Please someone advise me. I am trying to make some error log in DB. I am writing the below query to insert data to table having 2 filednames only.
But I am getting error as:
Error starting at line : 1 in command -
INSERT INTO QISWEBLOG (DATETIME, MESSAGE) VALUES (
'2017/12/24 01:01:48',
Status ='0' INSPECTOPERATOR = '122018 ' INSPECTDATETIME = [20171201040930] MANAGEOPERATOR = [MIS] MANAGEDATETIME = [20171224130133] [StockGumUpdate Barcode] = [21T399--A02 BU60212CTBSID0]
)
Error at Command Line : 4 Column : 8
Error report -
SQL Error: ORA-00917: missing comma
00917. 00000 - "missing comma"
*Cause:
*Action:
My query is:
Dim text1 As String
text1 = "Status = '" & status & "' INSPECTOPERATOR = '" & inspectOperator & "' INSPECTDATETIME = '" & inspectDateTime & "' MANAGEOPERATOR = '" & manageOperator & "' MANAGEDATETIME = '" & manageDateTime & "' [StockGumUpdate Barcode] = '" & GridView1.Rows(index).Cells(1).Text & "'"
sqlStr = "INSERT INTO QISWEBLOG (DATETIME, MESSAGE)"
sqlStr = sqlStr & " VALUES ('" & Trim(CStr(Format(DateTime.Now,
"yyyy/MM/dd hh:mm:ss"))) & "','" & text1 & "')"
Please help where I am wrong.
You need to skip (or escape) all the single quotes in your text1 variable. To escape a single quote, you need to type it twice.
Status =''0'' etc...
Dim userExists As Int32 = Convert
.ToInt32(ExecuteScallar_AJAY("SELECT Count(w02_TeacherID_child) "
& " FROM wUsers WHERE ( (LCase(w03_WebUserName) = '"
& userUsername.Trim.ToLower & "') "
& " AND (LCase(w04_WebUserPassword) = '"
& userPassword.Trim.ToLower & "') );", "vijay"))
How to fix input string was not in a correct format on login page .aspx.vb format?
I have a field (dose_str) that needs to be changed from Numeric(7,3) to Varchar(20). I would like to know if there will be a need to change the query below (especially this portion SELECT (convert(varchar,cast(Prot_det.dose_str as float)) ) in the code of my application.
myCommand.CommandText = "
SELECT (convert(varchar,cast(Prot_det.dose_str as float)) + ' '
+ dose_unit + ' ' + dose_form_comment + ' ' + dose_mult) as Dose_str
from
Prot_det,
dosage_form
where
Protocol_num = '" & lblProtocol.Text & "' and
nsc_num = " & lstNSC.SelectedValue & " and
prot_det.dose_form = dosage_form.dose_form"
After changing the datatype of the column, you will be able to change this:
(convert(varchar,cast(Prot_det.dose_str as float))
to this:
(Prot_det.dose_str)
And I would recommend that you do.
I want to select all the Female patients from the patient table where the area = south or area= west and then group the result by Disease name
So I had to write the where condition like this :
command10.CommandText = "SELECT D.DiseaseName, COUNT(D.Patient_ID) AS PNO FROM PatientAffectDisease D INNER JOIN patient P on D.Patient_ID = P.Patient_ID WHERE P.Gender='" & "female" & "'" & " AND P.Area='" & "south" & " '" & "OR P.Area='" & "west" & " '" & " GROUP BY DiseaseName "
But this doesn't return the right result.
Any Idea?
Put parenthesis around your OR'd conditions
e.g.
WHERE P.Gender='" & "female" & "'" & " AND
(P.Area='" & "south" & " '" & "OR P.Area='" & "west" & " '" & ")
or just use an IN clause ...
where p.gender = 'female' and p.area in ('south', 'west')
The issue is that you had extra spaces after south and west with this code: " '"
You were trying to find 'south ' or 'west ', not 'south' or 'west'.
You can also modify this condition to use an IN clause.
command10.CommandText = "SELECT D.DiseaseName, COUNT(1) AS PNO FROM PatientAffectDisease D INNER JOIN patient P on D.Patient_ID = P.Patient_ID WHERE P.Gender='female' AND P.Area IN ('south', 'west') GROUP BY DiseaseName"
I think the problem is in your where clause specifically related to not using parentheses.
command10.CommandText =
"SELECT D.DiseaseName, COUNT(D.Patient_ID) AS PNO " & _
" FROM PatientAffectDisease D " & _
" INNER JOIN patient P on D.Patient_ID = P.Patient_ID " & _
" WHERE P.Gender='female' AND P.Area in ('south','west') " _
" GROUP BY DiseaseName "
Here is the text of your query:
SELECT
D.DiseaseName,
COUNT(D.Patient_ID) AS PNO
FROM PatientAffectDisease D
INNER JOIN patient P on D.Patient_ID = P.Patient_ID
WHERE P.Gender='female'
AND P.Area='south '
OR P.Area='west '
GROUP BY DiseaseName
In SQL, the AND naturally has precendence over the OR.
So you're effectively asking
WHERE (P.Gender='female' AND P.Area='south') OR (p.Area = 'west' )
You must use brackets to explicitly state the precedence you need
WHERE P.Gender='female' AND (P.Area='south' OR p.Area='west')
The reason your posted query isn't working properly is because you have an extra space after 'west' and 'south' in the generated query.
You should always group your logic with () to make it easier to maintain and understand the code - and keep away from bugs such as this one.
AND binds harder than OR, so what you had earlier was the same as writing:
(P.Gender = 'female' AND P.Area = 'west') OR P.Area = 'south' -- not correct
Instead of using P.Area = 'west' OR P.Area = 'south' you can use the IN operator, as in the below example:
SELECT D.DiseaseName, COUNT(D.Patient_ID) AS PNO
FROM PatientAffectDisease D
INNER JOIN patient P ON D.Patient_ID = P.Patient_ID
WHERE P.Gender = 'female' AND P.Area IN ('west','south')
GROUP BY D.DiseaseName
command10.CommandText = "SELECT D.DiseaseName, COUNT(D.Patient_ID) AS PNO FROM PatientAffectDisease D INNER JOIN patient P ON D.Patient_ID = P.Patient_ID WHERE P.Gender = 'female' AND P.Area IN ('west','south') GROUP BY D.DiseaseName"
Hello again and please forgive me for posting again. I do this when I realize I am having problem fixing it myself.
Please take a look at the code below. I was told by the individual that developed it originally that the code only adds the rows of data the user entered. In other words, there 5 rows of textboxes. A user can enter data into one row or into all 5 rows. If the user enters data into one row of textbox, that's what gets inserted into the db.
I made some minor change to the code so that users can tell when a payment is made by check or cash payment.
Since I made that change, whether a user enters data into one row or all 5 rows, all 5 rows get inserted into the db.
How can I modify this code to ensure only rows entered get inserted?
I am really,really sorry for bothering you guys again and many thanks for all your help.
For x = 1 To 5 Step 1
dedval = obr.FindControl("ded" & CStr(x))
chckvalflag = obr.FindControl("chck" & CStr(x))
checkboxval = obr.FindControl("chckBox" & CStr(x))
onetimeval = obr.FindControl("onetime" & CStr(x))
chcknumval = obr.FindControl("chcknum" & CStr(x))
multival = obr.FindControl("multi" & CStr(x))
*If (chckvalflag.Text <> "" Or chckvalflag.Text <> "0") And Not checkboxval.Checked Then
cashval = DirectCast(obr.FindControl("chck" & CStr(x)), TextBox).Text
chckval = ""
chcknumval.Text = "Cash Payment"
Else
chckval = DirectCast(obr.FindControl("chck" & CStr(x)), TextBox).Text
chcknumval = obr.FindControl("chcknum" & CStr(x))
End If*
If dedval.Text <> "-1" And donatechoice.SelectedItem.Value <> "No" Then
sql += "INSERT INTO Contribs (employee_id, charity_code, check_amt, chcknum, one_time, bi_weekly, cash, donate_choice, date_stamp) "
sql += "VALUES ('" & Replace(employee_idLabel.Text, "'", "''") & "','" & Replace(dedval.SelectedValue, "'", "''") & "','" & Replace(chckval, "'", "''") & "','" & Replace(chcknumval.Text, "'", "''") & "','" & Replace(onetimeval.Text, "'", "''") & "','" & multival.Text & "','" & Replace(cashval, "'", "''") & "','" & Replace(donatechoice.SelectedItem.Value, "'", "''") & "','" & Replace(datestamp, "'", "''") & "');"
End If
If donatechoice.SelectedItem.Value = "No" Then
x = 6
sql += "INSERT INTO Contribs (employee_id, charity_code, check_amt, chcknum, one_time, bi_weekly, cash, donate_choice, date_stamp) "
sql += "VALUES ('" & Replace(employee_idLabel.Text, "'", "''") & "','" & Replace(dedval.SelectedValue, "'", "''") & "','" & Replace(chckval, "'", "''") & "','" & Replace(chcknumval.Text, "'", "''") & "','" & Replace(onetimeval.Text, "'", "''") & "','" & Replace(multival.Text, "'", "''") & "','" & Replace(cashval, "'", "''") & "','" & Replace(donatechoice.SelectedItem.Value, "'", "''") & "','" & Replace(datestamp, "'", "''") & "');"
End If
Next
Just add some conditions to validate the data was entered into the inputs in each row.
If Not String.IsNullOrEmpty(String.Concat(TextBox1.Text, TextBox2.Text, TextBox3.Text)) Then
'insert logic here
End If
On a side note, I would suggest modifying the code to use parameters instead. The code is ripe for SQL-injection.
Look into using parametrized stored procedures instead of building your SQL as a string. Right now your application can be SQL injected. If you gave me a link to your application, I could wipe out all the data in your Contribs table (assuming the identity the thread is running under has permission; regardless, your query can be killed via syntax based on user input).
If you only want to insert records depending on what textboxes the user filled out, just use a case statement or if block to check for values in those textboxes. If the user entered a value, execute a function which hits the database.