Private Sub cmdAdd_Click()
'add data to table
CurrentDb.Execute "INSERT INTO Products(ProductCode, ProductName, Category, UnitPrice, UnitCost, QuantityInStock, SupplierCode) " & _
" VALUES (" & Me.txtProductCode & " , '" & Me.txtProductName & "' , '" & Me.cboCategory & "' , '" & Me.txtUnitPrice & "' , '" & Me.txtUnitCost & "' , '" & Me.txtQuantityInStock & "' , '" & Me.cboSupplierCode & "')"
'refresh data on list of form
ProductsSub.Form.Requery
End Sub
the code above is suppose to record the data that has been input from the interface, but it does not do anything. The same format of code was used in a different form and it worked. Really weird, but i don't how it was possible.
You'll need to debug this. One of the values you are referencing visa the Me object is not resolving. Place a breakpoint on the CurrentDB.Execute command, and hover over each Me reference (i.e. Me.txtProductCode) to make sure it is obtaining the correct value for the insert. If you have moved this to a library, you may want to use CodeDB.Execute instead of CurrentDB.Execute. I would also check the table to see if the actual INSERT is working as there may be an issue with the Requery event.
Related
I am trying to do an update on a table in SQL Server 2008 R2, but the column writes only 8000 characters.
The column's datatype is set to text, but I have already tried to change to varchar(max) with no success.
I also used the cast('variable' as text) and cast('variable' as varchar(max)), also unsuccessfully.
When doing the same update by the SQL console (I made a response.write on the screen, copied and pasted it) or inserted more than 8000 characters manually, it works (through Microsoft Visual Studio).
sql_Up = "UPDATE ABVC_Eventos SET titulo_eve = '" & Strip(Evento) & "', cod_sup_eve = '" & Strip(cod_sup_eve) & "', cod_sup2_eve = '" & Strip(cod_sup2_eve) & "', texto_eve = CAST('" & Strip(texto_eve) & "' AS TEXT), WHERE id_eve = '" & Strip(Cod_Evento) & "'"
set Rs_sqlUp = bco.Execute(sql_Up)
The 'Strip' function is for sanitization.
I have a web app with a form that I am trying to pass to an ASP.NET server (using VB.NET) and then on to a MS SQL Server table. The form uses a jQuery datepicker in several textboxes and formats them as MM/dd/yyyy. The form fields are then passed through a PageMethod to the web server which takes the various field values and combines them into a SQL UPDATE command.
I am constantly getting the following error whenever I try to execute the SQL command:
Conversion failed when converting date and/or time from character string.
Here is the code on the server:
Using myConn As New System.Data.SqlClient.SqlConnection(CString.ConnectionString)
myConn.Open()
Dim cmd As New System.Data.SqlClient.SqlCommand("UPDATE table " & _
"SET type = '" & type & "', " & _
"target = '" & "#target" & "', " & _
"patient = '" & patient & "', " & _
"dob = '" & "#dob" & "' " & _
"WHERE serial = '" & serial & "'", myConn)
cmd.Parameters.Add(SqlParameter("#target", Data.SqlDbType.Date))
cmd.Parameters.Add(SqlParameter("#dob", Data.SqlDbType.Date))
If target = "" Then
cmd.Parameters("#target").Value = Data.SqlTypes.SqlDateTime.Null
Else
cmd.Parameters("#target").Value = target
End If
If dob = "" Then
cmd.Parameters("#dob").Value = Data.SqlTypes.SqlDateTime.Null
Else
cmd.Parameters("#dob").Value = dob
End If
cmd.ExecuteNonQuery()
End Using
Note: I've tried about twenty different ways of parsing the dates, converting them to dates, changing around the formats and none of it has worked.
Note 2: The conditional statements at the end are simply to prevent empty date fields from being stored in the SQL DB as "1/1/1900", but rather as an actual SQL NULL value. From debugging though, it seems that this is not the issue - it is when there is an actual value that the error is fired.
If anyone can see what I'm doing wrong and how I might fix it, it would be greatly appreciated. Thanks in advance for your help!
You are mixing up your parameterized and non-parameterized parts (why aren't you parameterizing everything?)
Dim cmd As New System.Data.SqlClient.SqlCommand("UPDATE table " & _
"SET type = '" & type & "', " & _
"target = #target, " & _
"patient = '" & patient & "', " & _
"dob = #dob " & _
"WHERE serial = '" & serial & "'", myConn)
Are you including time? DateTime fields require date and time.
I am trying to excute this sql query
Dim str As String = "UPDATE table1 SET " & _
"number = '" & strc & "'," & _
"code = '" & "123" & "'," & _
"line= '" & dd1.text & "'," & _
"sellr = '" & txtrun.text & "'," & _
"endu= '" & txtex1.value+txtex2.value & "'" & _
"WHERE number IN (select table1.number" & _
"FROM table1 INNER JOIN table2 ON table1.number = table2.number" & _
"WHERE ((table1.username)='" & session("username") & "' AND (table1.pass)='" & session("pass") & "' AND (table2.sellnum)='" & session("sellnum") & "'));"
there is a Syntax error in query expression and this is te first time I am using nested subquery
all the field are getting String values
So if someone can tell me what is the right approach to write this query I will be very grateful
You're missing spaces after table1.number and table2.number fields in the subquery.
I don't know where you're using this query, but you might want to read about SQL injection. When you stick strings together to build SQL, your code may be vulnerable to malicious users who put SQL code into the fields of your application.
Previous question which links onto this and has any addition code ref should I forget to link any, I have set it up to email me should someone submit this form and an error occur and right now should that occur for most integer or datetime fields if they fail to validate then it will show me which fields in the email failed and what was input into them.
Problem I'm having now is to validate the drop downs and the textboxs in a similar way to what I with integer and datetime fields so I can display those also in the email in case they error.
present integer and datetime validation
Catch ex As Exception
lblInformation.Text = ("<h4>Unable to save data in database</h4>" + vbNewLine + "The error was '" + ex.Message + "'" + vbNewLine + vbNewLine + vbNewLine + "The SQL Command which falied was:" + vbNewLine + "<strong>" + mySQL + "</strong>" + vbNewLine).Replace(vbNewLine, "<br />" + vbNewLine)
Dim dtb As DateTime
If Not DateTime.TryParse(DateOfBirth, dtb) Then
strEMessageBody.Append("<strong>Date Of Birth:</strong> " & DateOfBirthYear.SelectedItem.Value & "-" & DateOfBirthMonth.SelectedItem.Value & "-" & DateOfBirthDay.SelectedItem.Value & vbCrLf)
strEMessageBody.Append("<br/>" & vbTab & vbTab & vbTab & vbTab & vbTab & vbTab)
End If
Dim iao As Integer
If Not Integer.TryParse(AnyOther, iao) Then
strEMessageBody.Append("<strong>Any Other:</strong> " & rblAnyOther.Text & vbCrLf)
strEMessageBody.Append("<br/>" & vbTab & vbTab & vbTab & vbTab & vbTab & vbTab)
End If
then below the final validation I have the Dim for the email setting but that I sorted out in the other question.
The problem is much earlier in the page I have
Sub Upload_Click(ByVal source As Object, ByVal e As EventArgs)
If (Page.IsValid) Then
Dim Name As String
Which prevents me just using there names as shown above where I would instead call them something else but that doesn't work with strings so my main issue is having some bit of code to check if the strings are valid and for the dropdowns which would either work but always show the data in the email or would hiccup in the code,
Dim imd As Integer
If Not Integer.TryParse(dept, imd) Then
strEMessageBody.Append("<strong>Department:</strong> " & dept.Text & vbCrLf)
strEMessageBody.Append("<br/>" & vbTab & vbTab & vbTab & vbTab & vbTab & vbTab)
End If
below was how it had been setup to record the department
Department = dept.SelectedItem.Value
Department = Replace(Department, "'", "''")
Summary:- Need vb code to validate if strings and dropdowns are valid and the use of try/catch block is another possible solution but I wasn't able to figure out how to implement validation for that either.
Log your values into your database. Setup a logging table called "tblLog" or something else. Record the value of ex.Message or possibly even InnerException (if it exists).
Going hand in hand with Matt's answer, there is a tool that can help you with automatically logging errors to a DB.
It's called ELMAH.
EDIT
Here are 2 validations that you might want to use:
Dim s As String = "some user input in here"
If [String].IsNullOrEmpty(s) Then
' Watch out, string is null or it is an empty string
End If
Dim cb As New ComboBox()
If cb.SelectedItem Is Nothing Then
' Watch out, combo has no item selected
End If
NOTE ComboBox is a WinForm control in this example, but the idea is the same for the ASP.NET counterpart
Since everybodies given up trying to find a solution then I'm just gona close this topic with this post as the answer.
I am writing Classic ASP program.In one function, I have to use 2 update statements to one table in one function. First Statement is update the quantity of invoice and second update statement is base on that update Purchase Order quantity and Purchase Requisition quantity, I need to update one flag field. Can I write in same function as following:
SET RS = app.Execute("SELECT PRInvoiceNo, Quantity FROM PurchaseOrderDetails WHERE CoID='" & param & "'")
do while RS.EOF=false
app.Execute("UPDATE PurchaseRequisitionDetails SET PO_Quantity = PO_Quantity + " & RS("Quantity") & " WHERE CoID='" & param & "' AND PRInvoiceNo = '" & RS("PRInvoiceNo") & "'")
app.Execute("UPDATE PurchaseRequisitionDetails SET FullyPaidFlag=CASE WHEN PO_Quantity >= Quantity THEN 1 ELSE 0 END WHERE CoID='" & param & "' AND PRInvoiceNo = '" & RS("PRInvoiceNo") & "'")
RS.MoveNext
loop
The problem is in the loop the first statement is properly worked. Second one not work. What can it be? Can I do like this or not?
Well, I have to go, but be sure to check the following:
Response.Write(RS.RecordCount) -- are there any records? Or, do a Response.Write("hello") inside the loop to make sure.
Check that RS("Quantity"), param, etc are not null. If they are, your string concatenation will result in a null string.
Also, please, please don't forget to escape your variables!
Replace(param, "'", "''")
Good night!