vb.net can't get database value in OR statement - sql

i have kriteria database with column name kode which contain value kriteria 1 to kriteria 6
I want user can pick 3 to 6 value from kode and it will show in datagridview as matrix...
if user pick 6 kriteria there's no problem and it show matrix 6x6
...but if user pick less than 6 kriteria or parameters empty, it shows nothing...
this is my code
Private Sub perhitungankriteria_Load(sender As Object, e As EventArgs) Handles MyBase.Load
For Each item In menuuser.ListBox2.Items
list2.Add(item)
Next
connect()
End Sub
Sub connect()
Dim adapter As OleDbDataReader
Dim cmd As OleDbCommand
cmd = New OleDbCommand("SELECT kode FROM kriteria WHERE kode=#kriteria1 OR kode=#kriteria2 OR kode=#kriteria3 OR kode=#kriteria4 OR kode=#kriteria5 OR kode=#kriteria6", konek)
cmd.Parameters.Add("#kriteria1", OleDbType.VarChar, 50).Value = list2(0)
cmd.Parameters.Add("#kriteria2", OleDbType.VarChar, 50).Value = list2(1)
cmd.Parameters.Add("#kriteria3", OleDbType.VarChar, 50).Value = list2(2)
cmd.Parameters.Add("#kriteria4", OleDbType.VarChar, 50).Value = list2(3)
cmd.Parameters.Add("#kriteria5", OleDbType.VarChar, 50).Value = list2(4)
cmd.Parameters.Add("#kriteria6", OleDbType.VarChar, 50).Value = list2(5)
adapter = cmd.ExecuteReader
DataGridView1.Columns.Clear()
While adapter.Read
list.Add(adapter("kode"))
DataGridView1.Columns.Add(adapter("kode"), adapter("kode"))
End While
i've try IN instead WHERE query in sql SELECT statement but same problems appears

Call BuildCommand from a button click after the user has made selections from the list box.
Dim list2() As String = {"kriteria1", "kriteria2", "kriteria3", "kriteria4", "kriteria5", "kriteria6"}
Private Sub Form4_Load(sender As Object, e As EventArgs) Handles MyBase.Load
ListBox1.DataSource = list2
Private Sub BuildCommand()
Dim sb As New StringBuilder("SELECT kode FROM kriteria WHERE kode = ")
Dim ct As Integer = ListBox1.SelectedItems.Count
Dim cn As New OleDbConnection("Your connection string")
Dim cmd As New OleDbCommand
cmd.Parameters.Add("#kriteria1", OleDbType.VarChar, 50).Value = list2(0)
cmd.Parameters.Add("#kriteria2", OleDbType.VarChar, 50).Value = list2(1)
cmd.Parameters.Add("#kriteria3", OleDbType.VarChar, 50).Value = list2(2)
cmd.Parameters.Add("#kriteria4", OleDbType.VarChar, 50).Value = list2(3)
cmd.Parameters.Add("#kriteria5", OleDbType.VarChar, 50).Value = list2(4)
cmd.Parameters.Add("#kriteria6", OleDbType.VarChar, 50).Value = list2(5)
If ListBox1.SelectedItems.Contains(ListBox1.Items(0)) Then
sb.Append("#kriteria1 OR kode = ")
End If
If ListBox1.SelectedItems.Contains(ListBox1.Items(1)) Then
sb.Append("#kriteria2 OR kode = ")
End If
If ListBox1.SelectedItems.Contains(ListBox1.Items(2)) Then
sb.Append("#kriteria3 OR kode = ")
End If
If ListBox1.SelectedItems.Contains(ListBox1.Items(3)) Then
sb.Append("#kriteria4 OR kode = ")
End If
If ListBox1.SelectedItems.Contains(ListBox1.Items(4)) Then
sb.Append("#kriteria5 OR kode = ")
End If
If ListBox1.SelectedItems.Contains(ListBox1.Items(5)) Then
sb.Append("#kriteria6;")
End If
Dim strSQL As String = sb.ToString
If strSQL.EndsWith("= ") Then
Dim index As Integer = strSQL.LastIndexOf("O") 'last capital O
strSQL = strSQL.Remove(index)
strSQL &= ";"
End If
Debug.Print(strSQL) 'Check the immediate window
cmd.CommandText = strSQL
cmd.Connection = cn
'use your command as you wish
End Sub

Related

i get this error Must declare the scalar variable "#"

Here is the code:
Private Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click
con = New SqlConnection("Data Source=LAPTOP-16IIQENS\SQLEXPRESS;Initial Catalog=students;Integrated Security=True")
con.Open()
cmd = New SqlCommand("select * from data where [Roll No.]=#[Roll No.]", con)
cmd.Parameters.Add("#Roll No.", SqlDbType.Int).Value = TextBox5.Text
Dim adp As New SqlDataAdapter(cmd)
Dim table As New DataTable()
adp.Fill(table)
If (table.Rows.Count() > 0) Then
DataGridView1.DataSource = table
TextBox2.Text = table.Rows(0)(0).ToString
TextBox1.Text = table.Rows(0)(1).ToString
TextBox3.Text = table.Rows(0)(2).ToString
TextBox4.Text = table.Rows(0)(3).ToString
Else
MessageBox.Show("No Data Found")
End If
End Sub
enter image description here
You can freely choose the name of your SQL parameter, it does not need to match the name of the field.
Thus, if you call your parameter #RollNo instead of #Roll No. (no space, no dot), you no longer need to escape the name in your SQL, which should fix your current issue.
Change:
cmd = New SqlCommand("select * from data where [Roll No.]=#[Roll No.]", con)
cmd.Parameters.Add("#Roll No.", SqlDbType.Int).Value = TextBox5.Text
to:
cmd = New SqlCommand("select * from data where [Roll No.]=#RollNo", con)
cmd.Parameters.Add("#RollNo", SqlDbType.Int).Value = TextBox5.Text

VB Get Autonum values

I use the first "Using" statement below to insert a row to a table called "Archives". This table has a primary key that is an autonum in an Access db. The second Using statement I use to retrieve the value for the autonum field, searching by the parameters that I just entered. While this works perfectly well, it just seems ugly. Is there a way to get the autonum field returned to me after the insert? (BTW - I have deleted some code from between these two statements so if it looks a little strange, that may be why.
Using myConn As New OleDbConnection(strConnectionString),
myInsertCommand As New OleDbCommand("INSERT INTO Archives (ArchUserName, ArchUserDomain, ArchDate, ArchRoot, ArchStatus)
VALUES (#strArchUser, #strArchUserDomain, #dteArchDate, #strArchRoot, #strArchStatus);", myConn)
myInsertCommand.Parameters.Add("#strArchUser", OleDbType.VarChar, 100).Value = strArchUser
myInsertCommand.Parameters.Add("#strArchDomain", OleDbType.VarChar, 100).Value = strArchDomain
myInsertCommand.Parameters.Add("#dteArchDate", OleDbType.Date, 20).Value = dteArchDate
myInsertCommand.Parameters.Add("#strArchRoot", OleDbType.VarChar, 255).Value = strArchRoot
myInsertCommand.Parameters.Add("#strArchStatus", OleDbType.VarChar, 100).Value = strArchStatus
myConn.Open()
myInsertCommand.ExecuteNonQuery()
End Using
Dim sql As String = "SELECT ArchID
FROM Archives
WHERE ArchUserName = #ArchUserName
AND ArchUserDomain = #ArchUserDomain
AND ArchDate = #ArchDate
AND ArchRoot = #ArchRoot"
Using myConn As New OleDbConnection(strConnectionString),
command As New OleDbCommand(sql, myConn)
With command.Parameters
.Add("#ArchUserName", OleDbType.VarChar, 50).Value = strArchUser
.Add("#ArchUserDomain", OleDbType.VarChar, 50).Value = strArchDomain
.Add("#ArchDate", OleDbType.Date).Value = dteArchDate
.Add("#ArchRoot", OleDbType.VarChar, 50).Value = strArchRoot
End With
myConn.Open()
strArchID = "Arch" & CStr(command.ExecuteScalar())
strDirectoryName = "Archive" & CStr(command.ExecuteScalar())
ReturnCode = 0
End Using
Use ##Identity on the same connection immediately after the insert.
Private Function InsertArchiveRetrieveID(strArchUser As String, strArchDomain As String, dteArchDate As Date, strArchRoot As String, strArchStatus As String) As Integer
Dim NewID As Integer
Using myConn As New OleDbConnection(strConnectionString),
myInsertCommand As New OleDbCommand("INSERT INTO Archives (ArchUserName, ArchUserDomain, ArchDate, ArchRoot, ArchStatus)
VALUES (#strArchUser, #strArchUserDomain, #dteArchDate, #strArchRoot, #strArchStatus);", myConn)
With myInsertCommand.Parameters
.Add("#strArchUser", OleDbType.VarChar, 100).Value = strArchUser
.Add("#strArchDomain", OleDbType.VarChar, 100).Value = strArchDomain
.Add("#dteArchDate", OleDbType.Date, 20).Value = dteArchDate
.Add("#strArchRoot", OleDbType.VarChar, 255).Value = strArchRoot
.Add("#strArchStatus", OleDbType.VarChar, 100).Value = strArchStatus
End With
myConn.Open()
myInsertCommand.ExecuteNonQuery()
Using RetrieveNewIDCommand As New OleDbCommand("Select ##Identity From Archives,", myConn)
NewID = CInt(RetrieveNewIDCommand.ExecuteScalar)
End Using
End Using
Return NewID
End Function
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim NewID = InsertArchiveRetrieveID(txtUser.Text, txtDomain.Text, DateTimePicker1.Value, txtRoot.Text, txtStatus.Text)
Dim strArchID = "Arch" & CStr(NewID)
Dim strDirectoryName = "Archive" & CStr(NewID)
End Sub

How to use VB and SQL to add Records to a Relational Database in Access

I'm working in Visual Basic to create a forms applications as part of a college project. I've used SQL statements to read from the access database but I'm having some trouble writing to it. I'd like to hazard a guess it's due to the database having relationships between tables.
This is my first go at making something substantial, and vb is not my language of choice. Expect the code to be poor at best. If anyone has links to resources that I could use to improve I'd be immensely grateful.
Exception:
Exception thrown: 'System.Data.OleDb.OleDbException: 'No value given for one or more required parameters.'
Exception location: 'commAddToStaff.ExecuteNonQuery()'
Both try statements are catching exceptions when ran. I've attempted providing data in the parameters rather than using data from a text box, but this hasn't resolved the issue.
Code:
Private Sub btnAddStaffMember_Click(sender As Object, e As EventArgs) Handles btnAddStaffMember.Click
'Dimension tblStaff Parameters
Dim AddEmployeeIDParam As New OleDb.OleDbParameter("#AddEmployeeID", txtAddEmployeeID.Text)
Dim AddForenameParam As New OleDb.OleDbParameter("#AddForename", txtAddForename.Text)
Dim AddSurnameParam As New OleDb.OleDbParameter("#AddSurname", txtAddSurname.Text)
Dim AddDOBParam As New OleDb.OleDbParameter("#AddDOB", txtAddDOB.Text)
Dim AddUserTierParam As New OleDb.OleDbParameter("#AddUserTier", txtAddUserTier.Text)
'Dimension tblContacts Parameters
Dim conContact As New OleDb.OleDbConnection("Provider=Microsoft.......")
Dim commContactCount As New OleDb.OleDbCommand("Select Count(*) FROM tblContacts", conContact)
commContactCount.Connection.Open()
Dim ContactID = commContactCount.ExecuteScalar + 1 'Calculate the contactID of the new record
commContactCount.Connection.Close() 'Close the connection
Dim AddContactIDParam As New OleDb.OleDbParameter("#AddContactID", ContactID)
Dim AddAddressParam As New OleDb.OleDbParameter("#AddAddress", txtAddAddress.Text)
Dim AddPostcodeParam As New OleDb.OleDbParameter("#AddPostcode", txtAddPostcode.Text)
Dim AddEmailParam As New OleDb.OleDbParameter("#AddEmail", txtAddEmail.Text)
Dim AddMobileNoParam As New OleDb.OleDbParameter("#AddMobileNo", txtAddMobileNumber.Text)
Dim conAddToStaff As New OleDb.OleDbConnection("Provider=Microsoft....")
Dim commAddToStaff As New OleDb.OleDbCommand("Insert Into tblStaff (EmployeeID, Forename, Surname, DOB, User_Tier, ContactID) Values (#AddEmployeeID, #AddForename, #AddSurname, #AddDOB, #AddUserTier, #AddContactID)", conAddToStaff)
commAddToStaff.Parameters.Add(AddEmployeeIDParam)
commAddToStaff.Parameters.Add(AddForenameParam)
commAddToStaff.Parameters.Add(AddSurnameParam)
commAddToStaff.Parameters.Add(AddDOBParam)
commAddToStaff.Parameters.Add(AddUserTierParam)
Dim commAddToContact As New OleDb.OleDbCommand("Insert Into tblContacts (ContactID, Address, Postcode, Email, Mobile_Number) Values (#AddContactID, #AddAddress, #AddPostcode, #AddEmail, #AddMobileNo)", conContact)
commAddToContact.Parameters.Add(AddContactIDParam)
commAddToContact.Parameters.Add(AddAddressParam)
commAddToContact.Parameters.Add(AddPostcodeParam)
commAddToContact.Parameters.Add(AddEmailParam)
commAddToContact.Parameters.Add(AddMobileNoParam)
Try
commAddToStaff.Connection.Open() 'Open a connection to the database
commAddToStaff.ExecuteNonQuery() 'Execute the command
commAddToStaff.Connection.Dispose() 'Remove unmanaged resources
commAddToStaff.Connection.Close() 'Close the connection
Catch ex As Exception
MessageBox.Show("Error with staff")
End Try
Try
commAddToContact.Connection.Open() 'Open a connection to the database
commAddToContact.ExecuteNonQuery() 'Execute the command
commAddToContact.Connection.Dispose() 'Remove unmanaged resources
commAddToContact.Connection.Close() 'Close the connection
Catch ex As Exception
MessageBox.Show("Error with contacts")
End Try
MessageBox.Show("Reached")
Me.Hide() 'Close the Current screen
StaffDB_Add_Staff_Security_Question.Show() 'Open the Add Security Question Screen
End Sub
You are inserting six values into six columns here:
Dim commAddToStaff As New OleDb.OleDbCommand("Insert Into tblStaff (EmployeeID, Forename, Surname, DOB, User_Tier, ContactID) Values (#AddEmployeeID, #AddForename, #AddSurname, #AddDOB, #AddUserTier, #AddContactID)", conAddToStaff)
but you only add five parameters to the command here:
commAddToStaff.Parameters.Add(AddEmployeeIDParam)
commAddToStaff.Parameters.Add(AddForenameParam)
commAddToStaff.Parameters.Add(AddSurnameParam)
commAddToStaff.Parameters.Add(AddDOBParam)
commAddToStaff.Parameters.Add(AddUserTierParam)
Where's the parameter for the #AddContactID placeholder in the SQL code?
EDIT:
For the record, here's how I would tend to write code for that sort of task, ignoring the horrible way you're generating the ContactID value:
Using connection As New OleDbConnection("connection string here")
connection.Open()
Dim contactCount As Integer
Using contactCountCommand As New OleDbCommand("SELECT COUNT(*) FROM tblContacts", connection)
contactCount = CInt(contactCountCommand.ExecuteScalar())
End Using
Dim contactId = contactCount + 1
Using staffCommand As New OleDbCommand("INSERT INTO tblStaff (EmployeeID, Forename, Surname, DOB, User_Tier, ContactID) Values (#EmployeeID, #Forename, #Surname, #DOB, #User_Tier, #ContactID)", connection)
With staffCommand.Parameters
.Add("#EmployeeID", OleDbType.VarChar, 50).Value = txtAddEmployeeID.Text
.Add("#Forename", OleDbType.VarChar, 50).Value = txtAddForename.Text
.Add("#Surname", OleDbType.VarChar, 50).Value = txtAddSurname.Text
.Add("#DOB", OleDbType.Date).Value = CDate(txtAddDOB.Text) 'Why isn't this coming from a DateTimePicker?
.Add("#User_Tier", OleDbType.VarChar, 50).Value = txtAddUserTier.Text
.Add("#ContactID", OleDbType.Integer).Value = contactId
End With
staffCommand.ExecuteNonQuery()
End Using
Using contactCommand As New OleDbCommand("INSERT INTO tblContacts (ContactID, Address, Postcode, Email, Mobile_Number) Values (#ContactID, #Address, #Postcode, #Email, #Mobile_Number)", connection)
With contactCommand.Parameters
.Add("#ContactID", OleDbType.Integer).Value = contactId
.Add("#Address", OleDbType.VarChar, 50).Value = txtAddAddress.Text
.Add("#Postcode", OleDbType.VarChar, 50).Value = txtAddPostcode.Text
.Add("#Email", OleDbType.VarChar, 50).Value = txtAddEmail.Text
.Add("#Mobile_Number", OleDbType.VarChar, 50).Value = txtAddMobileNumber.Text
End With
contactCommand.ExecuteNonQuery()
End Using
End Using
It would be easier to see where there are insufficient parameters added by rearranging the code into smaller pieces, where related items are near to each other. Something like:
Imports System.Data.OleDb
Public Class Form1
Dim connStr As String = "Provider=Microsoft......."
Sub AddStaffMemberToDatabase(contactId As Integer)
Dim sql = "INSERT INTO tblStaff (EmployeeID, Forename, Surname, DOB, UserTier, ContactID) VALUES (#AddEmployeeID, #AddForename, #AddSurname, #AddDOB, #AddUserTier, #AddContactID)"
Using conn As New OleDbConnection(connStr),
cmd As New OleDbCommand(sql, conn)
Dim dob = DateTime.Parse(txtAddDOB.Text)
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddEmployeeID", .OleDbType = OleDbType.VarChar, .Size = 20, .Value = txtAddEmployeeID.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddForename", .OleDbType = OleDbType.VarWChar, .Size = 255, .Value = txtAddForename.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddSurname", .OleDbType = OleDbType.VarWChar, .Size = 255, .Value = txtAddSurname.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddDOB", .OleDbType = OleDbType.Date, .Value = dob})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddUserTier", .OleDbType = OleDbType.VarChar, .Size = 20, .Value = txtAddUserTier.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddContactID", .OleDbType = OleDbType.Integer, .Value = contactId})
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
Sub AddContactToDatabase(contactId As Integer)
Dim sql = "INSERT INTO tblContacts (ContactID, Address, Postcode, Email, Mobile_Number) VALUES (#AddContactID, #AddAddress, #AddPostcode, #AddEmail, #AddMobileNo)"
Using conn As New OleDbConnection(connStr),
cmd As New OleDbCommand(sql, conn)
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddContactID", .OleDbType = OleDbType.Integer, .Value = contactId})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddAddress", .OleDbType = OleDbType.VarWChar, .Size = 255, .Value = txtAddAddress.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#txtAddPostcode", .OleDbType = OleDbType.VarChar, .Size = 20, .Value = txtAddPostcode.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddEmail", .OleDbType = OleDbType.VarWChar, .Size = 255, .Value = txtAddEmail.Text})
cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "#AddMobileNo", .OleDbType = OleDbType.VarChar, .Size = 20, .Value = txtAddMobileNumber.Text})
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
Sub AddStaffMember()
Dim sql = "SELECT COUNT(*) FROM tblContacts"
Dim contactID As Integer
Using conn As New OleDbConnection(connStr),
cmd As New OleDbCommand(sql, conn)
conn.Open()
contactID = Convert.ToInt32(cmd.ExecuteScalar()) + 1
End Using
AddStaffMemberToDatabase(contactID)
AddContactToDatabase(contactID)
End Sub
Private Sub btnAddStaffMember_Click(sender As Object, e As EventArgs) Handles btnAddStaffMember.Click
AddStaffMember()
Me.Hide()
StaffDB_Add_Staff_Security_Question.Show() 'Open the Add Security Question Screen
End Sub
End Class
The Using statement makes sure that "unamanaged resources" are released when the code has finished with them.
Note that you will need to provide a more specific and robust way of parsing the DOB text (e.g. DateTime.TryParseExact). Also, the database types and sizes need to be edited to match the declarations in the database.

Error when counting data by date

This is the error:
Additional information: Syntax error (missing operator)
in query expression 'count(rev1) FORMAT(Now(),'mm/dd/yyyy')'.
This is the code:
Dim con As New OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=" & Application.StartupPath & "\sheetlog.mdb;Jet OLEDB:Database Password = 'password';")
Dim cmd, cmd1 As OleDbCommand
Dim dbcmd As String
Dim dbcmd2 As String
con.Open()
dbcmd2 = "SELECT DISTINCT empname FROM sheet"
dbcmd = "SELECT count(new), count(rev1) FORMAT(Now(),'mm/dd/yyyy') As PerDate FROM sheet"
cmd = New OleDbCommand(dbcmd, con)
cmd1 = New OleDbCommand(dbcmd2, con)
ListView1.Clear()
ListView1.GridLines = True
ListView1.FullRowSelect = True
ListView1.View = View.Details
ListView1.MultiSelect = False
ListView1.Columns.Add("Employee Name", 200)
ListView1.Columns.Add("New", 80)
ListView1.Columns.Add("Revision1", 80)
ListView1.Columns.Add("Revision2", 80)
ListView1.Columns.Add("Revision3", 80)
ListView1.Columns.Add("Revision4", 80)
ListView1.Columns.Add("Revision5", 80)
Dim Reader As OleDbDataReader = cmd1.ExecuteReader()
Dim Reader1 As OleDbDataReader = cmd.ExecuteReader()
While Reader.Read And Reader1.Read
With ListView1.Items.Add(Reader("empname"))
.subitems.add(Reader1("new"))
.subitems.add(Reader1("rev1"))
' .subitems.add(Reader1("crev2"))
' .subitems.add(Reader1("crev3"))
' .subitems.add(Reader1("crev4"))
' .subitems.add(Reader1("crev5"))
End With
End While
con.Close()
End Sub

Child list for field salesreport cannot be created

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdOk.Click
Dim scan As String = "select ProductCode from products where ProductCode = '" & TextBox1.Text & "';"
connection.Open()
Dim cmd = New MySqlCommand(scan, connection)
Dim dr As MySqlDataReader = cmd.ExecuteReader
If dr.Read = True Then
MsgBox("Match found")
connection.Close()
Dim insert As String = "insert into salesreport (ProductName,ProductPrice) select products.ProductName,products.ProductPrice from products where products.ProductCode = '" & TextBox1.Text & "';"
connection.Open()
da = New MySqlDataAdapter(insert, connection)
da.Fill(ds, "salesreport")
DataGridView1.DataSource = ds
DataGridView1.DataMember = "salesreport"
connection.Close()
Else
connection.Close()
MsgBox("No match found")
TextBox1.Text = ""
TextBox1.Select()
End If
End Sub
INSERT statements doesn't return records.
There is no sense in this situation to use a DataAdapter to INSERT a record.
Use the MySqlCommand.ExecuteNonQuery method to insert your record, then read the added row with a MySqlDataAdapter
Also, do not concatenate text, typed by your user, to build and use an sql text for the database engine. Your code could be easily used to create Sql Injection Attacks.
Dim scan As String = "select ProductCode from products " +
"where ProductCode = ?prodCode"
connection.Open()
Dim cmd = New MySqlCommand(scan, connection)
cmd.Parameters.AddWithValue("?prodCode", TextBox1.Text)
..........
Dim insert As String = "insert into salesreport (ProductName,ProductPrice) " +
"select products.ProductName,products.ProductPrice from products " +
"where products.ProductCode = ?prodCode"
cmd = new MySqlCommand(insert, connection)
cmd.Parameters.AddWithValue("?prodCode", TextBox1.Text)
cmd.ExecuteNonQuery()
da = New MySqlDataAdapter(scan, connection)
da.SelectCommand.Parameters.AddWithValue("?prodCode", TextBox1.Text)
da.Fill(ds, "salesreport")
DataGridView1.DataSource = ds
DataGridView1.DataMember = "salesreport"