Develop Reference

Error: An exception of type 'System.Data.SqlClient.SqlException' occured in System.Data.dll but was not handled in user code

I'm new to ASP.NET and building a little dynamic website for a salesdepartment to registere their sales for salescompetions.
I have a page, after one is logged in, that consists of a couple of comboboxes/dropdowns and at the buttom a 'SUBMIT' button which I want to trigger a new record in the database with all the selected data. everything seems to go fine for a second but eventually the following error message appears:
An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Invalid column name 'KunderID'.
Invalid column name 'KundeTypeID'.
Invalid column name 'MachineModellID'.
Invalid column name 'AntallID'.
Invalid column name 'BrukerID'.
It points to the following part (The line starting with MBExec =) in the DBConnection.vb file:
Public Shared Function MBExec(ByVal SQL As String) As String
Dim cmd As New SqlCommand(SQL, MBConn)
MBExec = Convert.ToString(cmd.ExecuteScalar())
cmd.Connection.Close()
End Function
On the sourcecode og the relevant page the relevant part of it is the following (bottom line starting with MBExec) whereby I cannot see that the columnsnames are wrong:
Protected Sub RegisterSale(sender As Object, e As EventArgs)
Dim KundeNavn As DropDownList = DropDownListKundeNavn
Dim TypeKunde As DropDownList = DropDownListTypeKunde
Dim MachineModell As DropDownList = DropDownListMachineModell
Dim Antall As DropDownList = DropDownListAntall
Dim Bruker As DropDownList = DropDownListBruker
If KundeNavn.SelectedItem.Text = "Velg" Then
Dim msg = "Select or add a new customer"
Dim msgTittle = "Missing Customer Name"
MsgBox(msg, MsgBoxStyle.Critical, msgTittle)
Exit Sub
Else
Dim msg1 = "Are you sure to continue?"
Dim title = "Confirm Sale Registration"
Dim style = MsgBoxStyle.YesNo
Dim responce = MsgBox(msg1, style, title)
If responce = MsgBoxResult.Yes Then
Dim msg = "Thank you for your efforts, you are closer to becoming a sales champion!"
Dim msgTittle = "Your Sale has been recorded"
MsgBox(msg, MsgBoxStyle.Information, msgTittle)
'Varibles to hold the DataValueField from the dropboxes
Dim KundeID As Integer
Dim TypeKundeID As Integer
Dim MachineModellID As Integer
Dim AntallID As Integer
Dim BrukerID As Integer
'Converts the DataValueField to an Integer
KundeID = Convert.ToInt32(KundeNavn.SelectedValue.ToString())
TypeKundeID = Convert.ToInt32(TypeKunde.SelectedValue.ToString())
MachineModellID = Convert.ToInt32(MachineModell.SelectedValue.ToString())
AntallID = Convert.ToInt32(Antall.SelectedValue.ToString())
BrukerID = Convert.ToInt32(Bruker.SelectedValue.ToString())
MBExec("INSERT INTO KyoceraSalgReg(KunderID, KundeTypeID, MachineModellID, AntallID, BrukerID) Values (KunderID, KundeTypeID, MachineModellID, AntallID, BrukerID)")
Exit Sub
Else
Exit Sub
End If
End If
End Sub
I would very much appreciate if anybody could help me in the right direction here. If I understand it correctly, somehow the column names are not recognized and I just don't see why.
Cheers:)
Update 1:
MBExec looks like this:
Public Shared Function MBExec(ByVal SQL As String) As String
Dim cmd As New SqlCommand(SQL, MBConn)
MBExec = Convert.ToString(cmd.ExecuteScalar())
cmd.Connection.Close()
End Function
And KunderID datatype is string, selection made from a DropDownList

Try this approach:
MBExec("INSERT INTO KyoceraSalgReg(KunderID, KundeTypeID, MachineModellID, AntallID, BrukerID) Values (#KunderID, #KundeTypeID, #MachineModellID, #AntallID, #BrukerID)")
Use parameterized query to add the values:
cmd.Parameter.AddWithValue("#KunderID", KunderID)
AddWithValue
You may need to make separate instances of the SqlParameter - Example

Protected Sub RegisterSale(sender As Object, e As EventArgs)
Dim KundeNavn As DropDownList = DropDownListKundeNavn
Dim TypeKunde As DropDownList = DropDownListTypeKunde
Dim MachineModell As DropDownList = DropDownListMachineModell
Dim Antall As DropDownList = DropDownListAntall
Dim Bruker As DropDownList = DropDownListBruker
'Varibles to hold the DataValueField from the dropboxes
Dim KunderID As Integer = Convert.ToInt32(KundeNavn.SelectedValue.ToString())
Dim TypeKundeID As Integer = Convert.ToInt32(TypeKunde.SelectedValue.ToString())
Dim MachineModellID As Integer = Convert.ToInt32(MachineModell.SelectedValue.ToString())
Dim AntallID As Integer = Convert.ToInt32(Antall.SelectedValue.ToString())
Dim BrukerID As Integer = Convert.ToInt32(Bruker.SelectedValue.ToString())
'Sets the Selected values from dropdownlist
Dim ParamKunderID = New SqlParameter()
ParamKunderID.ParameterName = "#KunderID"
ParamKunderID.Value = KunderID
Dim ParamTypeID = New SqlParameter
ParamTypeID.ParameterName = "#KundeTypeID"
ParamTypeID.Value = TypeKundeID
Dim ParamMachineModellID = New SqlParameter()
ParamMachineModellID.ParameterName = "#MachineModellID"
ParamMachineModellID.Value = MachineModellID
Dim ParamAntallID = New SqlParameter
ParamAntallID.ParameterName = "#AntallID"
ParamAntallID.Value = AntallID
Dim ParamBrukerID = New SqlParameter
ParamBrukerID.ParameterName = "#BrukerID"
ParamBrukerID.Value = BrukerID
If KundeNavn.SelectedItem.Text = "Velg" Then
Dim msg = "Velg eller legge til en ny kunde"
Dim msgTittle = "Mangler Kundenavn"
MsgBox(msg, MsgBoxStyle.Critical, msgTittle)
Exit Sub
Else
Dim msg1 = "Er du sikker på at du vil fortsette?"
Dim title = "Bekrefte salg registrering"
Dim style = MsgBoxStyle.YesNo
Dim responce = MsgBox(msg1, style, title)
If responce = MsgBoxResult.Yes Then
MBExec("INSERT INTO KyoceraSalgReg(KunderID, KundeTypeID, MachineModellID, AntallID, BrukerID)" & " Values " & "(" & KunderID & "," & TypeKundeID & "," & MachineModellID & "," & AntallID & "," & BrukerID & ")")
Dim msg = "Takk for din innsats, du er nærmere å bli et Salg Mester!"
Dim msgtittle = "Din salget er registrert"
MsgBox(msg, MsgBoxStyle.Information, msgtittle)
End If
End If
End Sub

unhandles exception error when login page idle

I have developed a site in vb.net (with some help from my brother in law) and it's almost ready to roll out except I am getting an unhandled exception error on the login
screen when the page is idle for a few minutes. I am reasonably new to vb.net and not a programmer :( Any help would be really appreciated. Sorry if anything in my post is not to the site standard as this is my first post. :)
I'm not sure why this is happening. The code that is executed on login_buttonClick is:
Protected Sub LoginWizard_FinishButtonClick(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.WizardNavigationEventArgs) Handles LoginWizard.FinishButtonClick
Dim oUsername As String = txtUsername.Text
Dim oPassword As String = txtPassword.Text
Dim oPath As String = Server.MapPath("App_Data/IOFR.mdb")
Dim oValid As Boolean = False
Dim oReader As System.Data.OleDb.OleDbDataReader = Nothing
Dim oConnection As System.Data.OleDb.OleDbConnection = Nothing
Dim oName As String = ""
Dim oOrg As String = ""
Dim oUserId As Integer = 0
Dim oActiveAcc As String = ""
Dim oSessionExpire As Integer = 0
Try
oConnection = New System.Data.OleDb.OleDbConnection(String.Format("Provider=Microsoft.Jet.OLEDB.4.0; Data Source={0}; Jet OLEDB:Database Password=EdmundColin13", oPath))
oConnection.Open()
Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")
Dim cmd As New SqlCommand
Dim oParams As New List(Of System.Data.OleDb.OleDbParameter)
oParams.Add(New System.Data.OleDb.OleDbParameter("#pmUsername", oUsername))
oParams.Add(New System.Data.OleDb.OleDbParameter("#pmPassowrd", oPassword))
Dim oCommand As New System.Data.OleDb.OleDbCommand("SELECT ID, [Name], Organisation, ActiveAccount, [Password] FROM Users WHERE [Username] = #pmUsername AND [Password] = #pmPassword", oConnection)
oCommand.Parameters.AddRange(oParams.ToArray)
oReader = oCommand.ExecuteReader()
If oReader.Read() Then
oValid = True
oName = oReader.GetString(oReader.GetOrdinal("Name"))
oActiveAcc = oReader.GetString(oReader.GetOrdinal("ActiveAccount"))
oOrg = oReader.GetString(oReader.GetOrdinal("Organisation"))
oPassword = oReader.GetString(oReader.GetOrdinal("Password"))
oUserId = oReader.GetInt32(oReader.GetOrdinal("ID"))
oSessionExpire = oReader.GetInt32(oReader.GetOrdinal("SessionExpire"))
End If
Catch ex As Exception
Finally
If Not oReader Is Nothing Then
If Not oReader.IsClosed Then
oReader.Close()
End If
oReader = Nothing
End If
End Try
If oValid And Not String.Equals(txtPassword.Text, oPassword) Then
oValid = False
End If
If oValid Then
If oActiveAcc = "No" Then
Response.Redirect("~/DisabledAccount.aspx")
Return
End If
Session("username") = txtUsername.Text
Session("name") = oName
Session("org") = oOrg
'Generate session id and store it in session
Dim uniquesessionid As String = Guid.NewGuid().ToString()
Session("uid") = uniquesessionid
Dim oCommandSession As New System.Data.OleDb.OleDbCommand("UPDATE Users SET SessionId = #pmid, SessionExpire = '" & DateTime.Now.AddHours(2).ToString() & "' WHERE [ID] = #pmUserid", oConnection)
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("#pmid", uniquesessionid))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("#pmUserid", oUserId))
oCommandSession.ExecuteNonQuery()
Response.Redirect("~/Home.aspx?login=true")
Else
txtUsername.BorderColor = Drawing.Color.Red
txtUsername.BackColor = Drawing.Color.Red
txtPassword.BorderColor = Drawing.Color.Red
FailedLogin.Visible = True
End If
If Not oConnection Is Nothing Then
If oConnection.State = Data.ConnectionState.Open Then
oConnection.Close()
End If
End If
End Sub

Thanks All. This seams to have resolved the issue.
EnableViewStateMAC="False"

Adding a new record to an Access database via vb.net

Do i need to have a new ID generate within vb if I have it set to AutoID in the table itself?
I currently have
Protected Sub deleteButton_Click(sender As Object, e As System.EventArgs) Handles deleteButton.Click
Dim deleteSQL As String
deleteSQL = "DELETE FROM Authors WHERE au_id=#au_id"
Dim myConnection As New SqlConnection(connectionString)
Dim myCommand As New SqlCommand(deleteSQL, myConnection)
myCommand.Parameters.AddWithValue("#au_id", authorDropDownList.SelectedItem.Value)
Dim successBoolean As Boolean = True
Dim index As Integer = authorDropDownList.SelectedIndex
Try
myConnection.Open()
successBoolean = myCommand.ExecuteNonQuery
'authorLabel.Text = "Record Deleted"
'authorLabel.Visible = True
Catch ex As Exception
successBoolean = False
authorLabel.Text = "Error deleting author. " & ex.Message
authorLabel.Visible = True
Finally
myConnection.Close()
End Try
If successBoolean Then
FillAutherList(index)
authorDropDownList_SelectedIndexChanged(sender, e)
authorLabel.Text = "Record Deleted"
authorLabel.Visible = True
End If
End Sub
Dim insertSQL As New StringBuilder
Dim currentDate As String
currentDate = DateTime.Now.ToString
insertSQL.Append("INSERT INTO Story_Table (Author,Content,Submission_Date)") 'Inserts new story
insertSQL.Append(" VALUES (#Author,#Content,#Submission_Date)") 'Sets the story values
Dim myConnection As New SqlConnection(connectionString)
Dim myCommand As New SqlCommand(insertSQL.ToString, myConnection)
With myCommand.Parameters 'Do this next
.AddWithValue("#Author", authorTextBox.Text)
.AddWithValue("#Content", storyTextBox.Text)
.AddWithValue("#Submission_Date", currentDate)
End With
Dim successBoolean As Boolean = True
Try
myConnection.Open()
successBoolean = myCommand.ExecuteNonQuery
resultLabel.Text = "Thanks for the Story! Look for it on the homepage."
resultLabel.Visible = True
Catch ex As Exception
successBoolean = False
resultLabel.Text = "Error inserting story. " & ex.Message
resultLabel.Visible = True
storyLabel.Text = storyTextBox.Text
storyLabel.Visible = True
Finally
myConnection.Close()
End Try`

Any possible chance for a memory leak?

i get this error System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException was thrown.` Why?? Kindly help me. I get this error (only when i host the website online, not in local machine).
Dim db As SqlDatabase = Connection.connection
Protected Sub btnSubmit_Click(sender As Object, e As System.EventArgs) Handles btnSubmit.Click
'Dim lblNodeID As Label = CType(Master.FindControl("lblParentId"), Label)
Using conn As DbConnection = db.CreateConnection()
Dim cmdInsertGroup As SqlCommand = db.GetSqlStringCommand("Insert Into CategoryGroups Values ('" & BLL.getNewGroupIDfromCategoryGroups & "','" & lblParentId.Text.Trim & "','" & txtGroupName.Text.Trim & "')")
Try
If fuGroupAttributes.HasFile Then
fuGroupAttributes.SaveAs(IO.Path.Combine(Server.MapPath("~/Admin/SpecificationExcels"), lblParentId.Text.Trim & IO.Path.GetExtension(fuGroupAttributes.FileName)))
Dim path As String = Server.MapPath("~/Admin/SpecificationExcels/" & lblParentId.Text.Trim & IO.Path.GetExtension(fuGroupAttributes.FileName))
Dim strmail As String = String.Empty
Dim connectionString As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & path & ";Extended Properties=Excel 12.0;"
Dim objConn As New OleDbConnection(connectionString)
objConn.Open()
Dim strConString As String = "SELECT * FROM [Sheet1$]"
'where date = CDate('" + DateTime.Today.ToShortDateString() + "')";
Dim objCmdSelect As New OleDbCommand(strConString, objConn)
' Create new OleDbDataAdapter that is used to build a DataSet
' based on the preceding SQL SELECT statement.
Dim objAdapter1 As New OleDbDataAdapter()
' Pass the Select command to the adapter.
objAdapter1.SelectCommand = objCmdSelect
' Create new DataSet to hold information from the worksheet.
Dim ds As New DataSet()
' Fill the DataSet with the information from the worksheet.
objAdapter1.Fill(ds, "ExcelData")
'My Exp
Dim _newAttributeID As Integer = BLL.getNewAttributeIDfromGroupAttributes
Dim _newGroupID As Integer
conn.Open()
Dim trans As DbTransaction = conn.BeginTransaction()
If cbInsertInExistingGroup.Checked Then
If gvExistingGroups.SelectedValue IsNot Nothing Then
_newGroupID = gvExistingGroups.SelectedRow.Cells(1).Text
Else
pnlMessage.Visible = True
pnlMessage.BackColor = Drawing.Color.Red
lblMessage.ForeColor = Drawing.Color.White
lblMessage.Font.Bold = True
lblMessage.Text = "Select a Group"
Exit Sub
End If
Else
_newGroupID = BLL.getNewGroupIDfromCategoryGroups
db.ExecuteNonQuery(cmdInsertGroup, trans)
End If
For i = 0 To ds.Tables(0).Rows.Count - 1
ds.Tables(0).Rows(i).Item(0) = _newAttributeID
ds.Tables(0).Rows(i).Item(1) = _newGroupID
_newAttributeID = _newAttributeID + 1
Next
' Clean up objects.
objConn.Close()
'Dim db As SqlDatabase = Connection.connection
Dim sqlBulk As New SqlBulkCopy(conn, SqlBulkCopyOptions.Default, trans)
sqlBulk.DestinationTableName = "GroupAttributes"
sqlBulk.WriteToServer(ds.Tables(0))
trans.Commit() ' commit the transaction
pnlMessage.Visible = True
pnlMessage.BackColor = Drawing.Color.Green
lblMessage.ForeColor = Drawing.Color.White
lblMessage.Font.Bold = True
lblMessage.Text = "Successfully Uploaded"
'Response.Redirect("~/Admin/AddSpecifications.aspx?id=" & Request.QueryString(0))
Else
pnlMessage.Visible = True
pnlMessage.BackColor = Drawing.Color.Red
lblMessage.ForeColor = Drawing.Color.White
lblMessage.Font.Bold = True
lblMessage.Text = "Select an Excel File"
'Response.Write("")
End If
Catch ex As Exception
trans.Rollback() ' rollback the transaction
pnlMessage.BackColor = Drawing.Color.Red
lblMessage.ForeColor = Drawing.Color.White
lblMessage.Font.Bold = True
lblMessage.Text = "Some Error Occured"
End Try
End Using
End Sub

Your code is a bit complicated to follow, but in this block you Exit Sub without closing the connection objConn
If cbInsertInExistingGroup.Checked Then
If gvExistingGroups.SelectedValue IsNot Nothing Then
_newGroupID = gvExistingGroups.SelectedRow.Cells(1).Text
Else
pnlMessage.Visible = True
pnlMessage.BackColor = Drawing.Color.Red
lblMessage.ForeColor = Drawing.Color.White
lblMessage.Font.Bold = True
lblMessage.Text = "Select a Group"
Exit Sub
End If
You should really try to refactor this huge block of code in more small units. In this way you could use the Using statement to dispose correctly of the Disposable objects like OleDbConnection, OleDbAdapter, OleDbCommand....

Performance issue with this code [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
the following code is for user control(it display banner), the page get stuck in IIS with status Executerequesthandler (when there is concurrent requests for this page), when I take this user control out from the page it runs smoothy, please note this control is embeded 5 times in the page. Here is the entire code for this user control, can someone spot out the problem?
Public Class daAds
Private Remote_Host As String
Private Script_Name As String
Private PATH_INFO As String
Private Page_Link As String
Private Country As String
Public Property p_Country() As String
Get
Return Country
End Get
Set(ByVal value As String)
Country = value
End Set
End Property
Public Property p_Page_Link() As String
Get
Return Page_Link
End Get
Set(ByVal value As String)
Page_Link = value
End Set
End Property
Public Property p_Remote_Host() As String
Get
Return Remote_Host
End Get
Set(ByVal value As String)
Remote_Host = value
End Set
End Property
Public Property p_Script_Name() As String
Get
Return Script_Name
End Get
Set(ByVal value As String)
Script_Name = value
End Set
End Property
Private ConnectionToFetch As SqlConnection
Private ReadOnly Property Connection() As SqlConnection
Get
ConnectionToFetch = New SqlConnection(ConnectionString)
ConnectionToFetch.Open()
Return ConnectionToFetch
End Get
End Property
Private ReadOnly Property ConnectionString() As String
Get
Return ConfigurationManager.ConnectionStrings("ConnStr").ConnectionString
End Get
End Property
Public Property p_PATH_INFO() As String
Get
Return PATH_INFO
End Get
Set(ByVal value As String)
PATH_INFO = value
End Set
End Property
Public Function showAd(ByVal Banner_inc As Integer, ByVal banner_layout As String, Optional ByVal ShowAdsInfo As Integer = 0) As String
'Return ""
Try
'Dim connectionString As String = ConfigurationManager.ConnectionStrings("ConnStr").ConnectionString
Dim imp_user_ip As String = Trim(Remote_Host)
Dim imp_country As String = Trim(p_Country)
imp_country = Replace(imp_country, Chr(10), "")
imp_country = Replace(imp_country, Chr(13), "")
Dim imp_page_name As String = Trim(Script_Name)
Dim imp_page_name2 As String = Trim(PATH_INFO)
Dim imp_page_link As String = p_Page_Link
'Response.Write(imp_page_name)
'ParamArrayAttribute()
'Dim m As DataSet
'm = SqlHelper.ExecuteDataset(connectionString, CommandType.StoredProcedure, "disp_banner_byPageName_views", parameters)
Dim InsertCommand As New SqlCommand
InsertCommand.Connection = Connection
InsertCommand.CommandText = "disp_banner_byPageName_views"
InsertCommand.CommandType = CommandType.StoredProcedure '
'Dim IdParameter = New SqlParameter("#CategoryID", SqlDbType.Int)
'Dim NameParameter = New SqlParameter("#CategoryName", SqlDbType.NVarChar)
'IdParameter.Direction = ParameterDirection.Output
'NameParameter.Value = txtCategoryName.Text
'InsertCommand.Parameters.Add(IdParameter)
'InsertCommand.Parameters.Add(NameParameter)
Dim Param_Imp_user_ip = New SqlParameter("#imp_user_ip", SqlDbType.VarChar)
Param_Imp_user_ip.Direction = ParameterDirection.Input
Param_Imp_user_ip.Value = imp_user_ip
InsertCommand.Parameters.Add(Param_Imp_user_ip)
Param_Imp_user_ip = Nothing
Dim Param_imp_country = New SqlParameter("#imp_country", SqlDbType.VarChar)
Param_imp_country.Direction = ParameterDirection.Input
Param_imp_country.Value = imp_country '"jo" '
InsertCommand.Parameters.Add(Param_imp_country)
Param_imp_country = Nothing
Dim Param_banner_inc = New SqlParameter("#banner_inc", SqlDbType.Int)
Param_banner_inc.Direction = ParameterDirection.Input
Param_banner_inc.Value = Banner_inc
InsertCommand.Parameters.Add(Param_banner_inc)
Param_banner_inc = Nothing
Dim Param_imp_page_name = New SqlParameter("#imp_page_name", SqlDbType.VarChar)
Param_imp_page_name.Direction = ParameterDirection.Input
Param_imp_page_name.Value = imp_page_name
InsertCommand.Parameters.Add(Param_imp_page_name)
Param_imp_page_name = Nothing
Dim Param_imp_page_link = New SqlParameter("#imp_page_link", SqlDbType.VarChar)
Param_imp_page_link.Direction = ParameterDirection.Input
Param_imp_page_link.Value = imp_page_link
InsertCommand.Parameters.Add(Param_imp_page_link)
Param_imp_page_link = Nothing
Dim Param_banner_layout = New SqlParameter("#banner_layout", SqlDbType.VarChar)
Param_banner_layout.Direction = ParameterDirection.Input
Param_banner_layout.Value = banner_layout
InsertCommand.Parameters.Add(Param_banner_layout)
Param_banner_layout = Nothing
Dim Param_activeBanners = New SqlParameter("#activeBanners", SqlDbType.VarChar)
Param_activeBanners.Direction = ParameterDirection.Input
Param_activeBanners.Value = ""
InsertCommand.Parameters.Add(Param_activeBanners)
Param_activeBanners = Nothing
Dim Param_banner_width = New SqlParameter("#banner_width", SqlDbType.Int)
Param_banner_width.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_width)
Dim Param_banner_height = New SqlParameter("#banner_height", SqlDbType.Int)
Param_banner_height.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_height)
Dim Param_campaign_id = New SqlParameter("#campaign_id", SqlDbType.Int)
Param_campaign_id.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_campaign_id)
Dim Param_imp_id = New SqlParameter("#imp_id", SqlDbType.Int)
Param_imp_id.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_imp_id)
Dim Param_banner_url = New SqlParameter("#banner_url", SqlDbType.VarChar, 500)
Param_banner_url.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_url)
Dim Param_banner_img = New SqlParameter("#banner_img", SqlDbType.VarChar, 100)
Param_banner_img.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_img)
Dim Param_banner_text = New SqlParameter("#banner_text", SqlDbType.VarChar, 1000)
Param_banner_text.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_text)
Dim Param_banner_script = New SqlParameter("#banner_script", SqlDbType.VarChar, 2000)
Param_banner_script.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_script)
Dim Param_banner_ID = New SqlParameter("#banner_ID", SqlDbType.Int)
Param_banner_ID.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(Param_banner_ID)
Dim param_adv_name_script = New SqlParameter("#adv_name", SqlDbType.VarChar, 2000)
param_adv_name_script.Direction = ParameterDirection.Output
InsertCommand.Parameters.Add(param_adv_name_script)
InsertCommand.ExecuteNonQuery()
Dim ActiveBanner As String = ""
Dim banner_height As Integer
Dim campaign_id As Integer
Dim imp_id As Integer
Dim banner_url As String
Dim banner_img As String
Dim banner_text As String
Dim banner_script As String
Dim banner_ID As Integer
Dim banner_width As String
'ActiveBanner = Param_activeBanners.Value()
banner_width = Param_banner_width.Value()
banner_height = Param_banner_height.Value()
If (Not IsDBNull(Param_campaign_id.Value())) Then
campaign_id = Convert.ToInt16(Param_campaign_id.Value())
End If
If (Not IsDBNull(Param_imp_id.Value())) Then
imp_id = Convert.ToInt16(Param_imp_id.Value())
End If
banner_url = Param_banner_url.Value()
banner_img = Param_banner_img.Value()
banner_text = Param_banner_text.Value()
banner_script = Param_banner_script.Value()
banner_ID = Param_banner_ID.Value()
ConnectionToFetch.Close()
ConnectionToFetch = Nothing
Param_banner_width = Nothing
Param_banner_height = Nothing
Param_campaign_id = Nothing
Param_imp_id = Nothing
Param_banner_url = Nothing
Param_banner_img = Nothing
Param_banner_text = Nothing
Param_banner_script = Nothing
Param_banner_ID = Nothing
param_adv_name_script = Nothing
If imp_page_link = "" Then
imp_page_link = " "
End If
'Dim x As Integer = parameters(9).Value
If String.IsNullOrEmpty(campaign_id) Then
campaign_id = -1
End If
If IsNothing(campaign_id) Then
campaign_id = -1
End If
If campaign_id < 1 Then 'If CInt("0" & param_campaign_id.value) < 1 Then
Return "<!-- log name='campNull' value='" & campaign_id & "' -->"
End If
If ActiveBanner = "" Then
ActiveBanner = banner_ID
ElseIf InStr("," & ActiveBanner & ",", "," & banner_ID & ",") < 1 Then
ActiveBanner = banner_ID & "," & ActiveBanner
End If
Dim strRet As String
'If request.QueryString("ads") = 1 Then
'Response.Write(" SessionID:" & Session.SessionID & " " & " disp_custom_banner " & campaign_id & "," & banner_ID & "," & adv_id & " Country=" & gCountry & " Banner=" & adv_name & " IP=" & request.ServerVariables("Remote_host"))
' End If
Dim strbuilder As New StringBuilder
If ShowAdsInfo = 1 Then
strbuilder.Append("disp_custom_banner " & campaign_id & "," & banner_ID & "," & " Country=" & imp_country & ", Banner=" & param_adv_name_script.Value())
End If
strbuilder.Append("<!-- log banner=" & banner_ID & " activeBanners=" & ActiveBanner & " -->")
strbuilder.Append("<script language='javascript' defer=defer>AdvimgBanner=" & IIf(imp_id = Nothing, 0, imp_id) & ";</script>" & vbCr)
If Len(banner_script) > 5 Then
''''''''' added for counting issue
Dim tmtmp As String = Replace(DateTime.Now.ToShortTimeString(), "PM", "")
Dim tm As String = Replace(tmtmp, "AM", "")
tm = Replace(tm, ":", "")
'''''''''
Dim max, min, RandomNum
max = 10000
min = 1
RandomNum = CStr(Int((max - min + 1) * Rnd() + min))
RandomNum = RandomNum & "-" & banner_ID
Dim ReFactor As String = Replace(banner_script, "[timestamp]", RandomNum & tm)
strbuilder.Append(Replace(ReFactor, "&cacheburst=", "&cacheburst=" & RandomNum & tm))
Return strbuilder.ToString
End If
If InStr(LCase(banner_img), ".swf") > 0 Then
Dim url_str As String = HttpContext.Current.Server.UrlEncode("http://www.xxx.com/includes/bannerhits.asp?campaign_id=" & campaign_id & "&imp_id=" & imp_id & "&URL=" & HttpContext.Current.Server.UrlEncode(banner_url))
Dim banner_str As String = "<A HREF=/includes/in_banner_hits.asp?campaign_id=" & campaign_id & "&imp_id=" & imp_id & "&URL=" & HttpContext.Current.Server.UrlEncode(banner_url) & " TARGET='_blank'>"
Dim bannersrc As String = "/updates/banners/" & banner_img
Dim concatEmbedID As String = "CAMP" & campaign_id
Dim DivNameID As String = "flashbanner" & banner_layout
Dim bannerhit As String = "http://www.xxx.com/includes/bannerhits.asp?campaign_id=" & campaign_id & "&imp_id=" & imp_id & "&URL=" & banner_url
bannerhit = HttpContext.Current.Server.UrlEncode(bannerhit)
strbuilder.Append("<div id='<%=DivNameID%>'>")
strbuilder.Append("<a href='http://www.adobe.com/go/getflashplayer'>")
strbuilder.Append("<img src='http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif' alt='Get Adobe Flash player' border='0' /></a></div>")
strbuilder.Append("<script type='text/javascript' src='/includes/scripts/swfobject.js' ></script>")
strbuilder.Append("<script type='text/javascript' >")
strbuilder.Append("var so = new SWFObject(" + bannersrc + ", " + DivNameID + "," + banner_width + ", " + banner_height + ", ""6"", ""#ffffff"");")
strbuilder.Append("so.addParam(""quality"", ""autohigh "");")
strbuilder.Append("so.addParam(""bgcolor"", ""#ffffff"");")
strbuilder.Append("so.addParam(""swliveconnect"", ""false"");")
strbuilder.Append("so.addParam(""wmode"", ""transparent"");")
strbuilder.Append("so.addVariable(""clickTAG""," + bannerhit + ");")
strbuilder.Append("so.write(" + DivNameID + ");")
strbuilder.Append("</SCRIPT>")
Else
strbuilder.Append("<A HREF=/includes/in_banner_hits.asp?campaign_id=" & campaign_id & "&imp_id=" & imp_id & "&URL=" & HttpContext.Current.Server.UrlEncode(banner_url) & " TARGET='_blank'>" & _
" <IMG SRC='/updates/banners/" & banner_img & "' WIDTH='" & banner_width & "' HEIGHT='" & banner_height & "' BORDER='0' ALT='" & banner_text & "' vspace='5'></A>")
'response.write(banner_str)
End If
If Err.Number <> 0 Then
strbuilder.Append("<!--log name='err' value='" & Err.Description & _
"' Source='" & Err.Source & "' Number='" & Err.Number & "'-->")
End If
InsertCommand = Nothing
Dim strReturn As String = strbuilder.ToString
strbuilder = Nothing
Return strReturn
Catch ex As Exception
End Try
End Function
End Class

In short: You should create,open,use,close,dispose Connections where you're using them.
The best way is to use the using-statement. By not closing the connection as soon as possible, the Connection-Pool needs to create new physical connections to the dbms which is very expensive in terms of perfomance.
Using conn As New SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnStr").ConnectionString)
Using insertCommand As New SqlClient.SqlCommand("disp_banner_byPageName_views", conn)
insertCommand.CommandType = CommandType.StoredProcedure
' ....
End Using
End Using
Performance problems are the least you get when not closing connections properly.
Edit: I've overlooked the ConnectionToFetch.Close in the middle of the code.
But anyway, you should use using or the finally of a try/catch to close a connection, otherwise it'll keep open in case of any exceptions. Because you've already a try/catch you could use it to close it in it's finally block.
I don't want to nag even more, but an empty catch is bad, because you'll never know when an exception was raised. You might want to log or at least throw it again there to catch it in Application_Error and/or in a custom error page or at the caller of this method.
Try
' code here
Catch ex As Exception
' log exception and/or throw(what is always better than to intercept it)
Throw
Finally
ConnectionToFetch.Close
End Try