i want to update the data using textbox in a database but i get the error message. the error is "Incorrect syntax near '('."
below is the code for update data
hopefully u all can help me to solve the problem. Thanks :)
dbSource = "Data Source=LAILATUL-PC\SERVER;Initial Catalog=HotelManagementSystem;Integrated Security=True"
con = New SqlConnection(dbSource)
con.Open()
Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (#RoomCode, #RoomType, #RoomNo, #RoomPrice, #RoomStatus, #NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "
cmd = New SqlCommand(sqlUpdate)
cmd.Connection = con
cmd.Parameters.AddWithValue("#RoomCode", txtRoomCode.Text)
cmd.Parameters.AddWithValue("#RoomType", txtRoomType.Text)
cmd.Parameters.AddWithValue("#RoomNo", txtRoomNo.Text)
cmd.Parameters.AddWithValue("#RoomPrice", txtRoomPrice.Text)
cmd.Parameters.AddWithValue("#RoomStatus", txtRoomStatus.Text)
cmd.Parameters.AddWithValue("#NoOfOccupancy", txtNoOfOccupancy.Text)
cmd.ExecuteNonQuery()
MessageBox.Show("Successfully saved", "Record", MessageBoxButtons.OK, MessageBoxIcon.Information)
You are already using parameters don't forget the last one which could open your sql up to injection attacks.
Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = #RoomCode,
[Room_Type] = #RoomType, [Room_No] = #RoomNo, [Room_Price] = #RoomPrice
[Room_Status] = #RoomStatus, [No_of_Occupancy] = #NoOfOccupancy
WHERE [Room_Code] = #RoomCode"
Need to quote the room code text in the WHERE clause
Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (#RoomCode, #RoomType, #RoomNo, #RoomPrice, #RoomStatus, #NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "
Edit
Or better yet make that a parameter too.
I believe that this statement:
Dim sqlUpdate As String = "UPDATE [Room] SET ([Room_Code], [Room_Type], [Room_No], [Room_Price], [Room_Status], [No_of_Occupancy]) VALUES (#RoomCode, #RoomType, #RoomNo, #RoomPrice, #RoomStatus, #NoOfOccupancy WHERE [Room_Code] = " & txtRoomCode.Text & " ) "
needs to be rewritten as follows:
Dim sqlUpdate As String = "UPDATE [Room] SET [Room_Code] = #RoomCode, [Room_Type] = #RoomType, [Room_No] = #RoomNo, [Room_Price] = #RoomPrice, [Room_Status] = #RoomStatus, [No_of_Occupancy] = #NoOfOccupancy WHERE [Room_Code] = '" & txtRoomCode.Text & "' ) "
You have two problems. You didn't quote your txtRoomCode.txt value, and that's not the correct syntax for an UPDATE statement, unless I'm really confused.
Related
Hi im new to vb and I want to display in my msgbox the text and variable but I can't seem to figure it out. My code is
Data = "UPDATE [Mc_Koy].[dbo].[User] SET [Balance] = [Balance] - '" & txt_fare.Text & "'WHERE [ID] = '" & txtbox_id.Text & "'"
Command = New SqlCommand(Data, Connection)
Command.ExecuteNonQuery()
Dim Data1 As String = "SELECT [Balance] FROM [Mc_Koy].[dbo].[User] Where [ID] = '" & txtbox_id.Text & "'"
Dim Command1 As New SqlCommand(Data1, Connection)
Command1.ExecuteNonQuery()
Dim dr As SqlDataReader
dr = Command1.ExecuteReader
With dr
.Read()
Dim f As Double
MsgBox("Current Balance is ", .Item(0))
.Close()
End With
But when I run it it only display the message "Current Balance is: "
I think you want to append it to the string, so use &:
MsgBox("Current Balance is " & .Item(0))
I'm using a query to pull data from an SQL database, at times the last dropdown im using to get the record i'm looking for has a single quote, when it does I get the following error: Incorrect syntax near 's'. Unclosed quotation mark after the character string
This is the code I have:
Using objcommand As New SqlCommand("", G3SqlConnection)
Dim DS01 As String = DDLDS01.SelectedItem.Text
Dim State As String = DDLState.SelectedItem.Text
Dim Council As String = DDLCouncil.SelectedItem.Text
Dim Local As String = DDLLocal.SelectedItem.Text
Dim objParam As SqlParameter
Dim objDataReader As SqlDataReader
Dim strSelect As String = "SELECT * " & _
"FROM ConstitutionsDAT " & _
"WHERE DS01 = '" & DS01 & "' AND STATE = '" & State & "' AND COUNCIL = '" & Council & "' AND LOCAL = '" & Local & "' AND JURISDICTION = '" & DDLJurisdiction.SelectedItem.Text & "' "
strSelect.ToString.Replace("'", "''")
objcommand.CommandType = CommandType.Text
objcommand.CommandText = strSelect
Try
objDataReader = objcommand.ExecuteReader
DDLJurisdiction.Items.Add("")
While objDataReader.Read()
If Not IsDBNull(objDataReader("SUBUNIT")) Then
txtSubUnit.Text = (objDataReader("SUBUNIT"))
End If
If Not IsDBNull(objDataReader("DS02")) Then
lblDS02.Text = (objDataReader("DS02"))
End If
If Not IsDBNull(objDataReader("LEGISLATIVE_DISTRICT")) Then
txtALD.Text = (objDataReader("LEGISLATIVE_DISTRICT"))
End If
If Not IsDBNull(objDataReader("REGION")) Then
txtRegion.Text = (objDataReader("REGION"))
End If
If DDLState.SelectedItem.Text <> "OTHER" Then
If Not IsDBNull(objDataReader("UNIT_CODE")) Then
txtUnitCode.Text = (objDataReader("UNIT_CODE"))
End If
End If
End While
objDataReader.Close()
Catch objError As Exception
OutError.Text = "Error: " & objError.Message & objError.Source
Exit Sub
End Try
End Using
Not all records contain a single quote, only some, so i'd need something that would work if a single quote is present or not.
Thanks.
Your problem is this line here:
strSelect.ToString.Replace("'", "''")
This is changing your WHERE clause from something like
WHERE DS01 = 'asdf' AND ...
To:
WHERE DS01 = ''asdf'' AND ...
You need to do the replace on the individual values in the where clause, not on the whole select statement.
What you should really be doing is using a parameterized query instead.
Update: added same link as aquinas because it's a good link
Use parameterized queries, and only EVER use parameterized queries. See: How do I create a parameterized SQL query? Why Should I?
This is my code:
Dim job As String = TextBoxJobNum.Text
Dim idws As Integer
sqlQuery = "UDATE Equipment SET JobHistory = JobHistory+'" & job & "' WHERE ID = '" & idws & "'"
Dim sqlCmd1 As New SqlCommand(sqlQuery, sqlConn)
If sqlConn.State = ConnectionState.Closed Then sqlConn.Open()
For Each row As DataGridViewRow In DataGridViewEquip.Rows
idws = CInt(row.Cells(0).Value)
sqlCmd1.ExecuteNonQuery()
Next
If sqlConn.State = ConnectionState.Open Then sqlConn.Close()
I get the error "Syntax error near '=' " I have searched everywhere but cant seem to find the
correct Syntax for this line. Any help would be greatly appreciated.
Looks to me like you are just missing a "P" in the word "UPDATE"
sqlQuery = "UPDATE Equipment SET JobHistory = JobHistory+'" & job & "' WHERE ID = '" & idws & "'"
Also I would recommend not setting parameters using string concatenation, but instead use parameters on a SqlCommand object. The reason for this is reducing potential problems such as additional escaping (if the "job" variable contains a "'" for example) or SQL injection.
I work with VB.NET (Windows Forms) and database in AS400 iSeries. I wont to make an Update in one table. I have this code:
query.Append("Update CLAIMSTATE ")
query.Append("SET CST_CODE = #cst_code, ")
query.Append("CST_LABEL = #cst_label, ")
query.Append("CST_POINTS = #cst_points ")
query.Append("WHERE CST_ID = #cst_id ")
Dim command As New OdbcCommand(query.ToString(), con)
command.Parameters.Add("#cst_id", OdbcType.BigInt).Value = row.Cells(0).Value
command.Parameters.Add("#cst_code", OdbcType.Char).Value = row.Cells(1).Value & ""
command.Parameters.Add("#cst_label", OdbcType.NVarChar).Value = row.Cells(2).Value & ""
command.Parameters.Add("#cst_points", OdbcType.Decimal).Value = row.Cells(3).Value
command.ExecuteNonQuery()
In this case I obtain this error:
ERROR [42000] [IBM][System i Access ODBC-Treiber][DB2 fur i5/OS]SQL0113 - Name #CST_CODE not allowed.
Can anybody help me?
Thank's in advance.
OdbcCommand doesn't support named parameters.
Dim command As OdbcCommand = con.CreateCommand()
command.CommandText = "UPDATE CLAIMSTATE " & _
"SET CST_CODE = ?, CST_LABEL = ?, CST_POINTS = ? WHERE CST_ID = ?"
command.Parameters.Add("#cst_code", OdbcType.Char).Value = row.Cells(1).Value & ""
command.Parameters.Add("#cst_label", OdbcType.NVarChar).Value = row.Cells(2).Value & ""
command.Parameters.Add("#cst_points", OdbcType.Decimal).Value = row.Cells(3).Value
command.Parameters.Add("#cst_id", OdbcType.BigInt).Value = row.Cells(0).Value
command.ExecuteNonQuery()
I am trying to update an Oracle Database record and i keep getting this error:
ORA-01704: string literal too long 5
I looked up that error and it seems that i have a limit of 4000 charters since i am using Oracle 10g. However, the prgblem is that its the same exact data i am putting back into that record so that is why i am unsure as to why its giving me that error for the same amount of data i took out of it.
Here is my update code:
Dim myCommand As New OracleCommand()
Dim ra As Integer
Try
myCommand = New OracleCommand("Update CSR.CSR_EAI_SOURCE Set STATUS_CODE = 'Blah', COMPLETE_DATE = '', DATA = '" & theData & "' WHERE EID = '81062144'", OracleConnection)
ra = myCommand.ExecuteNonQuery()
OracleConnection.Close()
Catch
MsgBox("ERROR" & Err.Description & " " & Err.Number)
End Try
I'm not sure if there is anything special you have to do in order to update a clob or not.
I extract the clob like so:
Dim blob As OracleClob = dr.GetOracleClob(9)
Dim theData As String = ""
theData = blob.Value
And it works just fine extracting but just not putting it back in.
Any help would be great!
David
UPDATE CODE
Dim OracleCommand As New OracleCommand()
Dim myCommand As New OracleCommand()
Dim ra As Integer
While dr.Read()
Dim blob As OracleClob = dr.GetOracleClob(9)
Dim theData As String = ""
theData = blob.Value
theData = Replace(theData, "…", " ")
Try
Dim strSQL As String
isConnected2 = connectToOracleDB2()
OracleConnection.Close()
If isConnected2 = False Then
MsgBox("ERRORConn: " & Err.Description & " " & Err.Number)
Else
myCommand.Connection = OracleConnection2
strSQL = "Update CSR.CSR_EAI_SOURCE Set STATUS_CODE = 'ERROR', COMPLETE_DATE = '', DATA = :1 WHERE EID = '" & theEID & "'"
myCommand.CommandText = strSQL
Dim param As OracleParameter = myCommand.Parameters.Add("", OracleDbType.Clob)
param.Direction = ParameterDirection.Input
param.Value = theData
Application.DoEvents()
ra = myCommand.ExecuteNonQuery()
Application.DoEvents()
OracleConnection2.Close()
Application.DoEvents()
End If
Catch
MsgBox("ERROR: " & Err.Description & " " & Err.Number)
OracleConnection2.Close()
End Try
End While
dr.Close()
OracleConnection.Close()
Do not hardcode the value into your SQL query. Instead wrap it in a parameter. Like this:
Dim strSQL As String
strSQL = "Update CSR.CSR_EAI_SOURCE Set STATUS_CODE = 'Blah', COMPLETE_DATE = '', DATA = :1 WHERE EID = '81062144'"
myCommand.CommandText=strSQL
And then:
Dim param As OracleParameter=myCommand.Parameters.Add("",OracleDbType.Clob)
param.Direction=ParameterDirection.Input
param.Value=blob.Value
You can (and should) of course add all other variables (status code, complete date, eid) of your query as parameters, too, instead of hard-coding them into your SQL.
Varchar2 in sql has a limitations of 4000 characters. This limitation does not apply to the data stored in a varchar column. You need to convert this to pl\sql or specify some other column type. ( I am not a php expert. So I cannot provide any sample, just the reason for your error).
Essentially you need to specify the data type as clob while executing the bind query. Otherwise it will default to varchar2 and the above limitation will apply.