First of all - classic sql injection attack-prone - switch to a
parametrized command or stored proc.
Second - shouldn't be difficult to debug - just step through it, find
out what the value of cmd.CommandText is, and dump it into your
database program - Management Studio or Query Analyzer, etc. You'll
probably find a missing single-quote or something like that.
On Oct 30, 3:09 pm, Imstac <[EMAIL PROTECTED]> wrote:
> I added an SQL insert statement to a button on my web form and when I
> debug I get the error: "Incorrect syntax near ',' " I've been over
> and over the code and can't figure out the problem. Could someone
> please take a look at my code and let me know if you see anything
> wrong?
>
> Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> System.EventArgs) Handles Button1.Click
> Dim oConn As New
> System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> Dim cmd As New System.Data.SqlClient.SqlCommand()
> cmd.Connection = oConn
> oConn.Open()
> cmd.CommandText = "INSERT into
> Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> INOVHR, INOTHR, INOTTY) values(" & EmplID1.Text & ",'" &
> DatePicker1.TextValue & "'," & DD_week.Text & "," & DD_DayofWeek.Text
> & ",'" & jobno.Text & "','" & GLAcct.Text & "','" & DD_CostCode.Text &
> "'," & RegHrs.Text & ", " & OTHrs.Text & "," & OthHrs.Text & ",'" &
> DD_OthHourType.Text & "')"
> cmd.ExecuteNonQuery()
> oConn.Close()
>
> End Sub
