syntax error insert into statement vb.net - vb.net

pls help solve me this question.. im very new to this
i can't add new employee to the table employee.. whenever i try to add it shows syntax error insert into statement
Public Class AddNewEmployee
Dim dr As OleDbDataReader
Dim da As OleDbDataAdapter
Dim ds As DataSet
Dim conn As New OleDbConnection(My.Settings.rayshadatabaseConnectionString)
Dim cmd As OleDbCommand
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
conn.Open()
Try
Dim str As String = "INSERT INTO employee" _
& "(Employee Name, IC Number, HP Number, Address)" _
& " Values (" _
& "'" & txtEmployeeName.Text & "', " _
& "'" & txtIC_Number.Text & "'," _
& "'" & txtHP_Number.Text & "'," _
& "'" & txtAddress.Text & "')"
cmd = New OleDbCommand(str, conn)
Dim i As Integer = cmd.ExecuteNonQuery()
If i > 0 Then
MessageBox.Show("Record Succesfully added.", "Process Completed", MessageBoxButtons.OK, MessageBoxIcon.Information)
Else
MessageBox.Show("Adding failed!", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
End If
Catch ex As Exception
MessageBox.Show(ex.Message)
Finally
conn.Close()
cmd.Dispose()
End Try
frmEmployee.loadR()
Me.Close()
End Sub
End Class

Replace this,
Dim str As String = "INSERT INTO employee" _
& "(Employee Name, IC Number, HP Number, Address)" _
& " Values (" _
& "'" & txtEmployeeName.Text & "', " _
& "'" & txtIC_Number.Text & "'," _
& "'" & txtHP_Number.Text & "'," _
& "'" & txtAddress.Text & "')"
with this,
Dim str As String = "INSERT INTO employee" _
& "([Employee Name], [IC Number], [HP Number], [Address])" _
& " Values (" _
& "'" & txtEmployeeName.Text & "', " _
& "'" & txtIC_Number.Text & "'," _
& "'" & txtHP_Number.Text & "'," _
& "'" & txtAddress.Text & "')"
Thanks
Manoj

Related

how do I refresh gridview after adding new row?

I made several research but cannot figure out the problem. I can add, remove or edit rows from database in the code. However, I could not refresh the grid.
I mean, when I add new row to gridview, it doesn't appear in it. After I recompile the code it appears. How can I refresh the gridview?
Dim strSQL = "SELECT * FROM FIXEDCARD WHERE STKCODE = '" & TextEdit1.Text & "'"
objCon.Close()
Dim sqlCmd As New SqlCommand(strSQL, objCon)
objCon.Open()
Dim dreader As SqlDataReader
dreader = sqlCmd.ExecuteReader
If dreader.Read Then
'Dim stk_ As String = dreader.GetString(dreader.GetOrdinal("STKCODE")).ToString()
DevExpress.XtraEditors.XtraMessageBox.Show("already exists", "Info!", MessageBoxButtons.OK)
objCon.Close()
Else
dreader.Close()
strSQL = "INSERT INTO FIXEDCARD(STKCODE, STKEXP, AUTHCODE, GRPCODE, SPECODE" & _
", SPECODE2, SPECODE3, SPECODE4, SPECODE5, AMORTRATIO, AMORT," & _
"PURCH, SALES, RETUR, UNIT) VALUES('" & TextEdit1.Text & "'," & _
"'" & TextEdit2.Text & "', '" & TextEdit3.Text & "'," & _
"'" & TextEdit4.Text & "', '" & TextEdit5.Text & "'," & _
"'" & TextEdit6.Text & "', '" & TextEdit7.Text & "'," & _
"'" & TextEdit8.Text & "', '" & TextEdit9.Text & "'," & _
"'" & TextEdit10.Text & "', '" & TextEdit11.Text & "'," & _
"'" & TextEdit12.Text & "', '" & TextEdit13.Text & "'," & _
"'" & TextEdit14.Text & "', '" & TextEdit15.Text & "') "
sqlCmd = New SqlCommand(strSQL, objCon)
sqlCmd.ExecuteNonQuery()
objCon.Close()
End If
RefreshGrid()
Me.Close()
And also I try to write a refresh function that will refresh the gridview when I call it each button. However, I have been making a mistake but could not recognize it.
Public Sub RefreshGrid()
Dim T As New DataTable
Dim strSQL = "Select * From FIXEDCARD"
Dim sqlCmd As New SqlCommand(strSQL, objCon)
T = CType(sqlCmd.ExecuteNonQuery(), System.Data.DataTable)
GridView1.DataSource = T
End Sub
Public Function FillDataSet(query As String, ByVal ParamArray para() As Object) As DataTable
dim _transaction As SqlTransaction
Dim _command As SqlCommand
_command = New SqlCommand(query, yourConnection)
_ds = New DataSet
_sqlda = New SqlDataAdapter(_command )
_command.Transaction = _transaction
For i = 0 To para.Count - 1
_command.Parameters.AddWithValue("#" & i, para(i))
Next
_sqlda.Fill(_ds)
return _ds.tables(0)
End Function
call it
GridControl1.datasource = Nothing
GridControl1.datasource = FillDataSet(YourInsertQuery,YourParam)
GridControl1.RefreshDataSource()
You are using a "Non-Query" in the refresh. This doesn't return a table value.
Try using the SqlCommand.ExecuteReader method.
Reference: https://msdn.microsoft.com/en-us/library/9kcbe65k(v=vs.110).aspx

insert and delete query in visual studio

I can't seem to get my insert query to work in VB, it was working before and i tried to add a delete query and now the insert doesn't work.
I am searching for a customer in the customers table using their email (This works fine), the 3 fields from the customers table are then passed to another form where the user then adds more data to new fields, which are then used to insert into the members table. (I would also like to delete the customer from the customers table once they have been added to the members table using their email but can't seem to get it working).
This is the error I am getting 'Incorrect syntax near the keyword 'VALUES'.'
Here is the code for the insert query, any help would be appreciated. I am very new to Visual Basic.
This code is inside my SQLControl.vb
Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String,
member_address As String, member_postcode As String, member_email As String, member_contact_number As String,
member_registration As String, member_discount_rate As Integer)
Try
Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _
"VALUES(" & _
"'" & member_fname & "'," & _
"'" & member_sname & "'," & _
"'" & member_gender & "'," & _
"'" & member_dob & "'," & _
"'" & member_address & "'," & _
"'" & member_postcode & "'," & _
"'" & member_email & "'," & _
"'" & member_contact_number & "'," & _
"'" & member_registration & "'," & _
"'" & member_discount_rate & "')"
MsgBox(strinsert)
SQLCon.Open()
SQLCmd = New SqlCommand(strinsert, SQLCon)
SQLCmd.ExecuteNonQuery()
SQLCon.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
And this is where the sub is being called on the button in the form
Private Sub addmember_Click(sender As Object, e As EventArgs) Handles addmember.Click
Try
sql.Addmember(memberupdate_firstname.Text, memberupdate_surname.Text, membergender.Text, memberdob.Text, memberaddress.Text, memberpostcode.Text, memberemail.Text, membercontactnumber.Text, memberregisterationdate.Text, membersdiscountrate.Text)
MsgBox("Member added")
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
You are missing a ) character between the end of the column list and the keyword values:
Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _
")VALUES(" & _
"'" & member_fname & "'," & _
"'" & member_sname & "'," & _
"'" & member_gender & "'," & _
"'" & member_dob & "'," & _
"'" & member_address & "'," & _
"'" & member_postcode & "'," & _
"'" & member_email & "'," & _
"'" & member_contact_number & "'," & _
"'" & member_registration & "'," & _
"'" & member_discount_rate & "')"
Protect your code from Sql injection :
Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String,
member_address As String, member_postcode As String, member_email As String, member_contact_number As String,
member_registration As String, member_discount_rate As Integer)
Try
Dim queryInsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate) " & _
" VALUES (#fname,#sname,#gender,#dob,#address,#postcode,#email,#contact_number,#registration,#discount_rate) "
Using sqlCon As New SqlConnection("MySqlConnectionString")
sqlCon.Open()
Using sqlCmd As New SqlCommand(queryInsert, sqlCon)
Dim fnameParam As SqlParameter = sqlCmd.Parameters.Add("#fname", SqlDbType.NVarChar, 10)
fnameParam.Value = member_fname
Dim snameParam As SqlParameter = sqlCmd.Parameters.Add("#sname", SqlDbType.NVarChar, 10)
snameParam.Value = member_sname
'etc. for all your parameters..
sqlCmd.ExecuteNonQuery()
End Using
End Using
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub

Edit/Update datagridview VB form

When I try to edit and update the data in datagriview it comes up with an error message saying Operator '&' is not defined for type 'TextBox' and string "".
please help. Thanks
Here is my code
Private Sub btnaddrecord_Click(sender As Object, e As EventArgs) Handles btnaddrecord.Click
Dim cmd As New OleDb.OleDbCommand
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
cmd.Connection = cnn
If Me.IdentificationNotest.Tag & "" = "" Then
cmd.CommandText = "INSERT INTO vehicledefects(Codenumber, vehiclereg, datereported, defects1, repaired1, defects2, repaired2, defects3, repaired3, datefixed) " & _
" VALUES(" & Me.IdentificationNotest.Text & ",'" & Me.vehiclereg.Text & "','" & Me.datereported.Text & "','" & Me.defects1.Text & "','" & Me.repaired1.Text & "','" & _
Me.defects2.Text & "','" & Me.repaired2.Text & "','" & _
Me.defects3.Text & "','" & Me.repaired3.Text & "','" & _
Me.datefixed.Text & "')"
cmd.ExecuteNonQuery()
Else
cmd.CommandText = "UPDATE vehicledefects" & _
" SET Codenumber =" & Me.IdentificationNotest.Text & _
", vehiclereg ='" & Me.vehiclereg.Text & "'" & _
", datereported ='" & Me.datereported.Text & "'" & _
", defects1 ='" & Me.defects1.Text & "'" & _
", repaired1 ='" & Me.repaired1.Text & "'" & _
", defects2 ='" & Me.defects2.Text & "'" & _
", repaired2='" & Me.repaired2.Text & "'" & _
", defects3='" & Me.defects3.Text & "'" & _
", repaired3='" & Me.repaired3.Text & "'" & _
", datefixed='" & Me.datefixed.Text & "'" & _
" WHERE Codenumber =" & Me.IdentificationNotest.Tag
cmd.ExecuteNonQuery()
End If
refreshdata()
Me.btnclear.PerformClick()
cnn.Close()
datefixed.Text = ""
IdentificationNotest.Text = ""
End Sub
In the future, you should also post the line number the error is being thrown on.
The error is telling you that you're doing something like:
dim myString as String = myTextBox & " some more text"
in this case, you would need to do:
dim myString as String = myTextBox.Text & " some more text"
In the code you posted, I wasn't able to find an instance of this - so perhaps its somewhere else in the code. Though, the code was hard to read so I may have missed it.
You may also be aware that this code is susceptible to SQL Injection attacks

The CommandText property has not been properly initialized

i am using vb.net and mysqladmin as my database.
i have a problem in my codes, and i don't know how to debug it.
please help me..
my problem is when i click the button update the error shows
"The CommandText property has not been properly initialized."
this is the codes:
Dim intDB_ID_Selected As Integer
'Private Sub cmdupdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdupdate.Click
If MessageBox.Show("Do you want to update this record?", "", MessageBoxButtons.YesNo, MessageBoxIcon.Question) = vbYes Then
Dim sqlcommand As New MySqlCommand("UPDATE user_info " & _
" SET name = '" & txtname.Text.Trim & "'," & _
" address = '" & txtaddress.Text.Trim & "', " & _
" age = '" & txtage.Text.Trim & "', " & _
" WHERE id= '" & intDB_ID_Selected & "'", sConnection)
Call execCmd(SQL)
load1()
MsgBox("Record updated successfully.", MsgBoxStyle.Information)
End If
End Sub `
Public Sub execCmd(ByVal PstrSQL As String)
With cmd
.CommandText = PstrSQL
.ExecuteNonQuery()
End With
End Sub
the error line is in
.ExecuteNonQuery()
i am a beginner in this language, so please help me. im begging you guys!!
what is cmd and has it been initialized?
Oh, and try to used parameterized query. The earlier you get into the habit, the better.
Try doing this instead after the messagebox selection. cmd is not properly initialized in execCmd.
Dim sqlStr as String = "UPDATE user_info " & _
" SET name = '" & txtname.Text.Trim & "'," & _
" address = '" & txtaddress.Text.Trim & "', " & _
" age = '" & txtage.Text.Trim & "', " & _
" WHERE id= '" & intDB_ID_Selected & "'", sConnection)
Dim sqlcommand As New MySqlCommand(sqlStr)
sqlcommand.ExecuteNonQuery()
load1()
MsgBox("Record updated successfully.", MsgBoxStyle.Information)

Syntax error in INSERT INTO parameter query [duplicate]

This question already has answers here:
Syntax error when executing INSERT INTO statement
(4 answers)
Closed 8 years ago.
When I try cmd.ExecuteNonQuery() I get an error saying "Syntax error in INSERT INTO statement."
I posted this same problem yesterday... can someone help me again?
Private Sub btnadd1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnadd1.Click
Dim cmd As New OleDb.OleDbCommand
Dim Printlist1 As New DataTable
If Not con.State = ConnectionState.Open Then
con.ConnectionString = "Provider=Microsoft.Ace.OLEDB.12.0; Data Source=c:Database11.accdb"
con.Open()
cmd.Connection = con
End If
If Me.text1.Tag & "" = "" Then
cmd.CommandText = "INSERT INTO Printlist1(StickerCode, Description, Company, Department, Location, User, SerialNumber, DatePurchased, Tagable, Quantity, Brand, Model)" & _
" VALUES(#StickerCode, #Description, #Company, #Department, #Location, #User, #SerialNumber, #DatePurchased, #Tagable, #Quantity, #Brand, #Model)"
cmd.Parameters.AddWithValue("#StickerCode", Me.text1.Text)
cmd.Parameters.AddWithValue("#Description", Me.text2.Text)
cmd.Parameters.AddWithValue("#Company", Me.text3.Text)
cmd.Parameters.AddWithValue("#Department", Me.text4.Text)
cmd.Parameters.AddWithValue("#Location", Me.text5.Text)
cmd.Parameters.AddWithValue("#User", Me.text6.Text)
cmd.Parameters.AddWithValue("#SerialNumber", Me.text7.Text)
cmd.Parameters.AddWithValue("#DatePurchased", Me.text8.Text)
cmd.Parameters.AddWithValue("#Tagable", Me.text9.Text)
cmd.Parameters.AddWithValue("#Quantity", Me.text10.Text)
cmd.Parameters.AddWithValue("#Brand", Me.text11.Text)
cmd.Parameters.AddWithValue("#Model", Me.text12.Text)
cmd = New OleDbCommand(cmd.CommandText, con)
cmd.ExecuteNonQuery()
Else
cmd.CommandText = "UPDATE Printlist1 " & _
" SET StickerCode='" & Me.text1.Text & _
", Description='" & Me.text2.Text & "'" & _
", Company='" & Me.text3.Text & "'" & _
", Department='" & Me.text4.Text & "'" & _
", Location='" & Me.text5.Text & "'" & _
", User='" & Me.text6.Text & "'" & _
", SerialNumber='" & Me.text7.Text & "'" & _
", DatePurchased='" & Me.text8.Text & "'" & _
", Tagable='" & Me.text9.Text & "'" & _
", Quantity='" & Me.text10.Text & "'" & _
", Brand='" & Me.text11.Text & "'" & _
", Model='" & Me.text12.Text & "'" & _
" WHERE text1=" & Me.text1.Tag
cmd.ExecuteNonQuery()
End If
RefreshData()
Me.btnclear1.PerformClick()
con.Close()
End Sub
Sticker Code Description Company Department Location User Serial Number Date Purchased Tagable Quantity Brand Model
User is a reserved word in Sql try placing it in Square Brackets like this [User]
cmd.CommandText = "INSERT INTO Printlist1(StickerCode, [Description], Company, Department, Location, [User], SerialNumber, DatePurchased, Tagable, Quantity, Brand, Model)" & _
" VALUES(#StickerCode, #Description, #Company, #Department, #Location, #User, #SerialNumber, #DatePurchased, #Tagable, #Quantity, #Brand, #Model)"