Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I already create a table Audit. When I try to insert table using this script:
sql = "Insert into "& myAudit &" (Date, Time, AuditCode , DetailsCode, CurData1, CurData2, CurData3, PrevData1, PrevData2 , PrevData3 , StaffID) values ('"& myTarikh &"','"& myMasa & "','" & myAuditCode & "', '" & myDetailsCode & "','"& myCurData1 &"','" & myCurData2 & "','" & myCurData3 & "','" & myPrevData1 & "','" & myPrevData2 & "','" & myPrevData3 & "', '" & myUserID &"')"
It diplays:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Oracle][ODBC][Ora]ORA-00904: "STAFFID": invalid identifier
How to fix this error?
STOP, use parameterized queries! Your current code is vulnerable for hackers and errors when using ' in one of the fields. Use something like this:
string query = "insert into myAudit (date, time, auditcode, ...) values (?, ?, ?, ...)";
OdbcCommand command = new OdbcCommand(query, connection);
command.Parameters.Add("?").Value = myTarikh;
command.Parameters.Add("?").Value = myMasa;
command.Parameters.Add("?").Value = myAuditCode;
Note the use of ?, since ODBC doesn't support parameter names, so the order of parameters matters!
Second, the issue is in the StaffID field, that doesn't seem to exist in your audit table.
Related
I am for the first time posting question in this platform. Currently, I am running into a problem of executing my assignment of online shopping database. When I try to register an account into it, it always pops up a window say run-time 3134 error, syntax error in INSERT INTO statement. I was trying any possibilities in order to solve the problem but it won't work. So, any solution to counter this problem? Thanks for your many helping. 😊
Here is my codes:
CurrentDb.Execute "INSERT INTO Login table (FirstName,LastName,Gender,UserName,Password,Email,Phone) VALUES ('" & Me.FirstName & "','" & Me.LastName & "','" & Me.Gender & "','" & Me.UserName & "', '" &
Me.Password & "','" & Me.Email & "','" & Me.Phone & "')"
Presuming that the table you're trying to INSERT INTO is named Login Table, you have a space in the table name, which means any time you reference that table you need to surround it in square brackets.
CurrentDb.Execute "INSERT INTO [Login table]` (FirstName,LastName,Gender,UserName,Password,Email,Phone) VALUES ('" & Me.FirstName & "','" & Me.LastName & "','" & Me.Gender & "','" & Me.UserName & "', '" &
Me.Password & "','" & Me.Email & "','" & Me.Phone & "')"
This is one of the main problems with naming your table with spaces. Also, Login table is an especially bad name - you already know it's a table, so why do you need to repeat that information in the table name? And if you insist on using table names that are more than one word, you should use an underscore rather tha a space (like Login_table) to reduce the work involved with every query and prevent problems like the one you're having here.
Consider using a stored query that points to the form controls as parameters and avoid VBA variable concatenation and quote punctuation. Also, query design in Access GUI does not allow users to save query with syntax errors.
SQL
Adjust myForm to actual form name.
INSERT INTO [Login table]
(FirstName,
LastName,
Gender,
UserName,
Password,
Email,
Phone)
VALUES
(Forms!myForm!FirstName,
Forms!myForm!LastName,
Forms!myForm!Gender,
Forms!myForm!UserName,
Forms!myForm!Password,
Forms!myForm!Email,
Forms!myForm!Phone)
VBA
No need to close action queries and add SetWarnings to avoid update prompts.
DoCmd.SetWarnings False
DoCmd.OpenQuery "mySavedAppendQuery"
DoCmd.SetWarnings True
Password is a reserved word, so:
CurrentDb.Execute "INSERT INTO [Login table] (FirstName,LastName,Gender,UserName,[Password],Email,Phone) ...
I have just found that the the table had a field that was using a reserved name Note. By placing it in `` quotes (Note) fixed the issue.
I am still developing my School management system. I want to create a multiple username and password for my system. But I am getting a Runt ime error 31314 on the Insert statement.
CurrentDb.Execute "INSERT INTO users(Username,Password,Email,Mobile,UserType) VALUES('" & Me.uname & "', '" & Me.upass & "', '" & Me.uemail & "', '" & Me.umobile & "', '" & Me.utype & "',)"
You can/should use a temporary parameter query:
The sql statement looks much more clear
It takes care of datatypes (no 's necessary)
It prevents SQL Injection
With CurrentDb().CreateQueryDef(vbNullString, _
"INSERT INTO users (Username, [Password], Email, Mobile, UserType) VALUES (p1, p2, p3, p4, p5)")
.Parameters("p1").Value = Me.uname
.Parameters("p2").Value = Me.upass
.Parameters("p3").Value = Me.uemail
.Parameters("p4").Value = Me.umobile
.Parameters("p5").Value = Me.utype
.Execute dbFailOnError
End With
If you want you can rename the parameters p1 to p5 to more describing names i.e. pUName and so on.
You have a trailing comma here:
"INSERT INTO users(Username,Password,Email,Mobile,UserType) VALUES('" & ... & Me.utype & "',)"
Trailing commma ---------------------------------------------------------------------------^
You should also surround the Password field with square brackets, since this is a reserved word in MS Access:
INSERT INTO users (Username, [Password], Email, Mobile, UserType)
So I'm setting up a database in MS Access 2010 (first time doing this). I can't seem to get the syntax of the SQL statement right. I want to take the data I have entered into a data entry form and insert a new row into a table, with that data. All of this using SQL in the VBA editor (only code I have available, all others are blocked)
Private Sub Add_Click()
Dim sSQL As String
sSQL = "INSERT INTO Data (Type, Name, Quantity, Amount, Class, Series, Client, Date1, Date2) VALUES " & _
"('" & Me!txtType & "','" & Me!txtName & "'," & Me!txtQuantity & "," & Me!txtAmount & ",'" & Me!txtClass & "','" & Me!txtSeries & "','" & Me!txtClient & "'," & Me!date1 & "," & Me!date2 & ")"
Debug.Print sSQL
CurrentDb.Execute sSQL
End Sub
So i Get the following error when i run the code, from the VBA editor :
"Run-time error '3134':
Syntax error in INSERT INTO statement."
And the printout of the SQL statement looks correct :
INSERT INTO Data (Type, Name, Quantity, Amount, Class, Series, Client, Date1, Date2)
VALUES ('Purhcase', 'TV', 500, 100, '', '', ' Bob', 05.08.2019, 05.08.2019)
Found the answer :
turns out one of the names of my data fields was a reserved word, therefore i simply put them all into [] and it solved the issue.
Thanks anyways for the help guys!
Private Sub cmdSave_Click()
'CHECKING FOR VALID QUANTITY ENTERED BY USER'
If IsNull(Me![INCOMING_QTY]) And IsNull(Me![OUTGOING_QTY]) Then
MsgBox "Must Enter Valid Quantity."
Me!INCOMING_QTY.SetFocus
'VERIFYING THAT WORKORDER IS NEW'
ElseIf DCount("BASE_ID", "DBO_Paint_Room", "BASE_ID = '" & Me!BASE_ID & "' AND PART_ID = '" & Me!PART_ID & "'") = 0 Then
'INSERTING NEW WORKORDER INTO SQL TABLE FROM FORM FIELDS'
CurrentDb.Execute "INSERT INTO [DBO_Paint_Room] ([BASE_ID],[PART_ID],[DESCRIPTION],[USER_1],[DESIRED_QTY],[DESIRED_WANT_DATE],[RECEIVED_QTY],[CURRENT_QTY],[LAST_UPDATE_DATE]) " _
& "VALUES ('" & Me![BASE_ID] & "','" & Me![PART_ID] & "','" & Me![DESCRIPTION] & "','" & Me![USER_1] & "'," & Me![DESIRED_QTY] & "," & Nz(Me![DESIRED_WANT_DATE], "Null") & "," & Me![RECEIVED_QTY] & "," & Nz(Me![INCOMING_QTY], "Null") & ",NOW())"
This is the top portion of a Sub that inserts data into SQL Server tables. I built this code offsite with Access 2010 and SQL Server Express 2014. It runs fine in that environment, but when I copied the code into a fresh instance of Access 2007 onsite, it doesn't do anything. No errors and no insert, nothing. I modified it to use a saved "SQLstr" and DoCmd.RunSQL, but then it throws a type mismatch error. Can anyone give me some insight as to what I'm doing wrong? The SQL table design source code is exactly the same as in the test version. The ODBC connection uses the standard SQL Server Driver.
Just went with DoCmd.OpenQuery and a saved Access insert query. It works now.
I am getting the error above saying that I cannot explicitly define the identity column without doing these things however, I am not trying to set the value of the identity column. I am merely trying to execute a basic insert statement using user input. I'm really stuck and need to get past this. Thoughts?
Public Sub ExecuteSQL(ByVal sql As String)
Using myConnection As New Data.SqlClient.SqlConnection(connString)
myConnection.Open()
Using cdmDatabaseCommand As New Data.SqlClient.SqlCommand(sql, myConnection)
cdmDatabaseCommand.ExecuteNonQuery()
End Using
End Using
End Sub
Dim insertSpray As String = ""
insertSpray = "INSERT INTO Spray VALUES ('" & sprayDate & "','" & timeStart & "','" & timeFinish & "','" & tankVolumeStart & "','" & tankVolumeFinish & "','" & comment & "','" & vehicleId & "','" & vehicleTime & "','" & siteType & "','" & area & "','" & applicatorOneId & "','" & applicatorTwoId & "','" & sprayLocationFeature & "','" & sprayStartLocationDescription & "','NULL','NULL','NULL','NULL','" & sprayEndLocationDescription & "');"
ExecuteSQL(insertSpray)
You're not specifying a column-list, so SQL Server assumes you want to insert into all columns, in table-order.
You need to change your syntax to specify the names of the columns you're inserting into (and leave out the identity column, obviously):
insert into Spray (SprayDate, TimeStart, ...)
values (...
Also note that your code is vulnerable to SQL injection attacks. You should look into using parameterized queries.
Try to explicitly make the columns of table Spray without the identity column.
Something like this:
insertSpray = "INSERT INTO Spray(Column1, Column2,...) VALUES (Value1,Value2,..)"