Cannot use insert statement in asp.net - asp.net

Please someone advise me. I am trying to make some error log in DB. I am writing the below query to insert data to table having 2 filednames only.
But I am getting error as:
Error starting at line : 1 in command -
INSERT INTO QISWEBLOG (DATETIME, MESSAGE) VALUES (
'2017/12/24 01:01:48',
Status ='0' INSPECTOPERATOR = '122018 ' INSPECTDATETIME = [20171201040930] MANAGEOPERATOR = [MIS] MANAGEDATETIME = [20171224130133] [StockGumUpdate Barcode] = [21T399--A02 BU60212CTBSID0]
)
Error at Command Line : 4 Column : 8
Error report -
SQL Error: ORA-00917: missing comma
00917. 00000 - "missing comma"
*Cause:
*Action:
My query is:
Dim text1 As String
text1 = "Status = '" & status & "' INSPECTOPERATOR = '" & inspectOperator & "' INSPECTDATETIME = '" & inspectDateTime & "' MANAGEOPERATOR = '" & manageOperator & "' MANAGEDATETIME = '" & manageDateTime & "' [StockGumUpdate Barcode] = '" & GridView1.Rows(index).Cells(1).Text & "'"
sqlStr = "INSERT INTO QISWEBLOG (DATETIME, MESSAGE)"
sqlStr = sqlStr & " VALUES ('" & Trim(CStr(Format(DateTime.Now,
"yyyy/MM/dd hh:mm:ss"))) & "','" & text1 & "')"
Please help where I am wrong.


You need to skip (or escape) all the single quotes in your text1 variable. To escape a single quote, you need to type it twice.
Status =''0'' etc...

Related

SSRS - CASE Expression with Parameter in SELECT

I have a report in Report Builder, SSRS. I need to add a CASE with Parameter in the SELECT Statement (PL/SQL).
The parameters are: #DateFrom, #DateTo, #Check.
If I hardcode the value (without parameter values) the my query is fine.
But if I code like the below I got error 'End of Statement expected'.
SELECT
....,
CASE
WHEN ( (ExpiryDate BETWEEN '" & UCase(Format(Parameters!DateFrom.Value,"dd-MMM-yyyy")) &"'
AND '" & UCase(Format(Parameters!DateTo.Value,"dd-MMM-yyyy")) &"'
)
AND Check IN ('" & Join(Parameters!Check.Value,"','") & "')
) THEN 'Current'
WHEN ((ExpiryDate <= '" & UCase(Format(Parameters!DateFrom.Value,"dd-MMM-yyyy")) & "') AND Check = 'Y') THEN 'Before'
WHEN ((ExpiryDate >= '" & UCase(Format(Parameters!DateTo.Value,"dd-MMM-yyyy")) & "') AND Check = 'Y') THEN 'After'
END as MyGroup,
...
FROM ...

Summary type Sum is not appropriate for column of type System.String error

I am getting this error whenever I try to run my project although the column isn't of type system.string. I have a page that is coded the same way with different numbers and it doesn't give me this error. This is my SQL string:
MyCompSqlString = "SELECT (KAIPRDDTA.F4102LA.IBPRP6)ColOne, (KAIPRDCOM.F0005.DRDL01)ColTwo, COUNT(KAIPRDDTA.F42119LA.SDSOQS*.01)ColThree, SUM(KAIPRDDTA.F42119LA.SDAEXP*.01*CXCRR)ColFour, count(SDDOC)ColFive, SUM(KAIPRDDTA.F42119LA.SDSOQS*.01)ColSix "
MyCompSqlString += "FROM KAIPRDDTA.F42119LA, KAIPRDDTA.F55311, KAIPRDCOM.F0005, KAIPRDDTA.F0015, KAIPRDDTA.F4102LA"
MyCompSqlString += "WHERE DRSY = '41' AND DRRT = '01' AND TRIM(DRKY) = IBPRP6 AND KAIPRDDTA.F42119LA.SDITM = KAIPRDDTA.F4102LA.IBITM AND KAIPRDDTA.F42119LA.SDMCU = KAIPRDDTA.F4102LA.IBMCU AND KAIPRDDTA.F42119LA.SDSLSM = KAIPRDDTA.F55311.TERR AND (KAIPRDDTA.F42119LA.SDIVD >= " & SDJ & ") AND (KAIPRDDTA.F42119LA.SDIVD <= " & EDJ & ") AND "
MyCompSqlString += "(KAIPRDDTA.F42119LA.SDSLSM > 0) AND (KAIPRDDTA.F42119LA.SDGLC NOT IN ('FT60', 'TXTX', 'IN20', 'INSP', 'INWC', 'INWR', 'INWS','',' ')) AND "
MyCompSqlString += "(trim(KAIPRDDTA.F42119LA.SDLNTY) NOT IN ('T', 'F', 'TX', 'TA', 'TS', 'RF', 'RP','BC')) AND (KAIPRDDTA.F42119LA.SDNXTR <> '999') AND (KAIPRDDTA.F42119LA.SDDCTO not in ('ST','CR','SR')) "
MyCompSqlString += "AND (KAIPRDDTA.F55311.VIEWID = '" & MyView & "') AND (SDAN8 <> 24157 and SDAN8 <> 152) AND ((SDTRDJ-1)=CXEFT) AND (SDBCRC=CXCRCD) AND (CXCRDC ='USD')"
MyCompSqlString += "GROUP BY KAIPRDDTA.F4102LA.IBPRP6, KAIPRDCOM.F0005.DRDL01"
and this is my summary row:
<ig:SummaryRow EmptyFooterText="" FormatString=" {1}" ShowSummariesButtons="false">
<ColumnSummaries>
<ig:ColumnSummaryInfo ColumnKey="ColThree">
<Summaries>
<ig:Summary SummaryType="Sum" />
</Summaries>
</ig:ColumnSummaryInfo>
<ig:ColumnSummaryInfo ColumnKey="ColFour">
<Summaries>
<ig:Summary SummaryType="Sum" />
</Summaries>
</ig:ColumnSummaryInfo>
<ig:ColumnSummaryInfo ColumnKey="ColFive">
<Summaries>
<ig:Summary CustomSummaryName="100.00%" />
</Summaries>
</ig:ColumnSummaryInfo>
<ig:ColumnSummaryInfo ColumnKey="ColTwo">
<Summaries>
<ig:Summary CustomSummaryName="Totals:" />
</Summaries>
</ig:ColumnSummaryInfo>
</ColumnSummaries>
Does anyone have any suggestions as to why it is giving me this error? Let me know if you need any more information and I will update my question. Thanks in advance for your responses

You have a group which is NULL. This error means not all of the values are integer. So this query must produce a NULL as a value on some of the rows.

how to fix input string was not in a correct format on login page .aspx.vb format

Dim userExists As Int32 = Convert
.ToInt32(ExecuteScallar_AJAY("SELECT Count(w02_TeacherID_child) "
& " FROM wUsers WHERE ( (LCase(w03_WebUserName) = '"
& userUsername.Trim.ToLower & "') "
& " AND (LCase(w04_WebUserPassword) = '"
& userPassword.Trim.ToLower & "') );", "vijay"))
How to fix input string was not in a correct format on login page .aspx.vb format?

SQL Server Data type change from Numeric(7,3) to Varchar(20)

I have a field (dose_str) that needs to be changed from Numeric(7,3) to Varchar(20). I would like to know if there will be a need to change the query below (especially this portion SELECT (convert(varchar,cast(Prot_det.dose_str as float)) ) in the code of my application.
myCommand.CommandText = "
SELECT (convert(varchar,cast(Prot_det.dose_str as float)) + ' '
+ dose_unit + ' ' + dose_form_comment + ' ' + dose_mult) as Dose_str
from
Prot_det,
dosage_form
where
Protocol_num = '" & lblProtocol.Text & "' and
nsc_num = " & lstNSC.SelectedValue & " and
prot_det.dose_form = dosage_form.dose_form"

After changing the datatype of the column, you will be able to change this:
(convert(varchar,cast(Prot_det.dose_str as float))
to this:
(Prot_det.dose_str)
And I would recommend that you do.

How can I ensure that only data entered gets inserted into the db?

Hello again and please forgive me for posting again. I do this when I realize I am having problem fixing it myself.
Please take a look at the code below. I was told by the individual that developed it originally that the code only adds the rows of data the user entered. In other words, there 5 rows of textboxes. A user can enter data into one row or into all 5 rows. If the user enters data into one row of textbox, that's what gets inserted into the db.
I made some minor change to the code so that users can tell when a payment is made by check or cash payment.
Since I made that change, whether a user enters data into one row or all 5 rows, all 5 rows get inserted into the db.
How can I modify this code to ensure only rows entered get inserted?
I am really,really sorry for bothering you guys again and many thanks for all your help.
For x = 1 To 5 Step 1
dedval = obr.FindControl("ded" & CStr(x))
chckvalflag = obr.FindControl("chck" & CStr(x))
checkboxval = obr.FindControl("chckBox" & CStr(x))
onetimeval = obr.FindControl("onetime" & CStr(x))
chcknumval = obr.FindControl("chcknum" & CStr(x))
multival = obr.FindControl("multi" & CStr(x))
*If (chckvalflag.Text <> "" Or chckvalflag.Text <> "0") And Not checkboxval.Checked Then
cashval = DirectCast(obr.FindControl("chck" & CStr(x)), TextBox).Text
chckval = ""
chcknumval.Text = "Cash Payment"
Else
chckval = DirectCast(obr.FindControl("chck" & CStr(x)), TextBox).Text
chcknumval = obr.FindControl("chcknum" & CStr(x))
End If*
If dedval.Text <> "-1" And donatechoice.SelectedItem.Value <> "No" Then
sql += "INSERT INTO Contribs (employee_id, charity_code, check_amt, chcknum, one_time, bi_weekly, cash, donate_choice, date_stamp) "
sql += "VALUES ('" & Replace(employee_idLabel.Text, "'", "''") & "','" & Replace(dedval.SelectedValue, "'", "''") & "','" & Replace(chckval, "'", "''") & "','" & Replace(chcknumval.Text, "'", "''") & "','" & Replace(onetimeval.Text, "'", "''") & "','" & multival.Text & "','" & Replace(cashval, "'", "''") & "','" & Replace(donatechoice.SelectedItem.Value, "'", "''") & "','" & Replace(datestamp, "'", "''") & "');"
End If
If donatechoice.SelectedItem.Value = "No" Then
x = 6
sql += "INSERT INTO Contribs (employee_id, charity_code, check_amt, chcknum, one_time, bi_weekly, cash, donate_choice, date_stamp) "
sql += "VALUES ('" & Replace(employee_idLabel.Text, "'", "''") & "','" & Replace(dedval.SelectedValue, "'", "''") & "','" & Replace(chckval, "'", "''") & "','" & Replace(chcknumval.Text, "'", "''") & "','" & Replace(onetimeval.Text, "'", "''") & "','" & Replace(multival.Text, "'", "''") & "','" & Replace(cashval, "'", "''") & "','" & Replace(donatechoice.SelectedItem.Value, "'", "''") & "','" & Replace(datestamp, "'", "''") & "');"
End If
Next

Just add some conditions to validate the data was entered into the inputs in each row.
If Not String.IsNullOrEmpty(String.Concat(TextBox1.Text, TextBox2.Text, TextBox3.Text)) Then
'insert logic here
End If
On a side note, I would suggest modifying the code to use parameters instead. The code is ripe for SQL-injection.

Look into using parametrized stored procedures instead of building your SQL as a string. Right now your application can be SQL injected. If you gave me a link to your application, I could wipe out all the data in your Contribs table (assuming the identity the thread is running under has permission; regardless, your query can be killed via syntax based on user input).
If you only want to insert records depending on what textboxes the user filled out, just use a case statement or if block to check for values in those textboxes. If the user entered a value, execute a function which hits the database.

Resources