Is "reghrs" the name of a variable or the name of the textbox? You're
using it as a variable, so you can't have both. If it's really the
name of your textbox, then you'll need to call your variable something
else. It looks like your variable is hiding the textbox from the
compiler.
On Oct 31, 12:45 pm, Imstac <[EMAIL PROTECTED]> wrote:
> Yes, I know that is wrong but I don't what it needs to be. When the
> parameter is for a field that is a string type I can put the ".text"
> after the control to pull the value but for decimal types it won't let
> me do this. For the reghrs parameter it should be equal to my textbox
> control named 'reghrs'. but when I key in reghrs. the list does not
> have a text function or a value function. I'm not sure how to
> reference my textbox control for decimal types.
>
> On Oct 31, 2:33 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
>
> > What's it doing when you try to read from a text box? Your code just
> > has reghrs being assigned to itself, which doesn't accomplish anything
> > right now:
> > Dim reghrs As Decimal = reghrs
>
> > On Oct 31, 12:16 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > Okay, so I changed my code to use parameters and I do not get any
> > > errors when I click the Submit; however I have four fields(decimal
> > > types) in my table that are not getting updated. The data that I want
> > > to update these fields with comes from textboxes. I know that my
> > > declaration is somehow wrong for my parameters for the decimal fields
> > > but I can't figure out how to fix them. The parameters are glacct,
> > > reghrs, othrs and othhrs. My corresponding textbox controls are
> > > "GLAcct", "RegHRS", "OTHrs", "OthHrs". What syntax do I need to use
> > > in my declaration to have it pull the value for the textbox control?
> > > It won't let me use glacct.text, etc.
>
> > > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > > System.EventArgs) Handles Button1.Click
>
> > > Dim oConn As New
> > > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > > Dim sql As New System.Data.SqlClient.SqlCommand()
>
> > > Dim empl As Decimal = EmplID1.Text
> > > Dim wedate As Decimal = 20081030
> > > Dim wkno As Decimal = DD_week.SelectedValue
> > > Dim dywk As Decimal = DD_DayofWeek.SelectedValue
> > > Dim job As String = jobno.Text
> > > Dim glacct As Decimal = glacct
> > > Dim costcode As String = DD_CostCode.SelectedValue
> > > Dim reghrs As Decimal = reghrs
> > > Dim othrs As Decimal = othrs
> > > Dim othhrs As Decimal = othhrs
> > > Dim oth_type As String = DD_OthHourType.SelectedValue
>
> > > sql.Connection = oConn
> > > oConn.Open()
> > > sql.Parameters.AddWithValue("empl", empl)
> > > sql.Parameters.AddWithValue("wedate", wedate)
> > > sql.Parameters.AddWithValue("wkno", wkno)
> > > sql.Parameters.AddWithValue("dywk", dywk)
> > > sql.Parameters.AddWithValue("job", job)
> > > sql.Parameters.AddWithValue("glacct", glacct)
> > > sql.Parameters.AddWithValue("costcode", costcode)
> > > sql.Parameters.AddWithValue("reghrs", reghrs)
> > > sql.Parameters.AddWithValue("othrs", othrs)
> > > sql.Parameters.AddWithValue("othhrs", othhrs)
> > > sql.Parameters.AddWithValue("oth_type", oth_type)
>
> > > sql.CommandText = "INSERT into
> > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > > INOVHR, INOTHR, INOTTY)
> > > values(@empl,@wedate,@wkno,@dywk,@job,@glacct,@costcode,@reghrs,
> > > @othrs,@othhrs,@oth_type)"
> > > sql.ExecuteNonQuery()
> > > oConn.Close()
>
> > > End Sub
>
> > > On Oct 31, 10:02 am, CK <[EMAIL PROTECTED]> wrote:
>
> > > > change your sql statement to be:
>
> > > > "INSERT into
> > > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > > > INOVHR, INOTHR, INOTTY) values(@ineeno, @indtwe, @inwkno... etc)"
>
> > > > Then do the following:
> > > > cmd.Parameters.Add(new SqlParameter("@ineeno", EmplID1.Text))
>
> > > > for each parameter (this may not be the right VB syntax, am a C# guy)
>
> > > > On 31 Oct, 14:53, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > > I've been looking for the proper code to use to use parameters in my
> > > > > insert statement but am not having any luck. Could you suggest a
> > > > > website for me to get this information? Also, should I be using a
> > > > > dataset instead of accessing my database directly? I'm not sure of
> > > > > the guidelines on when you should/shouldn't use a dataset.
>
> > > > > On Oct 30, 5:14 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
>
> > > > > > First of all - classic sql injection attack-prone - switch to a
> > > > > > parametrized command or stored proc.
>
> > > > > > Second - shouldn't be difficult to debug - just step through it,
> > > > > > find
> > > > > > out what the value of cmd.CommandText is, and dump it into your
> > > > > > database program - Management Studio or Query Analyzer, etc. You'll
> > > > > > probably find a missing single-quote or something like that.
>
> > > > > > On Oct 30, 3:09 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > > > > I added an SQL insert statement to a button on my web form and
> > > > > > > when I
> > > > > > > debug I get the error: "Incorrect syntax near ',' " I've been
> > > > > > > over
> > > > > > > and over the code and can't figure out the problem. Could someone
> > > > > > > please take a look at my code and let me know if you see anything
> > > > > > > wrong?
>
> > > > > > > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > > > > > > System.EventArgs) Handles Button1.Click
> > > > > > > Dim oConn As New
> > > > > > > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > > > > > > Dim cmd As New System.Data.SqlClient.SqlCommand()
> > > > > > > cmd.Connection = oConn
> > > > > > > oConn.Open()
> > > > > > > cmd.CommandText = "INSERT into
> > > > > > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI,
> > > > > > > INRGHR,
> > > > > > > INOVHR, INOTHR, INOTTY) values(" & EmplID1.Text & ",'" &
> > > > > > > DatePicker1.TextValue & "'," & DD_week.Text & "," &
> > > > > > > DD_DayofWeek.Text
> > > > > > > & ",'" & jobno.Text & "','" & GLAcct.Text & "','" &
> > > > > > > DD_CostCode.Text &
> > > > > > > "'," & RegHrs.Text & ", " & OTHrs.Text & "," & OthHrs.Text & ",'"
> > > > > > > &
> > > > > > > DD_OthHourType.Text & "')"
> > > > > > > cmd.ExecuteNonQuery()
> > > > > > > oConn.Close()
>
> > > > > > > End Sub- Hide quoted text -
>
> > > > > > - Show quoted text -- Hide quoted text -
>
> > > > > - Show quoted text -- Hide quoted text -
>
> > > > - Show quoted text -- Hide quoted text -
>
> > - Show quoted text -
>
>
