename)"
Using cmd As New SqlCommand(query, conn)
cmd.Parameters.AddWithValue("#familynem", familynem.Text)
cmd.Parameters.AddWithValue("#givennem", givennem.Text)
cmd.Parameters.AddWithValue("#middlenem", middlenem.Text)
cmd.Parameters.AddWithValue("#birthdate", birthdate)
cmd.Parameters.AddWithValue("#genderval", genderval.Text)
cmd.Parameters.AddWithValue("#usename", usename.Text)
conn.Open()
cmd.ExecuteNonQuery()
conn.Close()
End Using
End Using
The Using constructs take care of calling .Dispose() for you, and you should not have connections hanging around. SQL parameters help prevent SQL injection attacks, and stop the query from breaking if you have a name like O'Reilly, where the apostrophe would be a problem.

Related

Invalid attempt to access a field before calling Read() with MySql at answer.text = dr(1) or question.text =dr(3) when click get password

Imports MySql.Data.MySqlClient
Public Class Forgot_Password_form
Dim con As New MySqlConnection("host=localhost;username=root;password=system;database=bike")
Dim cmd As New MySqlCommand
Dim dr As MySqlDataReader
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
con.Open()
cmd.Connection = con
cmd.CommandText = "select * from login where userid='" & useridtxt.Text & "'and question='" & question.Text & "'and answer='" & answertxt.Text & "'"
dr = cmd.ExecuteReader
If Not dr Is Nothing Then
dr.Read()
answer.Text = dr(1)
dr.Close()
End If
Catch ex As Exception
MessageBox.Show("UserID or answer is incorrect")
End Try
con.Close()
End Sub
Private Sub Exit__Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Exit_.Click
End
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Login_Menu.Show()
Me.Hide()
End Sub
Private Sub useridtxt_LostFocus(ByVal sender As Object, ByVal e As System.EventArgs) Handles useridtxt.LostFocus
Try
con.Open()
cmd.Connection = con
cmd.CommandText = "select * from login where userid='" & useridtxt.Text & "'"
dr = cmd.ExecuteReader
If Not dr Is Nothing Then
dr.Read()
question.Text = dr(3)
dr.Close()
End If
Catch ex As Exception
End Try
End Sub
End Class

Connecting phpmyadmin

Can anyone help me solve this SQL error?
And how do I connect it to my database in phpmyadmin using xampp?
Feel free to correct my code if you think something is wrong with it.
Imports System.Data.SqlClient
Imports MySql.Data.MySqlClient
Public Class Form1
Dim con As SqlConnection
Dim com As SqlCommand
Private Sub Form1_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
con = New SqlConnection
con = New SqlCommand
con.ConnectionString = "initial catalog=student;user id=sa;pwd="
con.Open()
con.Connection = con
End Sub
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
If TextBox1.Text = " " Or TextBox2.Text = " " Or TextBox3.Text = " " Then
MsgBox("Please fill all the details")
Exit Sub
End If
com.CommandText = "insert into stud values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "')"
com.ExecuteNonQuery()
MsgBox("1 record is stored successfully")
TextBox1.Clear()
TextBox2.Clear()
TextBox3.Clear()
End Sub
End Class
You should use MySqlConnection, not SqlConnection. SqlConnection is used for SQL Server. It can be downloaded from Nuget packages.

Cannot process using parameterized inserting

I got exception, column cannot be null, Did not save to my database.
Private Sub save_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles save.Click
con.close()
con.open()
cmd = New Odbc.OdbcCommand("INSERT INTO db.table(firstname,lastname) VALUES(#f1,#f2)", con)
cmd.Parameters.AddWithValue("#f1", textboxfirstname.Text)
cmd.Parameters.AddWithValue("#f2", textboxlastname.Text)
cmd.ExecuteNonQuery()
End Sub
But If I will use this code its working
Private Sub save_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles save.Click
con.close()
con.open()
cmd = New Odbc.OdbcCommand("INSERT INTO db.table(firstname) VALUES('" & textboxfirstname.Text & "')", con)
cmd.ExecuteNonQuery()
End Sub

How to read next from my database sql

I have an application of image loader, but what I want is to have a procedure for next and previous button so that I can view them one by one.
Private Sub Search_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles txtsearch.Click
Try
disconnect()
connect()
cmd = New Odbc.OdbcCommand("Select * FROM tblemployee WHERE lname ='" & Trim(TextBox1.Text.TrimEnd()) & "' OR fname ='" & Trim(TextBox1.Text.TrimEnd()) & "'", con)
dr = cmd.ExecuteReader
If dr.Read() Then
Dim bytBLOBData() As Byte = dr("emp_pix")
Dim stmBLOBData As New MemoryStream(bytBLOBData)
PictureBox1.Image = Image.FromStream(stmBLOBData)
Else
MessageBox.Show("No Information Record, Please Last Name only!")
End If
Catch ex As Exception
Debug.WriteLine("Please try again" & ex.Message)
End Try
End Sub
How can I manipulate for next and previous button?
Private Sub Next_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Next.Click
end sub
'Do Here
Private Sub Previous_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Previous.Click
end sub
'Do Here

connecting the log in form in vb.net (adodb.connection usage)

I have this code in log in form, but I don't know the use of adodb.connection, please anyone help me to fix it. I don't know why the word adodb to me has an zigzag error line.
Imports System.Collections.ObjectModel
Imports System.Data
Imports System.Data.SqlClient
Public Class LoginForm1
Dim rs_login As New adodb.Recordset
Dim cn_login As New adodb.Connection
Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
rs_login = cn_login.Execute("select * from dbo.studentinfo where [Username] = '" & UsernameTextBox.Text & "' And [Password] = '" & PasswordTextBox.Text & "'")
If rs_login.RecordCount = 0 Then
MsgBox("Invalid Username!", MsgBoxStyle.Information + MsgBoxStyle.OkOnly)
Exit Sub
Else
rs_login = cn_login.Execute("select * from dbo.USERPASS where [Username] = '" & UsernameTextBox.Text & "' And [Password] = '" & PasswordTextBox.Text & "'")
If rs_login.RecordCount = 0 Then
MsgBox("Invalid Username", MsgBoxStyle.Information + MsgBoxStyle.OkOnly)
Exit Sub
Else
user.Show()
Me.Close()
End If
End If
End Sub
Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cancel.Click
Me.Close()
Home.Show()
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
SI.Show()
Me.Close()
End Sub
Private Sub LoginForm1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
With cn_login
.CursorLocation = ADODB.CursorLocationEnum.adUseClient
.Provider = "SQLOLEDB.1"
.CommandTimeout = 0
Dim con As New SqlConnection With {.ConnectionString = "Server=Danica-pc; database=SI;user=dandan;pwd=danica;"}
.Open()
End With
End Sub
End Class
You are using a database access code written for VBA. Probably for MS Access. In VB.NET this works very differently. You would use this Imports statement:
Imports System.Data.SqlClient
In VB.NET you would do something like this
Const StandardSecurityConnection As String = _
"Server=Danica-pc;Database=SI;User Id=dandan;Password=danica;"
Const TrustedConnection As String = _
"Server=Danica-pc;Database=SI;Trusted_Connection=True;"
Using conn As New SqlConnection(StandardSecurityConnection) 'Or TrustedConnection
Dim sql As String = _
"SELECT * FROM dbo.studentinfo WHERE Username = #usr AND Password = #pwd"
Using command As New SqlCommand(sql, conn)
command.Parameters.AddWithValue("#usr", UsernameTextBox.Text)
command.Parameters.AddWithValue("#pwd", PasswordTextBox.Text)
conn.Open()
Using dr As SqlDataReader = command.ExecuteReader()
Dim userCol AS Integer = dr.GetOrdinal("Username")
Dim pwdCol AS Integer = dr.GetOrdinal("Password")
While dr.Read()
ConSole.WriteLine("User = {0}, Password = {1}",
dr.GetString(userCol), dr.GetString(pwdCol))
End While
End Using
End Using
End Using