Stuggling a bit here. Trying to develop the code to link user input into my database, in the form of a book record. for example the user would be asked to enter their name address etc. But the code I have used does not seem to execute because I continually get the same error.
Line 12: Dim con As New SqlConnection
Line 13: Dim inscmd As New SqlCommand
Line 14: con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("Database.My.MySettings.Database1ConnectionString1").ConnectionString
Line 15: con.Open()
Line 16: inscmd.CommandText = ("insert into booking values('" + txtfirstname.Text + "', " + txtSurname.Text + "', " + txtAddressline1.Text + "', " + txtAddressline2.Text + "', " + txtPostcode.Text + "', " + txtTime.Text + "', " + txtPeople.Text + "', " + txtDropoff1.Text + "', " + txtDropoff2.Text + "', " + txtDropoffpost.Text + "")
It is line 14 that contains the error but I dont know why. This is my code;
Protected Sub btnsubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnsubmit.Click
Dim con As New SqlConnection
Dim inscmd As New SqlCommand
con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("Database.My.MySettings.Database1ConnectionString1").ConnectionString
con.Open()
inscmd.CommandText = ("insert into booking values('" + txtfirstname.Text + "', " + txtSurname.Text + "', " + txtAddressline1.Text + "', " + txtAddressline2.Text + "', " + txtPostcode.Text + "', " + txtTime.Text + "', " + txtPeople.Text + "', " + txtDropoff1.Text + "', " + txtDropoff2.Text + "', " + txtDropoffpost.Text + "")
Print(inscmd.CommandText)
inscmd.Connection = con
inscmd.ExecuteNonQuery()
con.Close()
inscmd.Parameters.Clear()
MsgBox("Your booking has been successfully")
con.Close()
End Sub
Hopefully this will help you ( insert your code where need to )
Dim con As New SqlConnection
Dim myConString As String = getSQLString() ' GET YOUR CON String
' my function looks like this when returned
"Server=ServerExactLocationPath;Database=DataBase;User Id=UserName;Password=Password;"
Dim objcommand As SqlCommand = New SqlCommand
'con.ConnectionString = myConString
With objcommand
.Connection = con
Dim cmdText As String = ""
cmdText = "Insert into SitesStatus (SiteNumber,StatusName,Date,ByUser) values ('" & site & "','" & status & "','" & System.DateTime.Today.ToString("MM/dd/yyyy") & "','" & dbUiInitials & "')"
'PUT YOUR INSERT ABOVE
.CommandText = cmdText
End With
con.ConnectionString = myConString
con.Open()
objcommand.ExecuteNonQuery()
con.Close()
Catch ex As Exception
End Try
Return Nothing
insert into booking values('" + txtfirstname.Text + "', " + txtSurname.Text + "', " + txtAddressline1.Text + "', " + txtAddressline2.Text + "', " + txtPostcode.Text + "', " + txtTime.Text + "', " + txtPeople.Text + "', " + txtDropoff1.Text + "', " + txtDropoff2.Text + "', " + txtDropoffpost.Text + "
should be
insert into booking values('" + txtfirstname.Text + "', '" + txtSurname.Text + "', '" + txtAddressline1.Text + "', '" + txtAddressline2.Text + "', '" + txtPostcode.Text + "', " + txtTime.Text + "', '" + txtPeople.Text + "', '" + txtDropoff1.Text + "', '" + txtDropoff2.Text + "', '" + txtDropoffpost.Text + "')"
You should use the connection string wizard in the Project Settings window. Then try the test connection button, Make sure the type of the setting is ConnectionString
You should be able to get the connection string using this syntax if things are set up right.
con.ConnectionString = my.Settings.Database1ConnectionString1
strSQL = "INSERT INTO user_account_details" & _
"(lastname,firstname,middlename,usertype,reg_date_time,status)" & _
" VALUES ( " & _
" '" & txtLName.Text & "', " & _
" '" & txtFName.Text & "' , " & _
" '" & txtMName.Text & "' , " & _
" '" & cboUserType.Text & "' , " & _
" '#" & Now & "#', " & _
" 'Inactive' " & _
")"
Related
I am getting this error:
Syntax error (missing operator) in query expression '10'
My code:
string MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age =" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
System.Data.OleDb.OleDbCommand o_command3 = new System.Data.OleDb.OleDbCommand(MySQL3, o_con);
o_con.Open();
o_command3.ExecuteNonQuery();
o_con.Close();
BTW I know my code is prone to SQL Injection attack, but this is for my school project so it doesn't really matter.
The problem is here
age =" + Request.Form["age"] + "+ "'
It should be
age =" + Request.Form["age"] + ", pass =
and
MySQL3 += " Where uName ='" + Session["uname"];
should be
MySQL3 += " Where uName ='" + Session["uname"] +"'";
String MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age ='" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
Just try above code.
Hope this will helps.
I want to insert data in two different table on button click. So there are 2 insert queries with different credentials. The first insert query working properly but second is not executing. Here what I tried.
Try
Dim str1 As String = "INSERT INTO yogaClasses (`yogaID`,`name`, `category`, `websiteName`, `email`, `phone1`, `phone2`, `mobileNumber`, `buildingName`, `streetName`, `landmark`, `areaName`, `city`, `State`, `zipCode`, `address`, slotTime1From, `slotTime1To`, `slotTime2From`, `slotTime2To`, fees, `overview`, `establishment`, `newBatchStart`, `yogaType`, `facilities`, payment, `status`, `username`, `password`) values ('" + ID + "','" + name + "', '" + businessCategory + "', '" + website + "', '" + email + "', '" + phoneNo1 + "', '" + phoneNo2 + "', '" + mobileNumber + "', '" + building + "', '" + street + "', '" + landpoint + "', '" + area + "', '" + city + "', '" + stateName + "', '" + zipCode + "', '" + fulladdress + "', '" + slot1A + "', '" + slot1B + "', '" + slot2A + "', '" + slot2B + "', '" + feesPay + "', '" + about + "', '" + foundYear + "', '" + startnewBatch + "', '" + selectedYoga + "', '" + selectedFacility + "', '" + payments + "', 'active', '" + mobileNumber + "', '" + membersAutoPassword.Text + "')"
Dim str2 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str1
command.Connection = con
adapter.SelectCommand = command
con.Open()
str2 = command.ExecuteReader
con.Close()
Response.Redirect("business-added.aspx")
Catch ex As Exception
Response.Write(ex)
End Try
Try
Dim str2 As String = "INSERT INTO yogaAgeGroup (`6-15`, `16-20`, `21-25`, `26-30`, `31-35`, `35+`, `yogaID`) values('" + ageup1.Text + "', '" + ageup2.Text + "', '" + ageup3.Text + "', '" + ageup4.Text + "', '" + ageup5.Text + "', '" + ageup6.Text + "', '" + TextId.Text + "')"
Dim str3 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str2
command.Connection = con
adapter.SelectCommand = command
con.Open()
str3 = command.ExecuteReader
con.Close()
Catch ex As Exception
Response.Write(ex)
End Try
The second query not executing. What I am doing wrong in this? Or Is it possible to execute both query in one?
Problem (in your 1st query)
con.Close()
Response.Redirect("business-added.aspx")
Move this line after second query con.Close()
Response.Redirect("business-added.aspx")
Because this line will redirect you to another page, so the rest of code won't be execute
I'm new to MS Access. This is a basic stuff. I'm doing an edit button in MS Access forms, but I keep getting runtime errors. Here it is the code:
CurrentDb.Execute " UPDATE FLIGHT SET " & _
"STD= ' " & Me.Text3 & " ' " & _
",Destination = ' " & Me.Text5 & " ' " & _
",Remark = ' " & Me.Text7 & " ' " & _
",ETD = ' " & Me.Text9 & " ' " & _
",ATD = ' " & Me.Text11 & " ' " & _
",OFBL = ' " & Me.Text13 & " ' " & _
",CAR= ' " & Me.Text15 & " ' " & _
",Nature = ' " & Me.Text17 & " ' " & _
",REG_N0 = ' " & Me.Text19 & " ' " & _
"WHERE FLIGHT_NR = " & Me.Text0
flightsubform.Form.Requery
Is the Field FLIGHT_NR a integer field (1,145) or a text field (KQ145)?
If its a integer field you might need to change your Where statement to capture Me.Text0 as an integer as below:
" WHERE FLIGHT_NR = " & int(Me.Text0)
If its a text field you might need to add quotes around your Me.Text0 value to capture it as text:
" WHERE FLIGHT_NR = " & " ' " & Me.Text0 & " ' "
Edit:
Change your code for debugging as follows:
My_SqlText = " UPDATE FLIGHT SET " & _
"STD= ' " & Me.Text3 & " ' " & _
",Destination = ' " & Me.Text5 & " ' " & _
",Remark = ' " & Me.Text7 & " ' " & _
",ETD = ' " & Me.Text9 & " ' " & _
",ATD = ' " & Me.Text11 & " ' " & _
",OFBL = ' " & Me.Text13 & " ' " & _
",CAR= ' " & Me.Text15 & " ' " & _
",Nature = ' " & Me.Text17 & " ' " & _
",REG_N0 = ' " & Me.Text19 & " ' " & _
" WHERE FLIGHT_NR = " & " ' " & Me.Text0 & " ' "
Debug.print My_SqlText 'Will print it to immediate window for inspection
CurrentDb.Execute My_SqlText
UPDATE FLIGHT SET STD= ' 4:55:00 PM ' ,Destination = ' ATH ' ,Remark = ' DEP ' ,ETD = ' ' ,ATD = ' 5:15:00 PM ' ,OFBL = ' 5:05:00 PM ' ,CAR= ' A3 ' ,Nature = ' J ' ,REG_N0 = ' ZA_A309 ' WHERE FLIGHT_NR = ' A3 847 '
UPDATE FLIGHT SET STD= ' 4:55:00 PM ' ,Destination = ' ATH ' ,Remark = ' DEP ' ,ETD = ' ' ,ATD = ' 5:15:00 PM ' ,OFBL = ' 5:05:00 PM ' ,CAR= ' A3 ' ,Nature = ' J ' ,REG_N0 = ' ZA_A309 ' WHERE FLIGHT_NR = ' A3 847 '
I'm getting the title error when attempting to execute the following:
sInsertInto = "INSERT INTO 5why (date, op_id, serial, why1, why2, why3, why4, why5, root_cause, lessons) VALUES (" + _
"'" + f_date + "', " + _
"'eccross', " + _
" '" + f_partnum + "', " + _
" '" + f_first + "', " + _
" '" + f_second + "', " + _
" '" + f_third + "', " + _
" '" + f_fourth + "', " + _
" '" + f_fifth + "', " + _
" '" + f_root + "'" + _
" '" + f_lessons + "'" + _
")"
The value count should be fine here; but its not for whatever reason and I cannot get this error to resolve.
You seem to be missing a comma, specifically after the f_root line. I would think this would be a syntax error due to the two strings 'f_root' 'f_lessons', but I guess not.
Your query is vulnerable to injection. You should be using parameterized queries with prepared statements. Depending upon the variable values, this may also be the problem.
Can someone help me how to check if my database is already been update after I make an edit, here are my codes.. my code is just to make an edit and after that update it on the database, what I dont know is how to check if the update happen..
Dim dT As DataTable = MyDB.ExecCommand("SELECT `Field Name` FROM `tblfield` ORDER BY `Field Order`", "wellsfargo").Tables(0)
For i As Integer = 1 To flp.Controls.Count - 1
Application.DoEvents()
Dim xHead As uHead = DirectCast(flp.Controls(0), uHead)
Dim xCont As uControl = DirectCast(flp.Controls(i), uControl)
Dim sSQL As String = ""
Dim dZ As DataTable = MyDB.ExecCommand("SELECT * FROM `" + MyJob + "` WHERE `Record Number`='" + rNum + _
"' AND `Line Number`='" + xCont.lblLine.Text.Trim.Replace("'", "\'") + "'", "wellsfargo").Tables(0)
If dZ.Rows.Count <> 0 Then
sSQL = "UPDATE `" & MyJob & "` SET "
sSQL = sSQL + "`Orig Document Begin ID`='" + xHead.txtOrigBegDoc.Text.Trim + "'"
sSQL = sSQL + ",`Orig Document End ID`='" + xHead.txtOrigEndDoc.Text.Trim + "'"
sSQL = sSQL + ",`Beg Doc`='" + xHead.txtBegDoc.Text.Trim + "'"
sSQL = sSQL + ",`End Doc`='" + xHead.txtEndDoc.Text.Trim + "'"
sSQL = sSQL + ",`Loan Number`='" + xHead.txtLoan.Text.Trim + "'"
sSQL = sSQL + ",`Page Count`='" + xHead.txtPage.Text.Trim + "'"
sSQL = sSQL + ",`Path`='" + xHead.txtPath.Text.Trim + "'"
sSQL = sSQL + ",`File Number`='" + xHead.txtFileNumber.Text.Trim + "'"
sSQL = sSQL + ",`Settlement`='" + xHead.txtDate.Text.Trim + "'"
sSQL = sSQL + ",`Long and Foster`='" + xHead.txtLaF.Text.Trim + "'"
sSQL = sSQL + ",`Comment`='" + xHead.txtComm.Text.Trim + "'"
sSQL = sSQL + ",`Description`='" + xCont.cboDesc.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL + ",`Amount`='" + xCont.txtAmount.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL + ",`Payee`='" + xCont.txtPayee.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL + ",`Borrower`='" + xCont.txtBorrower.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL + ",`Seller`='" + xCont.txtSeller.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL + ",`Prosperity Borrower`='" + xCont.txtPBorrower.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL + ",`Prosperity Seller`='" + xCont.txtPSeller.Text.Trim.Replace("'", "\'") + "'"
sSQL = sSQL & " WHERE `Record Number` = '" & rNum & _
"' AND `Line Number`='" + xCont.lblLine.Text.Trim.Replace("'", "\'") + "'"
MyDB.ExecQuery(sSQL, "wellsfargo")
Else
Dim sColumn As String = ""
For z As Integer = 0 To dT.Rows.Count - 1
If z = 0 Then
sColumn = "`" & dT.Rows(z).Item(0).ToString & "`"
Else
sColumn = sColumn & ",`" & dT.Rows(z).Item(0).ToString & "`"
End If
Next
sSQL = "INSERT INTO `" + MyJob + "` (" + sColumn + ") VALUES (" + _
"'" + rNum + "'," + _
"'" + xHead.txtOrigBegDoc.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtOrigEndDoc.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtBegDoc.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtEndDoc.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtLoan.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtPage.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtPath.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtFileNumber.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtDate.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtLaF.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xHead.txtComm.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.lblLine.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.cboDesc.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.txtAmount.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.txtPayee.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.txtBorrower.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.txtSeller.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.txtPBorrower.Text.Trim.Replace("'", "\'") + "'," + _
"'" + xCont.txtPSeller.Text.Trim.Replace("'", "\'") + "')"
MyDB.ExecQuery(sSQL, "wellsfargo")
End If
Next
MsgBox("Record successfully modified!", MsgBoxStyle.Information, Me.Text)
Usually not too much sense to check - exception will be thrown if something was going wrong.
You can wrap it into stored procedure and check ##rowcount variable.
Or really just make new select to read changing data.