Okay, so I changed my code to use parameters and I do not get any
errors when I click the Submit; however I have four fields(decimal
types) in my table that are not getting updated. The data that I want
to update these fields with comes from textboxes. I know that my
declaration is somehow wrong for my parameters for the decimal fields
but I can't figure out how to fix them. The parameters are glacct,
reghrs, othrs and othhrs. My corresponding textbox controls are
"GLAcct", "RegHRS", "OTHrs", "OthHrs". What syntax do I need to use
in my declaration to have it pull the value for the textbox control?
It won't let me use glacct.text, etc.
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim oConn As New
System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
Dim sql As New System.Data.SqlClient.SqlCommand()
Dim empl As Decimal = EmplID1.Text
Dim wedate As Decimal = 20081030
Dim wkno As Decimal = DD_week.SelectedValue
Dim dywk As Decimal = DD_DayofWeek.SelectedValue
Dim job As String = jobno.Text
Dim glacct As Decimal = glacct
Dim costcode As String = DD_CostCode.SelectedValue
Dim reghrs As Decimal = reghrs
Dim othrs As Decimal = othrs
Dim othhrs As Decimal = othhrs
Dim oth_type As String = DD_OthHourType.SelectedValue
sql.Connection = oConn
oConn.Open()
sql.Parameters.AddWithValue("empl", empl)
sql.Parameters.AddWithValue("wedate", wedate)
sql.Parameters.AddWithValue("wkno", wkno)
sql.Parameters.AddWithValue("dywk", dywk)
sql.Parameters.AddWithValue("job", job)
sql.Parameters.AddWithValue("glacct", glacct)
sql.Parameters.AddWithValue("costcode", costcode)
sql.Parameters.AddWithValue("reghrs", reghrs)
sql.Parameters.AddWithValue("othrs", othrs)
sql.Parameters.AddWithValue("othhrs", othhrs)
sql.Parameters.AddWithValue("oth_type", oth_type)
sql.CommandText = "INSERT into
Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
INOVHR, INOTHR, INOTTY)
values(@empl,@wedate,@wkno,@dywk,@job,@glacct,@costcode,@reghrs,
@othrs,@othhrs,@oth_type)"
sql.ExecuteNonQuery()
oConn.Close()
End Sub
On Oct 31, 10:02 am, CK <[EMAIL PROTECTED]> wrote:
> change your sql statement to be:
>
> "INSERT into
> Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> INOVHR, INOTHR, INOTTY) values(@ineeno, @indtwe, @inwkno... etc)"
>
> Then do the following:
> cmd.Parameters.Add(new SqlParameter("@ineeno", EmplID1.Text))
>
> for each parameter (this may not be the right VB syntax, am a C# guy)
>
> On 31 Oct, 14:53, Imstac <[EMAIL PROTECTED]> wrote:
>
>
>
> > I've been looking for the proper code to use to use parameters in my
> > insert statement but am not having any luck. Could you suggest a
> > website for me to get this information? Also, should I be using a
> > dataset instead of accessing my database directly? I'm not sure of
> > the guidelines on when you should/shouldn't use a dataset.
>
> > On Oct 30, 5:14 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
>
> > > First of all - classic sql injection attack-prone - switch to a
> > > parametrized command or stored proc.
>
> > > Second - shouldn't be difficult to debug - just step through it, find
> > > out what the value of cmd.CommandText is, and dump it into your
> > > database program - Management Studio or Query Analyzer, etc. You'll
> > > probably find a missing single-quote or something like that.
>
> > > On Oct 30, 3:09 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > I added an SQL insert statement to a button on my web form and when I
> > > > debug I get the error: "Incorrect syntax near ',' " I've been over
> > > > and over the code and can't figure out the problem. Could someone
> > > > please take a look at my code and let me know if you see anything
> > > > wrong?
>
> > > > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > > > System.EventArgs) Handles Button1.Click
> > > > Dim oConn As New
> > > > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > > > Dim cmd As New System.Data.SqlClient.SqlCommand()
> > > > cmd.Connection = oConn
> > > > oConn.Open()
> > > > cmd.CommandText = "INSERT into
> > > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > > > INOVHR, INOTHR, INOTTY) values(" & EmplID1.Text & ",'" &
> > > > DatePicker1.TextValue & "'," & DD_week.Text & "," & DD_DayofWeek.Text
> > > > & ",'" & jobno.Text & "','" & GLAcct.Text & "','" & DD_CostCode.Text &
> > > > "'," & RegHrs.Text & ", " & OTHrs.Text & "," & OthHrs.Text & ",'" &
> > > > DD_OthHourType.Text & "')"
> > > > cmd.ExecuteNonQuery()
> > > > oConn.Close()
>
> > > > End Sub- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
