VB.Net using & _ to carry to next line - vb.net

Error Error 1 Operator '&' is not defined for types 'String' and 'System.Windows.Forms.TextBox'.
What is wrong with this????!??
SQL = "UPDATE ATG_PP_QTE_HEAD SET " & _
"PART = '" & txtPart.Text & "', " & _
"LOCATION = '" & txtLoc.Text & "', " & _
"DESCRIPTION = '" & txtDescription.Text & "', " & _
"CUSTOMER = '" & txtCustID.Text & "', " & _
"CONTACT_NAME = '" & txtContactName.Text & "', " & _
"CONTACT_PHONE = '" & txtPhone.Text & "', " & _
"CONTACT_EMAIL = '" & txtEmail.Text & "', " & _
"LEAD_TIME = '" & txtLead.Text & "', " & _
"SETUP = " & txtSetup.Text & ", " & _
"WEIGHTPP = " & txtPCWT.Text & ", " & _
"NOTES = '" & txtNotes.Text & "', " & _
"LAST_MODIFIED = '" & DateTime.Now & "', " & _
"LABOR_RATE = " & txtLabor.Text & ", " & _
"OVERHEAD = " & txtOH.Text & ", " & _
"GA = " & txtGA.Text & ", " & _
"SORT_CODE = '" & txtSortCode.Text & "', " & _
"REFERENCE = '" & txtReference.Text & "', " & _
"PL = '" & txtPL.Text & "', " & _
"CUST_DRAW_NO = '" & txtCustDraw.Text & "', " & _
"COMMISSION = " & txtCommission.Text & ", " & _
"PCWT = " & txtPCWT & _
"WHERE QUOTE_ID = " & txtQuoteID.Text

What is wrong with this????!??
Quite a bit, actually. But let's start with the error itself...
On this line:
"PCWT = " & txtPCWT & _
You're trying to concatenate a TextBox to a String. As the error states, you can't do that. Perhaps you meant to use the .Text property:
"PCWT = " & txtPCWT.Text & _
Now, what else is wrong?
First, your code is highly vulnerable to SQL injection attacks. You're going to want to use parameterized queries instead of executing user input as code.
Second, using parameterized queries will make the code a lot easier to read and support, which will make errors like this much easier to find.
Third, on this line there's a significant potential for bugs:
"LAST_MODIFIED = '" & DateTime.Now & "', " & _
Using parameterized queries will remove the culture-dependent string representations from the query and use the actual DateTime data in the query. And you should also get into the habit of using DateTime.UtcNow instead, as having a consistent non-timezone-dependent value is going to make things a lot easier when you have to deal with multiple time zones.

Related

Access VBA using SQL UPDATE

I'm using two Access databases (front end and back end).
My code for query work, but I get it to work with updating the database. What am I doing wrong?
I get a runtime error 3078 for the DoCmd.RunSQL strSql on line 25.
Set cnn = CreateObject("ADODB.Connection")
strConnection = "Provider=Microsoft.ACE.OLEDB.12.0;" & _
"Data Source=" & CurrentProject.Path & "\DB_Cryk.accdb"
cnn.Open strConnection
MemberID = txtMemberID.Value
strSql = "UPDATE Cryk " & _
"SET Membership = '" & txtMembership.Value & "', " & _
" Memberstatus = '" & txtMemberstatus.Value & "', " & _
" Membername = '" & txtMembername.Value & "', " & _
" Memberaddress = '" & txtMemberaddress.Value & "', " & _
" Memberzip = '" & txtMemberzip.Value & "', " & _
" Membercity = '" & txtMembercity.Value & "', " & _
" Memberphone = '" & txtMemberphone.Value & "', " & _
" Membermail = '" & txtMembermail.Value & "', " & _
" Memberyear = '" & txtMemberyear.Value & "', " & _
" Dateofbirth = '" & txtDateofbirth.Value & "', " & _
" Memberno = '" & txtMemberno.Value & "', " & _
" Memberfee = '" & txtMemberfee.Value & "', " & _
" Memberpayment = '" & txtMemberpayment.Value & "'" & _
"WHERE MemberID= '" & MemberID & "'"
DoCmd.RunSQL strSql
cnn.Close
Set cnn = Nothing
Error 3078 indicates that the target table does not exist in your database.
Note that, although you open an ADO connection to the database DB_Cryk.accdb, you execute your SQL statement using the DoCmd.RunSQL method, which operates on the current database.
Instead, if you want the SQL to be executed in your DB_Cryk.accdb database, you should use the Execute method of the ADODB Connection object, e.g.:
cnn.Execute strsql
Where query parameterization is concerned, you may wish to refer to this superb answer, specifically, the 'Using ADO' section.

VB.NET - Inserting/Deleting via ODBC Connection

I'm connecting to an AS/400 by an ODBC connection. I'm getting wacky errors when I try to insert and delete from the file. First, the format I've found for constructing a query stirng was like this:
"DELETE FROM <library>.<filename> WHERE <field> = <value>"
So, based on that, I wrote this:
"DELETE FROM RM#AVLIB.AV90909JWB WHERE MBR_NUM = " & mbr_num
It threw an error about not liking the DELETE, oddly enough, but I got it to go away if I removed the library altogether:
"DELETE FROM AV90909JWB WHERE MBR_NUM = " & mbr_num
I'm guessing it just didn't like the # symbol and worked without the library because my default library is the same one I'm using here. But now I'm getting an error in my INSERT that says:
ERROR [22003][Micro Focus][RUMBA Data Access][S1023934]Numeric value out of range. SQLCODE = -420
After running through all the values I'm passing, I didn't see any values that were longer than the field length so I'm not sure where this is coming from.
Here's my code as it sits now:
delQry = "DELETE FROM AV90301JWB WHERE MBR_CD = '" & MBR_CD & "' AND LOC_CD = '" & LOC_CD & "' AND PRP_ITM = '" & PRP_ITM & "'"
pushQry = "INSERT INTO AV90301JWB ( " & _
"MBR_NUM, " & _
"LOC_CD, " & _
"AVBLD_CLMT, " & _
"ADDRESS1, " & _
"ADDRESS2, " & _
"CITY, " & _
"STATE, " & _
"ZIPCODE, " & _
"AVBLD_DOS, " & _
"CNST_QLTY, " & _
"SEISMIC, " & _
"WIND, " & _
"AVBLD_DSC, " & _
"AVBLD_DSC1, " & _
"AVBLD_DSC2, " & _
"AVBLD_DSC3, " & _
"MISC_ADJ, " & _
"SEC_ID, " & _
"AVCOS_RC, " & _
"YR_BUILT, " & _
"NBR_STORY, " & _
"SQR_FT, " & _
"SUBCLASS, " & _
"OCC_CD1, " & _
"OCC_DSC1, " & _
"OCC_PCT1, " & _
"STORY_HT1, " & _
"OCC_CD2, " & _
"OCC_DSC2, " & _
"OCC_PCT2, " & _
"STORY_HT2, " & _
"OCC_CD3, " & _
"OCC_DSC3, " & _
"OCC_PCT3, " & _
"STORY_HT3, " & _
"OCC_CD4, " & _
"OCC_DSC4, " & _
"OCC_PCT4, " & _
"STORY_HT4, " & _
"OCC_CD5, " & _
"OCC_DSC5, " & _
"OCC_PCT5, " & _
"STORY_HT5, " & _
"HEAT_SYS, " & _
"COOL_SYS, " & _
"PWALL_EXT, " & _
"ROOF_MAT, " & _
"SPRINKLER, " & _
"MANL_FIRE, " & _
"AUTO_FIRE, " & _
"CNST_PCT1, " & _
"CNST_PCT2, " & _
"CNST_PCT3, " & _
"CNST_PCT4, " & _
"CNST_PCT5) " & _
"VALUES (" & _
"'" & MBR_NUM & "', " & _
"'" & LOC_CD & "', " & _
"'" & AVBLD_CLMT & "', " & _
"'" & ADDRESS1 & "', " & _
"'" & ADDRESS2 & "', " & _
"'" & CITY & "', " & _
"'" & STATE & "', " & _
"'" & ZIPCODE & "', " & _
"'" & AVBLD_DOS.ToShortDateString() & "', " & _
"'" & CNST_QLTY & "', " & _
"'" & SEISMIC & "', " & _
"'" & WIND & "', " & _
"'" & AVBLD_DSC & "', " & _
"'" & AVBLD_DSC1 & "', " & _
"'" & AVBLD_DSC2 & "', " & _
"'" & AVBLD_DSC3 & "', " & _
"'" & MISC_ADJ & "', " & _
"'" & SEC_ID & "', " & _
"" & Math.Round(AVCOS_RC, 2, MidpointRounding.AwayFromZero) & ", " & _
"'" & YR_BUILT & "', " & _
"'" & NBR_STORY & "', " & _
"'" & SQR_FT & "', " & _
"'" & SUBCLASS & "', " & _
"'" & OCC_CD1 & "', " & _
"'" & OCC_DSC1 & "', " & _
"'" & OCC_PCT1 & "', " & _
"'" & STORY_HT1 & "', " & _
"'" & OCC_CD2 & "', " & _
"'" & OCC_DSC2 & "', " & _
"'" & OCC_PCT2 & "', " & _
"'" & STORY_HT2 & "', " & _
"'" & OCC_CD3 & "', " & _
"'" & OCC_DSC3 & "', " & _
"'" & OCC_PCT3 & "', " & _
"'" & STORY_HT3 & "', " & _
"'" & OCC_CD4 & "', " & _
"'" & OCC_DSC4 & "', " & _
"'" & OCC_PCT4 & "', " & _
"'" & STORY_HT4 & "', " & _
"'" & OCC_CD5 & "', " & _
"'" & OCC_DSC5 & "', " & _
"'" & OCC_PCT5 & "', " & _
"'" & STORY_HT5 & "', " & _
"'" & HEAT_SYS & "', " & _
"'" & COOL_SYS & "', " & _
"'" & PWALL_EXT & "', " & _
"'" & ROOF_MAT & "', " & _
"'" & SPRINKLER & "', " & _
"'" & MANL_FIRE & "', " & _
"'" & AUTO_FIRE & "', " & _
"'" & CNST_PCT1 & "', " & _
"'" & CNST_PCT2 & "', " & _
"'" & CNST_PCT3 & "', " & _
"'" & CNST_PCT4 & "', " & _
"'" & CNST_PCT5 & "')"
Dim connectionString As String = ConfigurationManager.AppSettings("iSeriesConnString")
Dim insCommand As New OdbcCommand(pushQry)
Dim delCommand As New OdbcCommand(delQry)
Dim da As New OdbcDataAdapter
Using myConn As New OdbcConnection(connectionString)
insCommand.Connection = myConn
delCommand.Connection = myConn
myConn.Open()
da.InsertCommand = insCommand
da.DeleteCommand = delCommand
da.DeleteCommand.ExecuteNonQuery()
da.InsertCommand.ExecuteNonQuery()
End Using
Does anyone see something I'm missing or have any ideas about how to find my issue?
Thanks!
The standard ANSI SQL way of escaping invalid characters in an identifier or to escape an identifier which conflicts with a reserved keyword is to put it in double quotes:
DELETE FROM "RM#AVLIB".AV90909JWB WHERE ...
Obviously one of the values you are inserting or you are using in the where clause exceeds the range defined for that column. E.g. if a column has been defined as NUMERIC(2), you cannot insert 100.
Also I strongly urge you to use command parameters instead of string concatenation: See https://stackoverflow.com/a/2092851/880990

Syntax error in UPDATE statement vb and ms.access as database

I am trying to make medical record application for my assignment. I found this error to edit data patient.
Please help and sorry for my bad grammar
Dim aksesedit As String = "Update tbpasien set " & _
"Nama_Pasien='" & txtnamapasien.Text & "', " & _
"Jenis_Kelamin='" & cmbjk.Text & "'," & _
"Tempat_Pasien='" & txttempatlahir.Text & "', " & _
"Tanggal_Lahir='" & tanggallahir.Text & "', " & _
"Alamat='" & txtalamat.Text & "', " & _
"Kelurahan_Desa='" & txtkeldesa.Text & "', " & _
"Kecamatan='" & txtkec.Text & "', " & _
"Kota_Kabupaten='" & txtkotakab.Text & "', " & _
"No_Telepon_HP='" & txtnotelp.Text & "', " & _
"Agama='" & cmbagama.Text & "', " & _
"Kewarganegaraan='" & cmbwarga.Text & "', " & _
"Status_Pernikahan='" & cmbstatus.Text & "', " & _
"Pekerjaan='" & txtpekerjaan.Text & "', " & _
"where No_RM='" & txtnorm.Text & "'"
cmd = New OleDbCommand(aksesedit)
cmd.Connection = conn
cmd.ExecuteNonQuery()
syntax error in update was on here
cmd.ExecuteNonQuery()
For "Tanggal_Lahir" i used datetimepicker, cmb=combobox, txt=textbox
Thanks
There should be no comma before the WHERE clause:
"Pekerjaan='" & txtpekerjaan.Text & "' " & _
"where No_RM='" & txtnorm.Text & "'"

VBA SQL Join Query

I am having troubles with a VBA SQL JOIN. I Keep Getting A "Join Expression Not Supported" Error. The Following Code Works In The Query Design View but seems to throw an error when in vba.
Dim Rs As DAO.RecordSet
Set Rs = CurrentDb.OpenRecordset( _
"SELECT Schools.ID, Schools.[School Name],Schools.Address, Schools.Postcode, Schools.[Principal name], " & _
"Schools.[E-Mail], Schools.Phone, Schools.Region, Schools.JTHE, Schools.[Social Status], Events.Program " & _
"FROM Schools INNER JOIN Events ON Schools.ID = Events.School WHERE ((Schools.Region = '" & RegionOne & _
"' Or Schools.Region = '" & RegionTwo "' Or Schools.Region = '" & RegionThree "' Or Schools.Region = '" & _
RegionFour "') AND (Schools.JTHE = " & JTHE1 & " Or Schools.JTHE = " & JTHE2 ") AND (Schools.[Social Status] = '" & _
StatusBox.Value "') AND (Events.Program = '" & ProgramBox.Value & "'));")
This Similar Query Works
Set Rs = CurrentDb.OpenRecordset("SELECT * FROM Schools WHERE " & _
"(((Schools.Region)='" & RegionOne & _
"' Or (Schools.Region)='" & RegionTwo & _
"' Or (Schools.Region)='" & RegionThree & _
"' Or (Schools.Region)='" & RegionFour & _
"') AND ((Schools.[Social Status])='" & StatusBox.Value & _
"') AND ((Schools.JTHE)=" & JTHE1 & " Or (Schools.JTHE)=" & JTHE2 & "));")
Any help would be greatly appreciated.
I'm not entirely sure why is that. It is hard to spot error when your doing it on VBA, unlike if your in an actual SQL Management studio where you can spot the lines that errors out. Nonetheless, you may try this:
Set Rs = CurrentDb.OpenRecordset( _
"SELECT Schools.ID, Schools.[School Name], Schools.Address, " & _
"Schools.Postcode, Schools.[Principal name], Schools.[E-Mail], " & _
"Schools.Phone, Schools.Region, Schools.JTHE, Schools.[Social Status], " & _
"Events.Program " & _
"FROM Schools " & _
"INNER JOIN Events " & _
"ON Schools.ID = Events.School " & _
"WHERE Schools.Region IN (" & _
"'" & RegionOne & "'," & _
"'" & RegionTwo & "'," & _
"'" & RegionThree & "'," & _
"'" & RegionFour & "') " & _
"AND Schools.JTHE IN (" & JTHE1 & ", " & JTHE2 & ") " & _
"AND Schools.[Social Status]='" & StatusBox.Value & "' " & _
"AND Events.Program='" & ProgramBox.Value & "';")
I formatted it as such to give you the story of the query (and that is how I will write it in SQL). Not really a direct to the point answer to your question but I just simplified your OR statements and instead uses IN. You might get a:
Too many continuous line error
So adjust the concatenation of strings. I have not tested this of course (although it compiles) but my goal is to give you idea on a possible way to do it. HTH.

Passing an Empty/Null Date variable in VBA to an SQL UPDATE statement

I have an excel userform with various textboxes, some are fields to enter dates. The user can then save their entries.
At this point, I connect to an access backend via an ADO connection. The values entered by a user are passes to an SQL string, e.g.
strSQL = "UPDATE tblDECONVERSION_DATA SET tblDECONVERSION_DATA.Status = '" & NewBusiness_WorkQueue.Decon_CaseStatus & "', " & _
"tblDECONVERSION_DATA.DMS = '" & NewBusiness_WorkQueue.Decon_DMS & "', " & _
"tblDECONVERSION_DATA.DateRecieved = #" & Format(NewBusiness_WorkQueue.Decon_DateRecieved, "mm/dd/yyyy") & "#, " & _
"tblDECONVERSION_DATA.WireDate = #" & Format(NewBusiness_WorkQueue.Decon_WireDate, "mm/dd/yyyy") & "#, " & _
"tblDECONVERSION_DATA.LastEditXID = '" & CurrUser & "', tblDECONVERSION_DATA.LastEditDate = #" & Now & "# " & _
"WHERE (((tblDECONVERSION_DATA.CaseID)=" & ID & "));"
adoRecSet.Open Source:=strSQL, ActiveConnection:=dbconnect, CursorType:=adOpenDynamic, LockType:=adLockOptimistic
However, some of the date fields can be left blank, meaning for example the NewBusiness_WorkQueue.Decon_DateRecieved variable being empty. This causes a syntax error. How can I pass a Null or Empty date variable in the SQL statement that both VBA and the access database will accept?
strSQL = "UPDATE tblDECONVERSION_DATA SET tblDECONVERSION_DATA.Status = '" & _
NewBusiness_WorkQueue.Decon_CaseStatus & "', " & _
"tblDECONVERSION_DATA.DMS = '" & NewBusiness_WorkQueue.Decon_DMS & "', " & _
"tblDECONVERSION_DATA.DateRecieved = " & _
DateOrNull(NewBusiness_WorkQueue.Decon_DateRecieved) & ", " & _
"tblDECONVERSION_DATA.WireDate = " & _
DateOrNull(NewBusiness_WorkQueue.Decon_WireDate) & ", " & _
"tblDECONVERSION_DATA.LastEditXID = '" & CurrUser & _
"', tblDECONVERSION_DATA.LastEditDate = #" & Now & "# " & _
"WHERE tblDECONVERSION_DATA.CaseID=" & ID & ";"
An example function:
Function DateOrNull(v) As String
Dim rv as String
If IsDate(v) Then
rv = " #" & Format(v, "mm/dd/yyyy") & "# "
Else
rv = " null "
End If
DateOrNull = rv
End Function