Thanks. I have my insert code set up now using parameters however
when I debug it gives me the error "must declare variable empl". I
have empl declared so I'm not sure why it is giving me this error.
Also, the value of my parameter 'glacct' needs to come my textbox
control 'GLacct"; however it will not let me put "glacct.text" for the
value...how do I assigned the value of this parameter to my textbox
control. Here is my code:
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim oConn As New
System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
Dim sql As New System.Data.SqlClient.SqlCommand()
Dim cmd As New System.Data.SqlClient.SqlCommand("sql", oConn)
Dim empl As Decimal = EmplID1.Text
Dim wedate As Decimal = 20081030
Dim wkno As Decimal = DD_week.SelectedValue
Dim dywk As Decimal = DD_DayofWeek.SelectedValue
Dim job As String = jobno.Text
Dim glacct As Decimal = glacct
Dim costcode As String = DD_CostCode.SelectedValue
Dim reghrs As Decimal = reghrs
Dim othrs As Decimal = othrs
Dim othhrs As Decimal = othhrs
Dim oth_type As String = DD_OthHourType.SelectedValue
sql.Connection = oConn
oConn.Open()
cmd.Parameters.AddWithValue("empl", empl)
cmd.Parameters.AddWithValue("wedate", wedate)
cmd.Parameters.AddWithValue("wkno", wkno)
cmd.Parameters.AddWithValue("dywk", dywk)
cmd.Parameters.AddWithValue("job", job)
cmd.Parameters.AddWithValue("glacct", glacct)
cmd.Parameters.AddWithValue("costcode", costcode)
cmd.Parameters.AddWithValue("reghrs", reghrs)
cmd.Parameters.AddWithValue("othrs", othrs)
cmd.Parameters.AddWithValue("othhrs", othhrs)
cmd.Parameters.AddWithValue("oth_type", oth_type)
sql.CommandText = "INSERT into
Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
INOVHR, INOTHR, INOTTY)
values(@empl,@wedate,@wkno,@dywk,@job,@glacct,@costcode,@reghrs,
@othrs,@othhrs,@oth_type)"
sql.ExecuteNonQuery()
oConn.Close()
End Sub
Thanks.
On Oct 31, 10:02 am, CK <[EMAIL PROTECTED]> wrote:
> change your sql statement to be:
>
> "INSERT into
> Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> INOVHR, INOTHR, INOTTY) values(@ineeno, @indtwe, @inwkno... etc)"
>
> Then do the following:
> cmd.Parameters.Add(new SqlParameter("@ineeno", EmplID1.Text))
>
> for each parameter (this may not be the right VB syntax, am a C# guy)
>
> On 31 Oct, 14:53, Imstac <[EMAIL PROTECTED]> wrote:
>
>
>
> > I've been looking for the proper code to use to use parameters in my
> > insert statement but am not having any luck. Could you suggest a
> > website for me to get this information? Also, should I be using a
> > dataset instead of accessing my database directly? I'm not sure of
> > the guidelines on when you should/shouldn't use a dataset.
>
> > On Oct 30, 5:14 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
>
> > > First of all - classic sql injection attack-prone - switch to a
> > > parametrized command or stored proc.
>
> > > Second - shouldn't be difficult to debug - just step through it, find
> > > out what the value of cmd.CommandText is, and dump it into your
> > > database program - Management Studio or Query Analyzer, etc. You'll
> > > probably find a missing single-quote or something like that.
>
> > > On Oct 30, 3:09 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > I added an SQL insert statement to a button on my web form and when I
> > > > debug I get the error: "Incorrect syntax near ',' " I've been over
> > > > and over the code and can't figure out the problem. Could someone
> > > > please take a look at my code and let me know if you see anything
> > > > wrong?
>
> > > > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > > > System.EventArgs) Handles Button1.Click
> > > > Dim oConn As New
> > > > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > > > Dim cmd As New System.Data.SqlClient.SqlCommand()
> > > > cmd.Connection = oConn
> > > > oConn.Open()
> > > > cmd.CommandText = "INSERT into
> > > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > > > INOVHR, INOTHR, INOTTY) values(" & EmplID1.Text & ",'" &
> > > > DatePicker1.TextValue & "'," & DD_week.Text & "," & DD_DayofWeek.Text
> > > > & ",'" & jobno.Text & "','" & GLAcct.Text & "','" & DD_CostCode.Text &
> > > > "'," & RegHrs.Text & ", " & OTHrs.Text & "," & OthHrs.Text & ",'" &
> > > > DD_OthHourType.Text & "')"
> > > > cmd.ExecuteNonQuery()
> > > > oConn.Close()
>
> > > > End Sub- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
