I'm unable to store the value in my session variable.
The fetching from query is done alright as it displays the correct value.
Response.Write(Session("idsess")) Won't return anything.
This is my code:
IS IT A SYNTAX THING?
con.Open()
cmd = New OleDbCommand("SELECT ([password]) FROM userinfo WHERE ([uname]= '" & uname_log.Value & "')", con)
dr = cmd.ExecuteReader
If (dr.Read) Then
If (dr(0).ToString = pass_log.Value) Then
cmd = New OleDbCommand("SELECT [profile_id] FROM userinfo WHERE ([uname]= '" & uname_log.Value & "')", con)
dr = cmd.ExecuteReader
dr.Read()
Response.Write(dr(0).ToString)
If (dr.Read) Then
Session("idsess") = dr.Read()
Response.Write(Session("idsess"))
End If
Else
Response.Write("Wrong Authentification.")
End If
Else
Response.Write("Sign up instead?")
End If
con.Close()
You are not using DataReader correctly; change your code in:
If dr.Read Then
Session("idsess") = dr("profile_id")
Response.Write(Session("idsess"))
End If
Related
I'm looking to add a row with an autonumeric value using SQL.
I'm using Studio VB 2010. I have a very simple table with 2 fields:
ID Autonumeric
Model Text field.
constr = "INSERT INTO procedures VALUES('" & txtFName.Text & "')"
cmd = New OleDbCommand(constr, cn)
cn.Open()
Me.i = cmd.ExecuteNonQuery
A message says a parameter is missing,
so my question is...
How can I add in the SQL command this automatic value? (ID)
Should I get the last ID number and +1 ?? I think there's gotta be a simple way to do it.
Thank you.
Update #1
I am now trying parameterized queries as suggested...
I found this example,
Dim cmdText As String = "INSERT INTO procedures VALUES (?,?)"
Dim cmd As OleDbCommand = New OleDbCommand(cmdText, con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.Add("#a1", OleDbType.Integer).Value = 0
.Add("#a2", OleDbType.VarChar).Value = txtFName.Text
End With
cmd.ExecuteNonQuery()
con.Close()
But still, I'm geting a Syntaxis error.
Any thoughts?
Thanks to you all.
UPDATE #2
This code seems to work if I give the next ID number, but again, how can I do it automatically?
Dim cmdText As String = "INSERT INTO procedures VALUES (?,?)"
Dim cmd As OleDbCommand = New OleDbCommand(cmdText, con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.AddWithValue("#a1", OleDbType.Integer).Value = 3
.AddWithValue("#a2", OleDbType.VarChar).Value = txtFName.Text
End With
cmd.ExecuteNonQuery()
con.Close()
Any comments? Thanks again.
UPDATE #3 This Code gives me Syntaxis Error
I just put my only one column to update, the second one is the autonumber column, as I was told to try.
Dim Con As OleDbConnection = New OleDbConnection(dbProvider & dbSource)
Dim SQL_command As String = "INSERT INTO procedures (procedure) VALUES ('Model')"
Dim cmd As OleDbCommand = New OleDbCommand(SQL_command, Con)
Try
Con.Open()
cmd.ExecuteNonQuery()
Catch ex As Exception
Throw ex
Finally
Con.Close()
Con.Dispose()
End Try
UPDATE #4 - SOLUTION
I'm putting this code in here in case someone finds it useful.
dbProvider = "PROVIDER=Microsoft.ACE.OLEDB.12.0;Persist Security Info=False;"
dbSource = "Data Source = c:\gastrica\dabase.accdb"
Con.ConnectionString = dbProvider & dbSource
Dim Con As OleDbConnection = New OleDbConnection(dbProvider & dbSource)
Dim SQL_command As String = "INSERT INTO [procedures] ([procedure]) VALUES (?)"
Dim cmd As OleDbCommand = New OleDbCommand(SQL_command, Con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.AddWithValue("#procedure", OleDbType.VarChar).Value = txtFName.Text
End With
Try
Con.Open()
cmd.ExecuteNonQuery()
Dim varProcedure As String = cmd.Parameters("#procedure").Value.ToString()
MessageBox.Show("Record inserted successfully. Procedure = " & varProcedure)
Catch ex As Exception
Throw ex
Finally
Con.Close()
End Try
Thanks all for your comments and help.
You need to specify the columns:
INSERT INTO procedures (columnname, columnname2) VALUES ('test', 'test');
Here is a sql fiddle showing an example:
http://sqlfiddle.com/#!9/3cf706/1
Try this one:
constr = "INSERT INTO procedures (ID, Model) VALUES (0,'" & txtFName.Text & "')"
'or (not sure)
constr = "INSERT INTO procedures (Model) VALUES ('" & txtFName.Text & "')"
When use 0 as value, in autonumeric fields SQL insert the next number
Thanks for your answers.
I couldnĀ“t do it, it gives me errors. So I end up with a single variable reaching the next Auto Value. Using a simple SQL command.
And then, everything runs good.
vNextAuto = GetDB_IntValue("SELECT TOP 1 * FROM procedures ORDER BY ID DESC", "ID") + 1
Dim SQL_command As String = "INSERT INTO procedures VALUES (?,?)"
Dim cmd As OleDbCommand = New OleDbCommand(SQL_command, Con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.AddWithValue("#id", OleDbType.Integer).Value = vNextAuto
.AddWithValue("#a2", OleDbType.VarChar).Value = txtFName.Text
End With
Try
Con.Open()
cmd.ExecuteNonQuery()
'Dim id As String = cmd.Parameters("#id").Value.ToString()
'MessageBox.Show("Record inserted successfully. ID = " & id)
Catch ex As Exception
Throw ex
Finally
Con.Close()
Con.Dispose()
End Try
CMD = New SqlCommand("Select * From Jenis where KodeJenis='" & CBjenis.Text & "'", CONN)
RD = CMD.ExecuteReader()
CONN.Open()
RD.Read()
If RD.HasRows = True Then
TextBox2.Text = RD.Item(1)
Else
MsgBox("Kode jenis ini tidak terdaftar")
End If
what problem ?
Try to Use Using End Using syntax to avoid unclosed Connections.
Dim rd As SqlDataReader
Using CMD = New SqlCommand
CMD.CommandText = "Select * From Jenis where KodeJenis='" & CBjenis.Text & "'"
CMD.CommandType = CommandType.Text
CMD.Connection = CONN
CMD.Connection.Open()
rd = CMD.ExecuteReader
If rd.Read() Then
TextBox2.Text = rd.Item(1)
Else
MsgBox("Kode jenis ini tidak terdaftar")
End If
End Using
End Sub
I'm trying to select some datas from my database and display it into the textboxes. First is i'm selecting the data from realestate.useraccounts and then to realestate.userprofiles. Its working on the useraccounts but not on the userprofiles.
`
Try
con.Open()
Dim q1 As String
q1 = "select userid,email from realestate.useraccounts where username='" & frmLogin.txtUsername.Text & "'"
cmd = New MySqlCommand(q1, con)
cmd.ExecuteNonQuery()
dr = cmd.ExecuteReader
If dr.HasRows Then
dr.Read()
lblUserid.Text = dr("userid")
txtEmail.Text = dr("email")
End If
con.Close()
con.Open()
Dim q2 As String
q2 = "select * from realestate.userprofiles where userid = '" & lblUserid.Text & "'"
cmd = New MySqlCommand(q2, con)
cmd.ExecuteNonQuery()
If dr.HasRows Then
dr.Read()
txtFirst.Text = dr("lastname")
txtLast.Text = dr("firstname")
txtAddress.Text = dr("address")
End If
con.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
Finally
con.Dispose()
End Try`
You forgot dr = cmd.ExecuteReader() in the second one, so your dr.Read cant read on your second query.
You may also close your reader after use use it.
Let's try this:
Try
con.Open()
Dim q1 As String
q1 = "select userid,email from realestate.useraccounts where username='" & frmLogin.txtUsername.Text & "'"
cmd = New MySqlCommand(q1, con)
cmd.ExecuteNonQuery()
dr = cmd.ExecuteReader
If dr.HasRows Then
dr.Read()
lblUserid.Text = dr("userid")
txtEmail.Text = dr("email")
End If
dr.Close()
con.Close()
con.Open()
Dim q2 As String
q2 = "select * from realestate.userprofiles where userid = '" & lblUserid.Text & "'"
cmd = New MySqlCommand(q2, con)
cmd.ExecuteNonQuery()
dr = cmd.ExecuteReader
If dr.HasRows Then
dr.Read()
txtFirst.Text = dr("lastname")
txtLast.Text = dr("firstname")
txtAddress.Text = dr("address")
End If
dr.Close()
con.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
Finally
con.Dispose()
End Try`
I use below code but it gives error on sentence icount = cmd.ExecuteNonQuery
cn.Open()
str = "SELECT [srno],[caste]FROM [SchoolERP].[dbo].[caste] where (caste ='" + (TextBox1.Text) + "')"
cmd = New SqlCommand(str, cn)
dr1 = cmd.ExecuteReader()
If Not dr1.HasRows Then
str = "INSERT INTO [SchoolERP].[dbo].[caste]([caste])VALUES('" + TextBox1.Text + "')"
cmd = New SqlCommand(str, cn)
icount = cmd.ExecuteNonQuery
MessageBox.Show(icount)
Else
MsgBox("Record Exists")
cn.Dispose()
End If
cn.Close()
Try always calling the Close method when you have finished using the DataReader object.
dr1.Close();
Another optionis to turn on MARS , in your connection string just add "MultipleActiveResultSets=True;"
Try this:
Try
insert data in combobox
cmd.Connection = con
cmd.CommandText = "select name from party"
dr = cmd.ExecuteReader()
cb_ms.Items.Add("---Select---")
cb_ms.SelectedIndex = 0
While dr.Read() 'get error here.'
cb_ms.Items.Add(dr("name"))
End While
dr.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
You could just close the datareader before the 2nd query, but it's better still to get this all into a single query in the first place. Moreover, you really need to close that awful sql injection issue.
Try this to fix both issues:
Dim sql As String = _
"IF NOT EXISTS
(
SELECT 1 FROM [SchoolERP].[dbo].[caste] where (caste = #caste )
)
BEGIN
INSERT INTO [SchoolERP].[dbo].[caste]([caste])VALUES( #caste)
END"
Using cn As New SqlConnection("connection string here"), _
cmd As New SqlCommand(sql, cn)
'Use actual columnn type from the database here
cmd.Parameters.Add("#caste", SqlDbType.NVarChar, 50).Value = TextBox1.Text
cn.Open()
icount = cmd.ExecuteNonQuery()
MessageBox.Show(icount)
End Using
Use Try.. Catch.. Finally... End Try somehing like this:
Try
cn.Open()
str = "SELECT [srno],[caste]FROM [SchoolERP].[dbo].[caste] where (caste ='" + (TextBox1.Text) + "')"
cmd = New SqlCommand(str, cn)
dr1 = cmd.ExecuteReader()
If Not dr1.HasRows Then
str = "INSERT INTO [SchoolERP].[dbo].[caste]([caste])VALUES('" + TextBox1.Text + "')"
cmd = New SqlCommand(str, cn)
icount = cmd.ExecuteNonQuery
MessageBox.Show(icount)
Else
MsgBox("Record Exists")
cn.Dispose()
End If
cn.Close()
Catch error As Exception
........
Finally
dr1.Close
End Try
I got Answer ... i only close connection before icount = cmd.ExecuteNonQuery this sentence and again open connection...and its works..
thanks disha..
I am trying a paramatized search to prevent sql injection. However the error
"No value given for one or more required parameters". comes
Dim sql As String
Call connect()
con.Open()
sql = "Select * from Records where Customer_ID=#CustomerID"
cmd.Parameters.AddWithValue("#CustomerID", Txt_Customer_ID.Text)
cmd = New OleDbCommand(sql, con)
dr = cmd.ExecuteReader
While dr.Read
Txt_Customer_ID.Text = dr(0)
Txt_Customer_Name.Text = dr(1)
Txt_Customer_Contact.Text = dr(2)
Txt_Delivery_Method.Text = dr(3)
Txt_Reference.Text = dr(4)
End While
con.Close()
The Customer_ID field in the database is a text type and I need to know how to finish this search without running into the error
Got the answer! Thank you to everyone who tried
cmd.Parameters.AddWithValue("#CustomerID", Txt_Customer_ID.Text)
line must be below
cmd = New OleDbCommand(sql, con)
Here is the code that works
Dim sql As String
Call connect()
con.Open()
sql = "Select * from Records where Customer_ID=#CustomerID"
cmd = New OleDbCommand("Select * from Records where Customer_ID=#CustomerID", con)
cmd.Parameters.AddWithValue("#CustomerID", Txt_Customer_ID.Text)
dr = cmd.ExecuteReader
While dr.Read
Txt_Customer_ID.Text = dr(0)
Txt_Customer_Name.Text = dr(1)
Txt_Customer_Contact.Text = dr(2)
Txt_Delivery_Method.Text = dr(3)
Txt_Reference.Text = dr(4)
End While
con.Close()
Change the order like this
cmd = New OleDbCommand(sql, con)
cmd.Parameters.AddWithValue("#CustomerID", Txt_Customer_ID.Text)