deleting records with parameter - vb.net

how do you add a parameter after this code so that I can delete the records ininteger data type: here is the code.
com = New OleDbCommand("DELETE * FROM Products WHERE Product = '" & DataGridView1.CurrentRow.Cells(0).Value.ToString & "'", con1)
I keep getting a message that the data type is mismatched

You have no WHERE clause in your SQL code. If you don't specify a WHERE clause then you are referring to every record. You have to use the WHERE clause to specify WHICH record to update. That's what the primary key is for.

You must need a Where clause in your SQL Statement to distinct the row for edit else it can change all.

You must use where clause in that it update only that record which you want..if you don't use where clause it update all records.
for more information of update you use this link

Related

Operation must use and updatable query. (Error 3073)

What is wrong with my logic below, is there any alternative to get calculatable column which will sum Balances for every unique KEY ?
Purpose: To create a summary column, calculation of Balances for each unique Key created ( Sort Code + Source Account) which will be used later to define whether acc type is Dr/Cr.
Code: below code should create summary column , but every time it triggers error depicted in attached screenshot.
***' Creating Sum of Balances based on Key , to differtiate Dr/Cr Account types
DoCmd.RunSQL "ALTER TABLE Output_File ADD Summing varchar(255)"
DoCmd.RunSQL "UPDATE Output_File SET Summing =" _
& "(SELECT SUM(Output_File.CURR_VALUE)" _
& " FROM Output_File GROUP BY Output_File.`UNIQUE KEYS`)"***
Error:
Error
In MS Access SQL, update queries must be updateable or not read-only. Any use of subqueries renders the query read-only. See Allen Browne's Why is my query read-only? One workaround is to use domain aggregates such as DSum available in Access SQL and VBA.
Ideally, too, consider using a saved query and avoid the need of building long SQL statements in VBA and have to worry about line breaks and concatenations. Below assumes UNIQUE KEYS is a number field. If text field, wrap in single quotes. If a date field, wrap in hashtags/pound symbols.
SQL (save as stored query)
UPDATE Output_File o
SET Summing = DSum("CURR_VALUE", "Output_File", "`UNIQUE KEYS` = " & o.`UNIQUE KEYS`)
VBA (reference above saved query)
DoCmd.OpenQuery "mySavedQuery" ' NO NEED TO CLOSE ACTION QUERIES
CurrentDb.Execute "mySavedQuery" ' ALTERNATIVE CALL

MS Access SQL Deleting record based on external table

I had a similar question regarding selecting records based on an external table (in an unlinked table):
Access SQL FROM IN and JOINS
This time I'm trying to delete records in an internal table based on criteria in an external one.
Private Sub Command0_Click()
Dim SQLstring As String
SQLstring = "Delete * FROM Testtable1 AS tnf WHERE ([Network Location].[Testtable2].[Customers] = tnf.[Customers]) AND ([Network Location].[Testtable2].[Contract] = '2003') Or ([Network Location].[Testtable2].[Active]='N');"
DoCmd.RunSQL (SQLstring)
End Sub
Its telling me that " is not a valid name and to check if theres invalid characters or punctuation or if its too long. I cant find anything that talks about SQL lengths but i'm pretty sure this isn't too long.
Is there something I'm missing about my SQl statement I've gone through it over and over and I'm not seeing an issue.
Should the WHERE clause have an Exists (Select) clause?
Am I missing something?
Since a delete query can only delete records from one table at a time, only one dataset can be referenced in the from clause. With your current query, you would need to reference testtable2 within the from clause, which would result in an invalid delete query.
As such, you'll instead need to use where exists with a subquery, e.g.:
delete from testtable1 as t1
where exists
(
select 1 from [Network Location].[Testtable2] t2
where t2.customers = t1.customers and (t2.contract = '2003' or t2.active = 'N')
)
I've also surrounded the or expression with parentheses, as I assume that it is the desired logic to delete records with a matching customers record and either of the other two conditions, rather than deleting any record for which t2.active = 'N' (since and has operator precedence over or).

update column with comma separated value

In my SQL table, I have a column named "user_id" with comma separated value like this: a,b,c,d and I just wonder how can I update this column without removing old values. I want to update this column to a,b,c,d,e and in other step to a,b,c,d,e,f.
I wrote this query, but it removes old values and does not not update values with comma separated list:
UPDATE multiusers SET user_id = '" . $userID . "' WHERE hwid = '" . $hwid."'
If you want to update a column and append a value just do :-
UPDATE multiusers
SET user_id = user_id + "new user"
WHERE hwid = $hwid
This just appends a value to the existing value in SQL SERVER db at least, other databases may have different concatenation methods. I think your questions points to a fundamental design issue in your database and I would suggest rethinking this.
You are treating a field as a table. Even when you can do, it's a very bad approach. You should have as many records on multiusers table as userid's you have. But if you insist in your approach then you will have to create a quite complex query to retrieve the value of userid field, move to an array and compare it with the new value to make sure you doesn't insert duplicates in the field. Something like a cursor may work for you.

Adding ' at the start of each row of a table through sql

I have a column called "product-code". These are all populated. I am wanting to do a query that will insert a ' at the start of each field and then another query to add a ' at the end of the field.
So for example at the moment a product code might be fmx-2, after the query I would want it to look like 'fmx-22'
I am looking to do this for all the data sets within the table. I am using Microsoft Access
Thanks
In Microsoft Access you can use & char to concatenate string, and your query could be something similar:
update my_table set product_code = "'" & product_code & "'";

Unable to select values when using a parameter for the column name

Try
Using connection As New SqlConnection(ConnectionString)
connection.Open()
SQL = "SELECT #PARAM FROM SystemOps"
sqlCmd = New SqlClient.SqlCommand(SQL, connection)
sqlCmd.Parameters.Add(New SqlClient.SqlParameter("#PARAM", SqlDbType.VarChar)).Value = "SystemNavn"
' .. and so on...
When I run the code, it returns with a result of "SystemNavn" (which is the name of the column in the table), instead of the value of that column in the current row. What am I doing wrong?
You cannot use parameter names for column names, or any other SQL syntax. You can only use parameters as placeholders for literal values. Parameters always get replaced with the literal form for the value, so in your example, the command which is being run, essentially, gets evaluated as:
SELECT 'SystemNavn` FROM SystemOps
In order to have a variable column name, like that, I would recommend dynamically building the SQL string, like this:
Dim columnName As String = "SystemNavn"
SQL = "SELECT [" & columnName & "] FROM SystemOps"
However, by doing so, you are opening yourself up to potential SQL-injection attacks, so you need to be careful. The safest way, that I'm aware of, to avoid an attack in a situation like this is to get the list of column names from the database and compare the columnName variable against that list to ensure that it is actually a valid column name.
Of course, if the column name never changes, then there's no reason to make it a variable at all. In that case, just hard-code it directly into the SQL command, thereby avoiding the necessity for parameters or variables at all:
SQL = "SELECT SystemNavn FROM SystemOps"
Your query doesn't need any parameters in this case. just do
SQL = "SELECT SystemNavn FROM SystemOps"
This is secure. If later you need to filter this, you can do something like:
SQL = "SELECT SystemNavn FROM SystemOps WHERE COL_A = #ColA"
FYI, for your code above, since it is a VARCHAR type, it is being executed like so:
SELECT 'SystemNavn' FROM SystemOps
That is why you're getting 'SystemNavn' back.
You cannot use a parameter to specify the name of a column or a table.
The parameters collection are used to specify the values to search for, to insert, to update or delete.
Your code should be changed to something like this
Using connection As New SqlConnection(ConnectionString)
connection.Open()
SQL = "SELECT SystemNavn, <other fiels if needed> " & _
"FROM SystemOps WHERE <keyfield_name> = #PARAM"
sqlCmd = New SqlClient.SqlCommand(SQL, connection)
sqlCmd.Parameters.AddWithValue("#PARAM", paramValue)
......
End Using
Of course the example above assumes that you have a WHERE clause, if you want to retrieve every value of the column SystemNavn without condition, then you don't need a parametrized query because every part of your sql command is provided by you and there is no worry for sql injection.