All my parameters that are string types are working fine. I know that
the code on my reghrs parameter declaration is wrong but I just don't
know how to fix it. For the string types I put ".Text" after the
control name; however I don't have the option to put this after a
control where the parameter is inserting into a decimal type.
On Oct 31, 2:33 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
> What's it doing when you try to read from a text box? Your code just
> has reghrs being assigned to itself, which doesn't accomplish anything
> right now:
> Dim reghrs As Decimal = reghrs
>
> On Oct 31, 12:16 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
>
>
> > Okay, so I changed my code to use parameters and I do not get any
> > errors when I click the Submit; however I have four fields(decimal
> > types) in my table that are not getting updated. The data that I want
> > to update these fields with comes from textboxes. I know that my
> > declaration is somehow wrong for my parameters for the decimal fields
> > but I can't figure out how to fix them. The parameters are glacct,
> > reghrs, othrs and othhrs. My corresponding textbox controls are
> > "GLAcct", "RegHRS", "OTHrs", "OthHrs". What syntax do I need to use
> > in my declaration to have it pull the value for the textbox control?
> > It won't let me use glacct.text, etc.
>
> > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > System.EventArgs) Handles Button1.Click
>
> > Dim oConn As New
> > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > Dim sql As New System.Data.SqlClient.SqlCommand()
>
> > Dim empl As Decimal = EmplID1.Text
> > Dim wedate As Decimal = 20081030
> > Dim wkno As Decimal = DD_week.SelectedValue
> > Dim dywk As Decimal = DD_DayofWeek.SelectedValue
> > Dim job As String = jobno.Text
> > Dim glacct As Decimal = glacct
> > Dim costcode As String = DD_CostCode.SelectedValue
> > Dim reghrs As Decimal = reghrs
> > Dim othrs As Decimal = othrs
> > Dim othhrs As Decimal = othhrs
> > Dim oth_type As String = DD_OthHourType.SelectedValue
>
> > sql.Connection = oConn
> > oConn.Open()
> > sql.Parameters.AddWithValue("empl", empl)
> > sql.Parameters.AddWithValue("wedate", wedate)
> > sql.Parameters.AddWithValue("wkno", wkno)
> > sql.Parameters.AddWithValue("dywk", dywk)
> > sql.Parameters.AddWithValue("job", job)
> > sql.Parameters.AddWithValue("glacct", glacct)
> > sql.Parameters.AddWithValue("costcode", costcode)
> > sql.Parameters.AddWithValue("reghrs", reghrs)
> > sql.Parameters.AddWithValue("othrs", othrs)
> > sql.Parameters.AddWithValue("othhrs", othhrs)
> > sql.Parameters.AddWithValue("oth_type", oth_type)
>
> > sql.CommandText = "INSERT into
> > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > INOVHR, INOTHR, INOTTY)
> > values(@empl,@wedate,@wkno,@dywk,@job,@glacct,@costcode,@reghrs,
> > @othrs,@othhrs,@oth_type)"
> > sql.ExecuteNonQuery()
> > oConn.Close()
>
> > End Sub
>
> > On Oct 31, 10:02 am, CK <[EMAIL PROTECTED]> wrote:
>
> > > change your sql statement to be:
>
> > > "INSERT into
> > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI, INRGHR,
> > > INOVHR, INOTHR, INOTTY) values(@ineeno, @indtwe, @inwkno... etc)"
>
> > > Then do the following:
> > > cmd.Parameters.Add(new SqlParameter("@ineeno", EmplID1.Text))
>
> > > for each parameter (this may not be the right VB syntax, am a C# guy)
>
> > > On 31 Oct, 14:53, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > I've been looking for the proper code to use to use parameters in my
> > > > insert statement but am not having any luck. Could you suggest a
> > > > website for me to get this information? Also, should I be using a
> > > > dataset instead of accessing my database directly? I'm not sure of
> > > > the guidelines on when you should/shouldn't use a dataset.
>
> > > > On Oct 30, 5:14 pm, Joe Enos <[EMAIL PROTECTED]> wrote:
>
> > > > > First of all - classic sql injection attack-prone - switch to a
> > > > > parametrized command or stored proc.
>
> > > > > Second - shouldn't be difficult to debug - just step through it, find
> > > > > out what the value of cmd.CommandText is, and dump it into your
> > > > > database program - Management Studio or Query Analyzer, etc. You'll
> > > > > probably find a missing single-quote or something like that.
>
> > > > > On Oct 30, 3:09 pm, Imstac <[EMAIL PROTECTED]> wrote:
>
> > > > > > I added an SQL insert statement to a button on my web form and when
> > > > > > I
> > > > > > debug I get the error: "Incorrect syntax near ',' " I've been over
> > > > > > and over the code and can't figure out the problem. Could someone
> > > > > > please take a look at my code and let me know if you see anything
> > > > > > wrong?
>
> > > > > > Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
> > > > > > System.EventArgs) Handles Button1.Click
> > > > > > Dim oConn As New
> > > > > > System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("CMSConnectionString").ConnectionString)
> > > > > > Dim cmd As New System.Data.SqlClient.SqlCommand()
> > > > > > cmd.Connection = oConn
> > > > > > oConn.Open()
> > > > > > cmd.CommandText = "INSERT into
> > > > > > Timecard(INEENO,INDTWE,INWKNO,INDYWK, INJBNO, INGLAN, INJCDI,
> > > > > > INRGHR,
> > > > > > INOVHR, INOTHR, INOTTY) values(" & EmplID1.Text & ",'" &
> > > > > > DatePicker1.TextValue & "'," & DD_week.Text & "," &
> > > > > > DD_DayofWeek.Text
> > > > > > & ",'" & jobno.Text & "','" & GLAcct.Text & "','" &
> > > > > > DD_CostCode.Text &
> > > > > > "'," & RegHrs.Text & ", " & OTHrs.Text & "," & OthHrs.Text & ",'" &
> > > > > > DD_OthHourType.Text & "')"
> > > > > > cmd.ExecuteNonQuery()
> > > > > > oConn.Close()
>
> > > > > > End Sub- Hide quoted text -
>
> > > > > - Show quoted text -- Hide quoted text -
>
> > > > - Show quoted text -- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
