What's it doing when you try to read from a text box? Your code just
has reghrs being assigned to itself, which doesn't accomplish anything
right now:
Dim reghrs As Decimal = reghrs
On Oct 31, 12:16 pm, Imstac <[EMAIL PROTECTED]> wrote:
> Okay, so I changed my code to use parameters and I do not get any
> errors when I click the Submit; however I have four fields(decimal
> types) in my table that are not getting updated. The data that I want
> to update these fields with comes from textboxes. I know that my
> declaration is somehow wrong for my parameters for the decimal fields
> but I can't figure out how to fix them. The parameters are glacct,
> reghrs, othrs and othhrs. My corresponding textbox controls are
> "GLAcct", "RegHRS", "OTHrs", "OthHrs". What syntax do I need to use
> in my declaration to have it pull the value for the textbox control?
> It won't let me use glacct.text, etc.
>
> Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> System.EventArgs) Handles Button1.Click
>
> Dim oConn As New
> System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> Dim sql As New System.Data.SqlClient.SqlCommand()
>
> Dim empl As Decimal = EmplID1.Text
> Dim wedate As Decimal = 20081030
> Dim wkno As Decimal = DD_week.SelectedValue
> Dim dywk As Decimal = DD_DayofWeek.SelectedValue
> Dim job As String = jobno.Text
> Dim glacct As Decimal = glacct
> Dim costcode As String = DD_CostCode.SelectedValue
> Dim reghrs As Decimal = reghrs
> Dim othrs As Decimal = othrs
> Dim othhrs As Decimal = othhrs
> Dim oth_type As String = DD_OthHourType.SelectedValue
>
> sql.Connection = oConn
> oConn.Open()
> sql.Parameters.AddWithValue("empl", empl)
> sql.Parameters.AddWithValue("wedate", wedate)
> sql.Parameters.AddWithValue("wkno", wkno)
> sql.Parameters.AddWithValue("dywk", dywk)
> sql.Parameters.AddWithValue("job", job)
> sql.Parameters.AddWithValue("glacct", glacct)
> sql.Parameters.AddWithValue("costcode", costcode)
> sql.Parameters.AddWithValue("reghrs", reghrs)
> sql.Parameters.AddWithValue("othrs", othrs)
> sql.Parameters.AddWithValue("othhrs", othhrs)
> sql.Parameters.AddWithValue("oth_type", oth_type)
>
> sql.CommandText = "INSERT into
> Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> INOVHR, INOTHR, INOTTY)
> values(@empl,@wedate,@wkno,@dywk,@job,@glacct,@costcode,@reghrs,
> @othrs,@othhrs,@oth_type)"
> sql.ExecuteNonQuery()
> oConn.Close()
>
> End Sub
>
> On Oct 31, 10:02 am, CK <[EMAIL PROTECTED]> wrote:
>
> > change your sql statement to be:
>
> > "INSERT into
> > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > INOVHR, INOTHR, INOTTY) values(@ineeno, @indtwe, @inwkno... etc)"
>
> > Then do the following:
> > cmd.Parameters.Add(new SqlParameter("@ineeno", EmplID1.Text))
>
> > for each parameter (this may not be the right VB syntax, am a C# guy)
>
> > On 31 Oct, 14:53, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > I've been looking for the proper code to use to use parameters in my
> > > insert statement but am not having any luck. Could you suggest a
> > > website for me to get this information? Also, should I be using a
> > > dataset instead of accessing my database directly? I'm not sure of
> > > the guidelines on when you should/shouldn't use a dataset.
>
> > > On Oct 30, 5:14 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
>
> > > > First of all - classic sql injection attack-prone - switch to a
> > > > parametrized command or stored proc.
>
> > > > Second - shouldn't be difficult to debug - just step through it, find
> > > > out what the value of cmd.CommandText is, and dump it into your
> > > > database program - Management Studio or Query Analyzer, etc. You'll
> > > > probably find a missing single-quote or something like that.
>
> > > > On Oct 30, 3:09 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > > I added an SQL insert statement to a button on my web form and when I
> > > > > debug I get the error: "Incorrect syntax near ',' " I've been over
> > > > > and over the code and can't figure out the problem. Could someone
> > > > > please take a look at my code and let me know if you see anything
> > > > > wrong?
>
> > > > > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > > > > System.EventArgs) Handles Button1.Click
> > > > > Dim oConn As New
> > > > > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > > > > Dim cmd As New System.Data.SqlClient.SqlCommand()
> > > > > cmd.Connection = oConn
> > > > > oConn.Open()
> > > > > cmd.CommandText = "INSERT into
> > > > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > > > > INOVHR, INOTHR, INOTTY) values(" & EmplID1.Text & ",'" &
> > > > > DatePicker1.TextValue & "'," & DD_week.Text & "," & DD_DayofWeek.Text
> > > > > & ",'" & jobno.Text & "','" & GLAcct.Text & "','" & DD_CostCode.Text &
> > > > > "'," & RegHrs.Text & ", " & OTHrs.Text & "," & OthHrs.Text & ",'" &
> > > > > DD_OthHourType.Text & "')"
> > > > > cmd.ExecuteNonQuery()
> > > > > oConn.Close()
>
> > > > > End Sub- Hide quoted text -
>
> > > > - Show quoted text -- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> > - Show quoted text -
>
>
