I don't know where I should put the semicolon. Here's my code:
Try
cn.Open()
Dim query As String = "INSERT INTO CheckoutTable(PatientID,_Name,_Age,_Gender,_Phone,_Address,_Disease,_DateIN,_DateOUT,_Building,_RoomNo,_RoomType,_UnitPrice,_Status,_MASP,_Price) VALUES('" & txtPID.Text & "','" & txtName.Text & "','" & txtAge.Text & "','" & cmbGender.Text & "','" & txtPhone.Text & "','" & txtAddress.Text & "','" & txtDisease.Text & "',' " & txtDI.Text & " ',' " & txtDO.Text & " ','" & txtRT.Text & "','" & txtBuilding.Text & "','" & txtRN.Text & "',' " & txtMNS.Text & " ',' " & txtUnitPrice.Text & " ',' " & cmbStatus.Text & " ','" & txtPrice.Text & "')" & _
"DELETE From RegistrationTable where [_Name]='" & ListBox1.Text & "'" & _
"Select * from RegistrationTable"
Dim cmds As New OleDbCommand
With cmds
.CommandText = query
.Connection = cn
.ExecuteNonQuery()
End With
MsgBox("Checkout Success", MsgBoxStyle.Information)
cn.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
Try
cn.Open()
Dim insertQuery as String = "INSERT INTO CheckoutTable(PatientID,_Name,_Age,_Gender,_Phone,_Address,_Disease,_DateIN,_DateOUT,_Building,_RoomNo,_RoomType,_UnitPrice,_Status,_MASP,_Price) " & _
"VALUES(#PatientID, #Name, #Age, #Gender, #Phone, #Address, #Disease , #DateIn, #DateOut, #Building, #RoomNo, #RoomType, #UnitPrice, #Status, #MASP, #Price) "
Dim deleteQuery as String = "DELETE From RegistrationTable where [_Name]= #RegName "
Dim selectQuery as String = "Select * from RegistrationTable"
Dim insertCmd As New OleDbCommand
Dim deleteCmd as New OleDbCommand
With insertCmd
.Connection = cn
.CommandText = insertQuery
.Parameters.AddWithValue("#PatientID", txtPID.Text)
.Parameters.AddWithValue("#Name", txtName.Text)
.Parameters.AddWithValue("#Age", txtAge.Text)
.Parameters.AddWithValue("#Gender", cmbGender.Text)
.Parameters.AddWithValue("#Phone", txtPhone.Text)
.Parameters.AddWithValue("#Address", txtAddress.Text)
.Parameters.AddWithValue("#Disease", txtDisease.Text)
.Parameters.AddWithValue("#DateIn", txtDI.Text)
.Parameters.AddWithValue("#DateOUT", txtDO.Text)
.Parameters.AddWithValue("#Building", txtBuilding.Text)
.Parameters.AddWithValue("#RoomNo", txtRN.Text)
.Parameters.AddWithValue("#RoomType", txtRT.Text)
.Parameters.AddWithValue("#UnitPrice", txtUnitPrice.Text)
.Parameters.AddWithValue("#MASP", txtMNS.Text)
.Parameters.AddWithValue("#Status", cmbStatus.Text)
.Parameters.AddWithValue("#Price", txtPrice.Text)
.ExecuteNonQuery()
End With
With deleteCmd
.Connection = cn
.CommandText = deleteQuery
.Parameters.AddWithValue("#RegName", ListBox1.Text)
.ExecuteNonQuery()
End With
MsgBox("Checkout Success", MsgBoxStyle.Information)
cn.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
#StingyJack is right, I could break your db 6 ways from sunday if I had access to your interface as you're currently not doing ANYTHING to mitigate SQL injection. In addition to parameterizing your queries to protect against injection, I removed the need to HAVE a ; at the end of each DML statement in your query, by breaking them into separate commands. The select and displaying it's results, I leave to you.
Related
I have tried this code but the date format keeps staying the same when the record is entered
mysqlconn = New MySqlConnection
mysqlconn.ConnectionString =
Dim reader As MySqlDataReader
Try
mysqlconn.Open()
Dim query As String
query = "insert into jadco_test.adrv (id,type_adrv,date_discov,date_notif,pssd,psed,comment,hearing_date,sanction`enter code here`_sd,sanction_ed) values('" & Tbox_ID.Text & "','" & ComboBox_adrv.SelectedItem & "', '" & DateTimePicker_DD = DateTime.Now.ToString("yyyy-MM-dd") & "','" & DateTimePicker_DN.CustomFormat & "','" & DateTimePicker_pssd.CustomFormat & "','" & DateTimePicker_psed.CustomFormat & "', '" & TextBox_comment.Text & "','" & DateTimePicker_HD.CustomFormat & "','" & DateTimePicker_SSD.CustomFormat & "','" & DateTimePicker_SED.CustomFormat & "' )"
command = New MySqlCommand(query, mysqlconn)
reader = command.ExecuteReader
MessageBox.Show("record saved")
mysqlconn.Close()
Catch ex As MySqlException
MessageBox.Show(ex.Message)
Finally
mysqlconn.Dispose()
End Try
What do you think caused the error?
It worked before I added new fields in the MS Access database, was that the cause of the error
Dim conn As New
OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data
Source=C:\Users\JA\Documents\Sample_LogIn.accdb")
Dim insert As String = "Insert into Students values
('" & textID.Text & "', " &
"'" & textFirstName.Text & "', " &
"'" & textLastName.Text & "', " &
"'" & textPassword.Text & "')"
Dim cmd As New OleDbCommand(insert, conn)
conn.Open()
cmd.ExecuteNonQuery()
MsgBox("Successfully created new account.")
Me.Close()
Catch ex As Exception
MsgBox("Error encountered while creating new account." & vbCrLf &
"Ërror: " & ex.Message)
I'm using Visual Basic (VB 2010).
How do I insert multiple records to the database using MS Access 2007? My code is not working:
Private Sub Button4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button4.Click
If DataGridView1.Rows(0).Cells(0).Value = "" Then
MsgBox("Belum ada transaksi", MsgBoxStyle.Exclamation, "Informasi")
Exit Sub
End If
If TextBox6.Text = "" Then
MsgBox("Jumlah bayar belum diinput!", MsgBoxStyle.Exclamation, "Informasi")
Exit Sub
End If
On Error Resume Next
If RadioButton1.Checked Then
For baris As Integer = 0 To DataGridView1.Rows.Count - 2
Dim simpan As String = "Insert into TBL_JUALTUNAI (NomorFaktur,TglTransaksi,WaktuTransaksi,KodeBarang,NamaBarang,HargaSatuan,JumlahBeli,Total) values " & _
"('" & TextBox10.Text & "','" & TextBox11.Text & "','" & TextBox12.Text & "','" & DataGridView1.Rows(0).Cells(0).Value & "','" & DataGridView1.Rows(0).Cells(1).Value & "','" & DataGridView1.Rows(0).Cells(2).Value & "','" & DataGridView1.Rows(0).Cells(3).Value & "','" & DataGridView1.Rows(0).Cells(4).Value & "')"
CMD = New OleDbCommand(simpan, CONN)
CMD.ExecuteNonQuery()
Next baris
End If
If RadioButton2.Checked Then
Dim simpan1 As String = "Insert into TBL_PELANGGAN (NomorFaktur,TglTransaksi,WaktuTransaksi,NamaPelanggan,AlamatPelanggan,TelpPelanggan,KodeBarang,NamaBarang,HargaSatuan,JumlahBeli,Total) values " & _
"('" & TextBox10.Text & "','" & TextBox11.Text & "','" & TextBox12.Text & "','" & DataGridView1.Rows(0).Cells(7).Value & "','" & DataGridView1.Rows(0).Cells(8).Value & "','" & DataGridView1.Rows(0).Cells(9).Value & "','" & DataGridView1.Rows(0).Cells(0).Value & "','" & DataGridView1.Rows(0).Cells(1).Value & "','" & DataGridView1.Rows(0).Cells(2).Value & "','" & DataGridView1.Rows(0).Cells(3).Value & "','" & DataGridView1.Rows(0).Cells(4).Value & "')"
CMD = New OleDbCommand(simpan1, CONN)
CMD.ExecuteNonQuery()
End If
CMD = New OleDbCommand("select * from TBL_BARANG where KodeBarang='" & DataGridView1.Rows(0).Cells(0).Value & "'", CONN)
RD = CMD.ExecuteReader
RD.Read()
If RD.HasRows Then
Dim kurangistok As String = "update TBL_BARANG set StockBarang= '" & RD.Item(4) - DataGridView1.Rows(0).Cells(3).Value & "' where KodeBarang='" & DataGridView1.Rows(0).Cells(0).Value & "'"
CMD = New OleDbCommand(kurangistok, CONN)
CMD.ExecuteNonQuery()
End If
End Sub
End Class
With that code, you aren't going to insert multiple records at once. Each INSERT command will only insert one row, so you have to use multiple INSERT commands for multiple rows.
If I'm understanding you correctly, you have a DataGridView where there multiple rows, and you want to insert the selected rows, yes?
Correct me if I'm wrong, but what you should be doing is enumerating through the DataGridView's rows and insert a row to the database for each row in that DataGridView?
In that case, use a For Each loop to retrieve the rows (DataGridView1.Rows) and then execute your INSERT command in that loop.
Edit: In reply to your comment, I don't know the full context of your code, but I can get you started.
For Each dgvRow As DataGridViewRow In dgv.Rows
Dim myCommand As String = "INSERT INTO " 'From here, insert your parameters for that row. You can call on dgvRow.Cells.
CMD = New OleDbCommand(myCommand, CONN)
CMD.ExecuteNonQuery()
Next
Try
If functionmode = "ADD" Then
SQLStr = "INSERT INTO boatmast VALUES ('" & gBoatType & "','" & TxtBoatCode.Text & "','" & TxtBoatName.Text & "','" & Format(txtBP.Text, "##0.#0") & "','" & Format(txtBPM.Text, "##0.#0") & "','" & Format(txtLDA.Text, "##0.#0") & "','" & , 'bpk', '" & Today & "', '" & updtime & "', 'bpk', '" & Today & "', '" & updtime & "')"
End If
conn.Open()
SQLCmd.Connection = conn
SQLCmd.CommandText = SQLStr
SQLCmd.ExecuteNonQuery()
conn.Close()
Catch ex As OdbcException
MsgBox(ex.ToString)
Finally
conn.Close()
End Try
The problem is you call conn.Close() twice. Retain your Close connection on your finally block.
Try
If functionmode = "ADD" Then
//Supposed this is you columnNAmes //Set parameters
SQLStr = "INSERT INTO boatmast (gBoatType,BoatCode,BoatName,BP, BPM,LDA,bpk,Today,updtime,bpk2,Today2,updtime2) VALUES (#gBoatType,#BoatCode,#BoatName,#BP, #BPM,#LDA,#bpk,#Today,#updtime,#bpk2,#Today2,#updtime2)"
SQLCmd.Parameters.AddWithValue("#gBoatType",gBoatType)
//DO OTHER STUFF TIL #updtime2
conn.Open()
SQLCmd.Connection = conn
SQLCmd.CommandText = SQLStr
SQLCmd.ExecuteNonQuery()
End If
Catch ex As OdbcException
MsgBox(ex.ToString)
Finally
If conn.State = ConnectionState.Open Then conn.Close()
End Try
Regards
i want to insert two values into two tables of a sql database which i had created. In my vb.net code my problem is if i insert it get insterted but only in one table else sometimes it's not getting inside.
here is my code which i had used:
c = TextBox1.Text
sh = TextBox2.Text
ph = Val(TextBox3.Text)
ad = RichTextBox1.Text
ob = Val(TextBox4.Text)
con = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\Administrator\My Documents\Visual Studio 2005\Projects\SHOPPROJECT\SHOPPROJECT\shop.mdf;Integrated Security=True;User Instance=True")
con.Open()
str1 = " INSERT INTO CUSTOMER VALUES('" & c & " ' , '" & sh & "' ," & ph & ",'" & ad & "' ,'" & TextBox5.Text & "' ) "
str2 = "INSERT INTO BALANCE VALUES ('" & c & "', " & ob & ")"
cmd = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = str1
cmd.ExecuteNonQuery()
cmd.CommandText = str2
cmd.ExecuteNonQuery()
MsgBox("ITEM IS INSERTED", MsgBoxStyle.Information + MsgBoxStyle.OkOnly, "CUSTOMER ADDED")
TextBox1.Clear()
TextBox2.Clear()
TextBox3.Clear()
TextBox4.Clear()
TextBox5.Clear()
RichTextBox1.Clear()
You can actually do it in a single command and even wrap it in a transaction like this:
str1 = "begin tran; "
str1 &= "INSERT INTO CUSTOMER VALUES('" & c & " ' , '" & sh & "' ," & ph & ",'" & ad & "' ,'" & TextBox5.Text & "' ); "
str1 &= "INSERT INTO BALANCE VALUES ('" & c & "', " & ob & "); "
str1 &= "commit tran; "
cmd = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = str1
cmd.ExecuteNonQuery()
Next you need to use try/catch on a SqlServerException to see what is going wrong. Something like:
try
' all your sql code
catch (sqlex as SqlException)
MessageBox.Show(sqlex.Message)
Also read up on SQL injection.
You don't need to use different string variable to insert the values. You can do it like this:
str1 = " INSERT INTO CUSTOMER VALUES('" & c & " ' , '" & sh & "' ," & ph & ",'" & ad & "' ,'" & TextBox5.Text & "' );"
str1 & = "INSERT INTO BALANCE VALUES ('" & c & "', " & ob & ")"
cmd = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = str1
cmd.ExecuteNonQuery()