syntax error in update statement vb.net - vb.net

I get error on updating. I am just new to this code. I would really appreciate any help.
Private Sub Save_Record()
Dim conn As New OleDbConnection
Dim cmd As New OleDbCommand
Dim sSQL As String = "SELECT * FROM Instructor"
Try
'get connection string declared in the Module1.vb and assing it to conn variable
conn = New OleDbConnection(Get_Constring)
conn.Open()
cmd.Connection = conn
cmd.CommandType = CommandType.Text
'I just use the textbox tag property to idetify if the data is new or existing.
sSQL = "UPDATE Instructor set fname = ?, lname =?, mname =? , [password] = ?, [level]=?, where Username = ?"
cmd.CommandText = sSQL
cmd.Parameters.AddWithValue("#p1", txtfname.Text)
cmd.Parameters.AddWithValue("#p2", txtlname.Text)
cmd.Parameters.AddWithValue("#p3", txtinitial.Text)
cmd.Parameters.AddWithValue("#p4", txtpass.Text)
cmd.Parameters.AddWithValue("#p5", lbllevel.Text)
cmd.Parameters.AddWithValue("#p6", txtusername.Text)
cmd.ExecuteNonQuery()
MsgBox("Data has been save.")
Catch ex As Exception
MsgBox(ErrorToString)
Finally
conn.Close()
End Try
End Sub

you have an additional coma just before where [level]=?, where Username. Try this
sSQL = "UPDATE Instructor set fname = ?, lname =?, mname =? , [password] = ?, [level]=? where Username = ?"

Related

Vb.Net 2010 - SQL Insert Command with autonumeric value

I'm looking to add a row with an autonumeric value using SQL.
I'm using Studio VB 2010. I have a very simple table with 2 fields:
ID Autonumeric
Model Text field.
constr = "INSERT INTO procedures VALUES('" & txtFName.Text & "')"
cmd = New OleDbCommand(constr, cn)
cn.Open()
Me.i = cmd.ExecuteNonQuery
A message says a parameter is missing,
so my question is...
How can I add in the SQL command this automatic value? (ID)
Should I get the last ID number and +1 ?? I think there's gotta be a simple way to do it.
Thank you.
Update #1
I am now trying parameterized queries as suggested...
I found this example,
Dim cmdText As String = "INSERT INTO procedures VALUES (?,?)"
Dim cmd As OleDbCommand = New OleDbCommand(cmdText, con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.Add("#a1", OleDbType.Integer).Value = 0
.Add("#a2", OleDbType.VarChar).Value = txtFName.Text
End With
cmd.ExecuteNonQuery()
con.Close()
But still, I'm geting a Syntaxis error.
Any thoughts?
Thanks to you all.
UPDATE #2
This code seems to work if I give the next ID number, but again, how can I do it automatically?
Dim cmdText As String = "INSERT INTO procedures VALUES (?,?)"
Dim cmd As OleDbCommand = New OleDbCommand(cmdText, con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.AddWithValue("#a1", OleDbType.Integer).Value = 3
.AddWithValue("#a2", OleDbType.VarChar).Value = txtFName.Text
End With
cmd.ExecuteNonQuery()
con.Close()
Any comments? Thanks again.
UPDATE #3 This Code gives me Syntaxis Error
I just put my only one column to update, the second one is the autonumber column, as I was told to try.
Dim Con As OleDbConnection = New OleDbConnection(dbProvider & dbSource)
Dim SQL_command As String = "INSERT INTO procedures (procedure) VALUES ('Model')"
Dim cmd As OleDbCommand = New OleDbCommand(SQL_command, Con)
Try
Con.Open()
cmd.ExecuteNonQuery()
Catch ex As Exception
Throw ex
Finally
Con.Close()
Con.Dispose()
End Try
UPDATE #4 - SOLUTION
I'm putting this code in here in case someone finds it useful.
dbProvider = "PROVIDER=Microsoft.ACE.OLEDB.12.0;Persist Security Info=False;"
dbSource = "Data Source = c:\gastrica\dabase.accdb"
Con.ConnectionString = dbProvider & dbSource
Dim Con As OleDbConnection = New OleDbConnection(dbProvider & dbSource)
Dim SQL_command As String = "INSERT INTO [procedures] ([procedure]) VALUES (?)"
Dim cmd As OleDbCommand = New OleDbCommand(SQL_command, Con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.AddWithValue("#procedure", OleDbType.VarChar).Value = txtFName.Text
End With
Try
Con.Open()
cmd.ExecuteNonQuery()
Dim varProcedure As String = cmd.Parameters("#procedure").Value.ToString()
MessageBox.Show("Record inserted successfully. Procedure = " & varProcedure)
Catch ex As Exception
Throw ex
Finally
Con.Close()
End Try
Thanks all for your comments and help.
You need to specify the columns:
INSERT INTO procedures (columnname, columnname2) VALUES ('test', 'test');
Here is a sql fiddle showing an example:
http://sqlfiddle.com/#!9/3cf706/1
Try this one:
constr = "INSERT INTO procedures (ID, Model) VALUES (0,'" & txtFName.Text & "')"
'or (not sure)
constr = "INSERT INTO procedures (Model) VALUES ('" & txtFName.Text & "')"
When use 0 as value, in autonumeric fields SQL insert the next number
Thanks for your answers.
I couldnĀ“t do it, it gives me errors. So I end up with a single variable reaching the next Auto Value. Using a simple SQL command.
And then, everything runs good.
vNextAuto = GetDB_IntValue("SELECT TOP 1 * FROM procedures ORDER BY ID DESC", "ID") + 1
Dim SQL_command As String = "INSERT INTO procedures VALUES (?,?)"
Dim cmd As OleDbCommand = New OleDbCommand(SQL_command, Con)
cmd.CommandType = CommandType.Text
With cmd.Parameters
.AddWithValue("#id", OleDbType.Integer).Value = vNextAuto
.AddWithValue("#a2", OleDbType.VarChar).Value = txtFName.Text
End With
Try
Con.Open()
cmd.ExecuteNonQuery()
'Dim id As String = cmd.Parameters("#id").Value.ToString()
'MessageBox.Show("Record inserted successfully. ID = " & id)
Catch ex As Exception
Throw ex
Finally
Con.Close()
Con.Dispose()
End Try

Visual basic System.Data.OleDb.OleDbException: 'No value given for one or more required parameters.'

I'm trying to make a login form and keep getting this error:
Visual basic System.Data.OleDb.OleDbException: 'No value given for one
or more required parameters.'
I'm using an access database with vb and everything is spelled correctly but I keep getting this error?
Private Sub Btn_Login_Click(sender As Object, e As EventArgs) Handles Btn_Login.Click
If DbConnect() Then
Dim SQLCmd As New OleDbCommand
With SQLCmd
.Connection = cn
.CommandText = "Select * From Tbl_Staff Where (Username = #sUsername) and (Password = #sPassword)"
.Parameters.AddWithValue("#sUsername", Txt_Username.Text)
.Parameters.AddWithValue("#sPassword", Txt_Password.Text)
Dim rs As OleDbDataReader = .ExecuteReader()
If rs.Read Then
PublicFirstname = rs("Firstname")
PublicStaffID = rs("StaffID")
'PublicAccessLevel = rs("AccessLevel")
frmMainMenu.Show()
Else
MsgBox("Sorry, incorrect log in details entered")
End If
rs.Close()
EDIT:
Changed my code but still getting the same error:
If DbConnect() Then
Using SQLCmd As New OleDbCommand
With SQLCmd
.Connection = cn
.CommandText = "Select * From Tbl_Staff Where (Username = ?) and ([Password] = ?)"
.Parameters.Add("#sUsername", OleDbType.VarChar).Value = Txt_Username.Text
.Parameters.Add("#sPassword", OleDbType.VarChar).Value = Txt_Password.Text
Using rs As OleDbDataReader = .ExecuteReader()
If rs.Read Then
Else
MsgBox("Sorry, incorrect log in details entered")
End If
rs.Close()
End Using
End With
End Using
End If
I see two problems here.
OleDbCommand does not support named parameters with CommandType set to Text.The order they are supplied is substantial.
PASSWORD is a reserved word in ms-access.Put it in square brackets.
Other things to enhance.
Use Using for the OleDbCommand and the OleDbDataReader.
Don't store passwords in clear-text.
So your code should look like following:
Using SQLCmd As New OleDbCommand
With SQLCmd
.Connection = cn
.CommandText = "Select * From Tbl_Staff Where (Username = ?) and ([Password] = ?)"
.Parameters.Add("#sUsername", OleDbType.VarChar).Value = Txt_Username.Text
.Parameters.Add("#sPassword", OleDbType.VarChar).Value = Txt_Password.Text
Using rs As OleDbDataReader = .ExecuteReader()
If rs.Read Then
Else
MsgBox("Sorry, incorrect log in details entered")
End If
rs.Close()
End Using
End With
End Using
EDIT:
As the column names are not Username and Password but sUsername and sPassword, you have to change the CommandText as follows:
.CommandText = "Select * From Tbl_Staff Where (sUsername = ?) and (sPassword = ?)"

ADD SQL QUERY STAT

I'm trying to update the records from textboxes into the Access database, I'm wondering every time I hit save, it generates an error
An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll
Additional information: No value given for one or more required parameters.
Highlighting .ExecuteNonQuery()
What does it mean? It's preventing me to run my code :(
Private Sub SaveButton_Click(sender As Object, e As EventArgs) Handles SaveButton.Click
Dim empNum As String
Dim empFname As String
Dim empLname As String
Dim empDept As String
Dim empStat As String
Dim empYears As String
empNum = eNumText.Text
empFname = empFnameText.Text
empLname = empLnameText.Text
empDept = DeptText.Text
empStat = StatText.Text
empYears = yearstext.Text
con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source= c:\Databse\Company_db.accdb"
con.Open()
Dim SqlAdapter As New OleDbDataAdapter
Dim Table As New DataTable
Dim sqlQuery As String = "UPDATE tbl_empinfo " & _
"SET FirstName=empFname, LastName=empLname, Department=empDept, " & _
"Status=empStat, Years=empYears " & _
"WHERE empID=empNum"
Dim cmd As New OleDbCommand
With cmd
.CommandText = sqlQuery
.Connection = con
.Parameters.AddWithValue("FirstName", empFname)
.Parameters.AddWithValue("LastName", empLname)
.Parameters.AddWithValue("Department", empDept)
.Parameters.AddWithValue("Status", empStat)
.Parameters.AddWithValue("Years", empYears)
.ExecuteNonQuery()
End With
Using cmd2 = New OleDbCommand(sqlQuery, con)
cmd.Parameters.AddWithValue("FirstName", empFname)
cmd.Parameters.AddWithValue("LastName", empLname)
cmd.Parameters.AddWithValue("Department", empDept)
cmd.Parameters.AddWithValue("Status", empStat)
cmd.Parameters.AddWithValue("Years", empYears)
cmd.ExecuteNonQuery()
End Using
sqlQuery = "SELECT * FROM tbl_empinfo "
Dim cmd1 As New OleDbCommand
Dim da As New OleDbDataAdapter
With cmd1
.CommandText = sqlQuery
.Connection = con
With SqlAdapter
.SelectCommand = cmd1
.Fill(Table)
End With
With DataGridView1
.DataSource = Table
End With
End With
con.Close()
End Sub
You are trying to set an UPDATE command text for the SelectCommand of the Adapter. This, of course has no way to be successful. Last but not least the UPDATE command text doesn't contain a WHERE clause, and so, if executed, it updates every record in the table tbl_empinfo with the same data.
In this context there is no need to use an adapter. You could simply execute the command, providing an appropriate WHERE clause and the values for the other parameters
Dim sqlQuery As String = "UPDATE tbl_empinfo " & _
"SET FirstName=?, LastName=?, Department=?, " & _
"Status=?, Years=? " & _
"WHERE empID=?"
Dim cmd As New OleDbCommand
With cmd
.CommandText = sqlQuery
.Connection = con
.Parameters.AddWithValue("#p1", empFName)
.Parameters.AddWithValue("#p2", empLName)
.Parameters.AddWithValue("#p3", empDept)
.Parameters.AddWithValue("#p4", empStat)
.Parameters.AddWithValue("#p5", empYears)
.Parameters.AddWithValue("#p6", empNum)
.ExecuteNonQuery()
End With
After this you could call the code that reloads the data to fill your grid
sqlQuery = "SELECT * FROM tbl_empinfo"
Dim cmd1 As New OleDbCommand
Dim da As New OleDbDataAdapter
Dim Table As New DataTable
With cmd1
.CommandText = sqlQuery
.Connection = con
With da
.SelectCommand = cmd1
.Fill(Table)
End With
With DataGridView1
.DataSource = Table
End With
End With
Notice that I have changed the name of the command and the adapter to a less confusing names. SqlCommand And SqlDataAdapter are the names of the classes equivalent to the OleDbCommand and OleDbDataAdapter but used for Sql Server. At first sight I was thinking that you were trying to use the SqlClient classes to update an MS-Access database.

VB.NET: SQL Parameters (Update)

I'm trying to update some values but it seems that there is a problem with my code.
Dim con As New OleDbConnection
Dim id As Integer = Main.Passes.Items.Count + 1
Try
con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= ...\database.mdb"
con.Open()
Catch ex As Exception
MsgBox("There was a problem connection to database.", MsgBoxStyle.Critical)
End Try
Dim objCmd As OleDbCommand
Dim strSQL As String
strSQL = "UPDATE passwords SET website= #website, username= #username, password= #password, dates= #datenow, notes= #notes WHERE id= #id"
objCmd = New System.Data.OleDb.OleDbCommand(strSQL, con)
objCmd.Parameters.AddWithValue("#website", txtURL.Text)
objCmd.Parameters.AddWithValue("#username", txtUser.Text)
objCmd.Parameters.AddWithValue("#password", txtPass.Text)
objCmd.Parameters.AddWithValue("#datenow", txtDate.Text)
objCmd.Parameters.AddWithValue("#notes", txtNotes.Text)
objCmd.Parameters.AddWithValue("#id", id)
objCmd.ExecuteNonQuery()
con.Close()
The error I get is: Syntax error in UPDATE statement.
Try enclose your column names in `` (backticks). I guess password column is the culprit, probably a keyword.

ORA-01036: illegal variable name/number - Insert Query

I am getting the ORA-01036: illegal variable name/number error in my vb.net application
Please take a look and help me.
Thanks in advance.
Dim sSQL As String
sSQL = "INSERT INTO PSLSC_PSL_NOMINATION ( NOMINATION_ID, NOM_TYPE, PROPOSED_STATUS, COMMODITY_TEAM, COMMODITY_DESC, COMMODITY_CODE, PARENT_ID, SUPPLIER_ID, SUPPLIER_NAME, ADDRESS, COUNTRY, TELEPHONE, CONTACT, WEBSITE, EMAIL, SPEND, TECHSOURCE_SCORE, ESAC_SCORE, PAYMENT_TERMS, MSA_CONTRACT, BUSA_CONTRACT, LEAN_CHAMPION, LEAN_CHAMPION_NAME, QUALITY, ON_TIME_DELIVERY, SUPPORTS_ESOURCING, COMPLIANCE_REQUIREMENT, FLEXIBILITY, CAP_MEET_DELIVERY_FREQ, NOMINATING_BUSINESS_UNIT, NOMINATING_REGION, OWNER, NOMINATED_DATE, COMMENTS, SENDER, SENDER_EMAIL )"
sSQL = sSQL & " VALUES ( :NOMINATION_ID,:NOM_TYPE,:PROPOSED_STATUS,:COMMODITY_TEAM,:COMMODITY_DESC,:COMMODITY_CODE,:PARENT_ID,:SUPPLIER_ID,:SUPPLIER_NAME,:ADDRESS,:COUNTRY,:TELEPHONE,:CONTACT,:WEBSITE,:EMAIL,:SPEND,:TECHSOURCE_SCORE,:ESAC_SCORE,:PAYMENT_TERMS,:MSA_CONTRACT,:BUSA_CONTRACT,:LEAN_CHAMPION,:LEAN_CHAMPION_NAME,:QUALITY,:ON_TIME_DELIVERY,:SUPPORTS_ESOURCING,:COMPLIANCE_REQUIREMENT,:FLEXIBILITY,:CAP_MEET_DELIVERY_FREQ,:NOMINATING_BUSINESS_UNIT,:NOMINATING_REGION,:OWNER,:NOMINATED_DATE,:COMMENTS,:SENDER,:SENDER_EMAIL )"
Dim obj_id As Decimal
obj_id = getNewSRM_OBJ_ID(cn_SRM)
Dim cn As OracleConnection = New OracleConnection(cn_proc)
Dim cmd As OracleCommand = New OracleCommand(sSQL, cn)
cmd.Parameters.Add(":NOMINATION_ID", obj_id)
cmd.Parameters.Add(":NOM_TYPE", row.NOM_TYPE)
cmd.Parameters.Add(":PROPOSED_STATUS", row.PROPOSED_STATUS)
cmd.Parameters.Add(":COMMODITY_TEAM", row.COMMODITY_TEAM)
cmd.Parameters.Add(":COMMODITY_DESC", row.COMMODITY_DESC)
cmd.Parameters.Add(":COMMODITY_CODE", row.COMMODITY_CODE)
cmd.Parameters.Add(":PARENT_ID", row.PARENT_ID)
cmd.Parameters.Add(":SUPPLIER_ID", row.SUPPLIER_ID)
cmd.Parameters.Add(":SUPPLIER_NAME", row.SUPPLIER_NAME)
cmd.Parameters.Add(":ADDRESS", row.ADDRESS)
cmd.Parameters.Add(":COUNTRY", row.COUNTRY)
cmd.Parameters.Add(":PHONE", row.PHONE)
cmd.Parameters.Add(":CONTACT", row.CONTACT)
cmd.Parameters.Add(":WEBSITE", row.WEBSITE)
cmd.Parameters.Add(":EMAIL", row.EMAIL)
cmd.Parameters.Add(":SPEND", row.SPEND)
cmd.Parameters.Add(":TECHSOURCE_SCORE", row.TECHSOURCE_SCORE)
cmd.Parameters.Add(":ESAC_SCORE", row.ESAC_SCORE)
cmd.Parameters.Add(":PAYMENT_TERMS", row.PAYMENT_TERMS)
cmd.Parameters.Add(":MSA_CONTRACT", row.MSA_CONTRACT)
cmd.Parameters.Add(":BUSA_CONTRACT", row.BUSA_CONTRACT)
cmd.Parameters.Add(":LEAN_CHAMPION", row.LEAN_CHAMPION)
If Not row.IsLEAN_CHAMPION_NAMENull Then
cmd.Parameters.Add(":LEAN_CHAMPION_NAME", row.LEAN_CHAMPION_NAME)
Else
cmd.Parameters.Add(":LEAN_CHAMPION_NAME", System.DBNull.Value)
End If
cmd.Parameters.Add(":QUALITY", row.QUALITY)
cmd.Parameters.Add(":ON_TIME_DELIVERY", row.ON_TIME_DELIVERY)
cmd.Parameters.Add(":SUPPORTS_ESOURCING", row.SUPPORTS_ESOURCING)
cmd.Parameters.Add(":COMPLIANCE_REQUIREMENT", row.COMPLIANCE_REQUIREMENT)
cmd.Parameters.Add(":FLEXIBILITY", row.FLEXIBILITY)
cmd.Parameters.Add(":CAP_MEET_DELIVERY_FREQ", row.CAP_MEET_DELIVERY_FREQ)
cmd.Parameters.Add(":NOMINATING_BUSINESS_UNIT", row.NOMINATING_BUSINESS_UNIT)
cmd.Parameters.Add(":NOMINATING_REGION", row.NOMINATING_REGION)
cmd.Parameters.Add(":OWNER", row.OWNER)
cmd.Parameters.Add(":NOMINATED_DATE", row.NOMINATED_DATE)
cmd.Parameters.Add(":COMMENTS", row.COMMENTS)
cmd.Parameters.Add(":SENDER", row.SENDER)
cmd.Parameters.Add(":SENDER_EMAIL", row.SENDER_EMAIL)
Try
cn.Open()
cmd.CommandType = CommandType.Text
cmd.ExecuteNonQuery()
Catch ex As Exception
LOG_ERROR(ex.Message, sSQL, cn.ConnectionString, ex.Source)
End Try
You can also get this error when you omit the bind variable reference from the SQL but you create a Parameter for it. Ask me how I know this.
Example taken from above that might repro it (notice "PROPOSED_STATUS" is not in the SQL but is being added as Parameter:
sSQL = "INSERT INTO PSLSC_PSL_NOMINATION ( NOMINATION_ID, NOM_TYPE ) VALUES ( :NOMINATION_ID,:NOM_TYPE )"
Dim obj_id As Decimal = getNewSRM_OBJ_ID(cn_SRM)
Dim cn As OracleConnection = New OracleConnection(cn_proc)
Dim cmd As OracleCommand = New OracleCommand(sSQL, cn)
cmd.Parameters.Add(":NOMINATION_ID", obj_id)
cmd.Parameters.Add(":NOM_TYPE", row.NOM_TYPE)
cmd.Parameters.Add(":PROPOSED_STATUS", row.PROPOSED_STATUS)
Try
cn.Open()
cmd.CommandType = CommandType.Text
cmd.ExecuteNonQuery()
Catch ex As Exception
LOG_ERROR(ex.Message, sSQL, cn.ConnectionString, ex.Source)
End Try