I use ODP.NET (not managed).
I have an update sqlstring for set BLOB and DateTime fields.
I want update BLOB field to "EMPTY_BLOB" too using ODP.NET, and the same parameter :pDATOS.
My sql string:
public const string SqlStringUpdate = "UPDATE " + SqlTableName + " SET "
+ "DATOS=:pDATOS, FECHAEMPAQUETADO=:pFECHAEMPAQUETADO "
+ "WHERE (ID_DESPLIEGUE = :pID_DESPLIEGUE OR :pID_DESPLIEGUE IS NULL)";
I use OracleParameter like this:
oracleParameter = new Oracle.DataAccess.Client.OracleParameter();
oracleParameter.ParameterName = "pDATOS";
oracleParameter.OracleDbType = Oracle.DataAccess.Client.OracleDbType.Blob;
oracleParameter.Direction = ParameterDirection.Input;
myCommand.Add(oracleParameter);
Any suggestions?
Create a new OracleBlob with nothing in it and bind that. It will be an empty blob.
Related
I need to execute 2 sql queries here. for this purpose i have using 2 sqlcommands here.but I think that it is not the right way. Code duplication is the main prbl.so how to Handel this. Or this is the right way?
string UserStatus = "update Users SET Status=0";
SQLiteCommand setStatusCmd = new SQLiteCommand(StatusQuery);
setStatusCmd.CommandType = CommandType.Text;
setStatusCmd.Connection = sqlconnection;
setStatusCmd.ExecuteNonQuery();
string UpdateQuery = ("UPDATE Users SET password ='" + password + "', + "' WHERE name = '" + userName + "'; ");
SQLiteCommand updateCmd = new SQLiteCommand(userUpdateQuery);
updateCmd.CommandType = CommandType.Text;
updateCmd.Connection = sqlconnection;
updateCmd.ExecuteNonQuery();
I have this vb.net function:
Function CheckBillingRun(customer, type, month, year)
Dim conn = New MySqlConnection()
Dim myCommand As New MySqlCommand
Dim reader As MySqlDataReader
Dim SQL As String
Dim result As String
conn.ConnectionString = "server=" + global_variables.web_server_ip + "; user id=" + global_variables.web_server_username + "; password=" + global_variables.web_server_password + "; database=" + global_variables.web_server_database + "; "
conn.Open()
SQL = "SELECT COUNT(sequence) from billing_runs WHERE customer = '" + customer + "' AND type = '" + type + "' AND MONTH(datetime) = '" + month + "' AND YEAR(datetime) = '" + year + "' "
myCommand.Connection = conn
myCommand.CommandText = SQL
reader = myCommand.ExecuteReader
reader.Read()
result = reader.GetString(0)
conn.Close()
Return result
End Function
I am trying to call it in my application using this code:
If CheckBillingRun(reader.GetString(0), "Voice Billing", DateTime.Now.ToString("MM"), DateTime.Now.ToString("yyyy") > 0) Then
Continue While
End If
reader.getstring(0) equals 278
but i am getting an error saying:
Additional information: Conversion from string "SELECT COUNT(sequence) from bill" to type 'Double' is not valid.
The string concatenation operators in VB.NET are & or +, but if you use the + operator and you have Option Strict Off set for your project you could have surprises like this. The compiler knows that one or more of the your parameters passed to this function are not strings but number, and in this context the + operator tries to convert everything to a number. Try to use the & operator to concatenate strings.
Said that, DO NOT CONCATENATE strings to build sql commands.
Use a parameterized query to avoid Sql Injection and other parsing problems.
For example, your code could be something like this
Function CheckBillingRun(ByVal customer as String , ByVale type as String, _
ByVal month as Integer, ByVal year as Integer) as Integer
Dim SQL = "SELECT COUNT(sequence) from billing_runs " & _
"WHERE customer = #customer AND type = #type " & _
"AND MONTH(datetime) = #month AND YEAR(datetime) = #year"
Using conn = New MySqlConnection()
Using myCommand As New MySqlCommand(SQL, conn)
Dim result As Integer = 0
conn.ConnectionString = "......."
conn.Open()
myCommand.Parameters.Add("#customer", MySqlDbType.VarChar).Value = customer
myCommand.Parameters.Add("#type", MySqlDbType.VarChar).Value = type
myCommand.Parameters.Add("#month", MySqlDbType.Int).Value = month
myCommand.Parameters.Add("#year", MySqlDbType.Int).Value = year
Using reader = myCommand.ExecuteReader
if reader.Read() Then
result = reader.GetInteger(0)
End If
End Using
Return result
End Using
End Using
End Function
call it with
CheckBillingRun(reader.GetString(0), "Voice Billing", _
DateTime.Now.Month, DateTime.Now.Year)
In this version every variable used has its type specified to avoid any possible unwanted automatic conversion by the compiler. Notice also that COUNT returns a number, not a string. Treating numbers like they were strings is a bad habit to dismiss as soon as possible. Look at your project properties an try what happen if you set the Option Strict to ON
If the first parameter of your method CheckBillingRun accepts double, you should use the method Convert.ToDouble() to convert the value from a string to double, like this:
instead if
If CheckBillingRun(reader.GetString(0), .....
do the following:
If CheckBillingRun(Convert.ToDouble(reader.GetString(0)), .....
All the best.
I want to concat(add to what already exist) to an access cell using the text from a vb.net textbox. I tried using UPDATE but I'm getting a syntax error. This is what I tried so far
Dim ds As New DataSet()
Dim ConnectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\equip_full.mdb;Jet OLEDB:Database Password=matt"
Dim db As String = "Update INTO Equipment set TypeItem = ISNULL(TypeItem, '') & #EquipmentItem WHERE EquipmentCat = #category"
Using cn As New OleDbConnection(ConnectionString)
Using cmd = New OleDbCommand(db, cn)
cn.Open()
cmd.Parameters.Add("#EquipmentItem", OleDbType.VarWChar).Value = Form4.TextBox1.Text & ";"
cmd.Parameters.Add("#category", OleDbType.VarWChar).Value = Me.item_text.Text
Using reader = cmd.ExecuteReader()
'some code...
End Using
End Using
End Using
The correct syntax for an Update query is
UPDATE tablename SET field=value, field1=value1,.... WHERE condition
Then you need to remove that INTO that is used in the INSERT queries
Dim db As String = "Update Equipment set TypeItem = .... " &
"WHERE EquipmentCat = #category"
After fixing this first syntax error, then you have another problem with ISNull
ISNull is a boolean expression that return true or false.
If you want to replace the null value with an empty string you need the help of the IIF function that you could use to test the return value of ISNull and prepare the base string to which you concatenate the #Equipment parameter.
Something like this
Dim db As String = "Update Equipment " & _
"set TypeItem = IIF(ISNULL(TypeItem),'', TypeItem) & #EquipmentItem " & _
"WHERE EquipmentCat = #category"
I am trying to retrieve a single integer value. There will always be one and only one record in the DB for this select. I want to connect, retrieve store and display this value. is this executescalar the way to go?
Dim sqlquery As String
Dim ConnectionString As String
ConnectionString = "Server=" + ServerName + "\" + InstanceName + "; Database=" + DatabaseName + "; User Id=" + UserId + ";Password=" + Password + ";"
sqlquery = "SELECT severity FROM from dbo.SettingsSub where SEB_SettingsID = 'Severity"
'Connect
Using conn As SqlConnection = New SqlConnection(ConnectionString)
conn.Open()
Using comm As SqlCommand = New SqlCommand(sqlquery, conn)
CurrentSeverity = Convert.ToInt32(comm.ExecuteScalar())
txtCurrentSeverity.Text = CurrentSeverity
conn.Close()
End Using 'comm
"There will always be one and only one record in the DB for this select."
Even though you know that this is the case you should always use a "Select top 1" statement in this scenario as you never know what will happen in the future.
I have a function in VB.NET that runs a query from an MS SQL DB, puts the results into temporary variables, then updates an Oracle DB. My question is, if the string in the MS SQL contains a single quote ( ' ), how do I update the Oracle DB for something that has that single quote?
For example: Jim's request
Will produce the following error: ORA-01756: quoted string not properly terminated
The ueio_tmpALM_Comments (coming from MS SQL) is the culprit that may or may not contain the single quote.
update_oracle =
"update Schema.Table set ISSUE_ADDED_TO_ALM = '1'," & _
"ISSUE_COMMENTS = '" & ueio_tmpALM_Comments & "'," & _
"where ISSUE_SUMMARY = '" & ueio_tmpALM_Summary & "' "
Dim or_cmd_2 = New NetOracle.OracleCommand(update_oracle, OracleConn)
or_cmd_2.ExecuteNonQuery()
From your question it's clear that you are building the update query using string concatenation.
Something like this
Dim myStringVar as string = "Jim's request"
Dim sqlText as String = "UPDATE MYTABLE SET MYNAME = '" + myStringVar + "' WHERE ID = 1"
this is a cardinal sin in the SQL world. Your code will fail for the single quote problem, but the most important thing is that this code is subject to Sql Injection Attacks.
You should change to something like this
Dim cmd As OraclCommand = new OracleCommand()
cmd.Connection = GetConnection()
cmd.CommandText = "UPDATE MYTABLE SET MYNAME = :myName WHERE ID = 1"
cmd.CommandType = CommandType.Text
cmd.Parameters.AddWithValue(":myName", myStringVar)
cmd.ExecuteNonQuery()