What is the most efficient way to insert multiple records into an Access DB with VB.net?
I have a list of objects with multiple properties which are the values for an INSERT query and I want to know can I insert them all together instead of looping through the list of objects, building the query string and executing the queries one by one which is very slow.
Rough example of what I have:
For Each Val In ValueList
ValueString = Val.X.ToString & ", "
ValueString += Val.Y.ToString & ", "
ValueString += Val.Z.ToString
SQLValueList.Add(ValueString)
Next
Dim cmd As OleDb.OleDbCommand
Dim strConnection As String
Dim strSql As String = Nothing
strConnection = _
"Provider=Microsoft.ACE.OLEDB.12.0;" & _
"Data Source=C:\db.accdb;" & _
"User ID=Admin;Password=;"
For Each ValueString As String In SQLValueList
strSql = "INSERT INTO Results (FldX, FldY, FldZ)" &
"VALUES ( " & ValueString & ");"
cmd = New OleDb.OleDbCommand(strSql)
cmd.Connection = New OleDb.OleDbConnection(strConnection)
cmd.Connection.Open()
cmd.ExecuteNonQuery()
Next
I'm assuming there is a much better and more efficient way of doing this but I haven't been able to find it!
Yes a parameterized query
Imports System.Data.OleDb
.......
Dim strConnection As String
Dim strSql As String = Nothing
strConnection = _
"Provider=Microsoft.ACE.OLEDB.12.0;" & _
"Data Source=C:\db.accdb;" & _
"User ID=Admin;Password=;"
strSql = "INSERT INTO Results (FldX, FldY, FldZ) VALUES ( ?, ?, ?)"
using cn = new OleDbConnection(strConnection)
using cmd = new OleDbCommand(strSql, cn)
cn.Open()
' HERE all the parameters are added with a string dummy value. '
' This should be changed if one of the underlying field is of different type '
' For example, if FldX is of type integer your need to write '
' cmd.Parameters.AddWithValue("#p1", 0) and then in the loop code '
' '
' cmd.Parameters(0).Value = val.X or '
' cmd.Parameters(0).Value = Convert.ToInt32(val.X) if val.X is not an integer but convertible to... '
cmd.Parameters.AddWithValue("#p1", "")
cmd.Parameters.AddWithValue("#p2", "")
cmd.Parameters.AddWithValue("#p3", "")
For Each val In ValueList
cmd.Parameters(0).Value = val.X.ToString()
cmd.Parameters(1).Value = val.Y.ToString()
cmd.Parameters(2).Value = val.Z.ToString()
cmd.ExecuteNonQuery()
Next
End Using
End Using
This is just an example because it is not clear what kind of data is stored in your ValueList (strings, integers, doubles dates?), but I hope that the idea is clear. Create a command object with 3 parameters (one for each field to insert), add every parameter to the command collection with dummy values (in the example, every parameter contains a string value but you need to add the correct datatype for the underlying field type). At this point just loop one time on your values and execute the query.
Please, stay away to string concatenation to build an sql command, expecially when the string values to concatenate are typed by your user. You risk an Sql Injection attack
Related
Ive been trying to find a solution for this problem without any success:
I'm using VB.NET and I need to read and update records from an Excel file. I use the OleDB API for that. It works fine for all the reading, but impossible to write to the file (Update or Insert queries)
Here is what I have:
My connection string:
Public connString As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\...\Resources\attempt.xls;Extended Properties='Excel 8.0;HDR=YES;IMEX=1;'"
Select query that works fine:
Dim checkQuery = "SELECT * FROM [Sheet1$] WHERE [TravellerPN] = #T"
Try
Using connection As New OleDb.OleDbConnection(Form.connString)
Dim checkCommand As New OleDbCommand(checkQuery, connection)
checkCommand.Parameters.Add("#T", OleDbType.VarChar).Value = PN
connection.Open()
Dim reader As OleDbDataReader = checkCommand.ExecuteReader()
Dim path As String = ""
While reader.Read()
path = reader("Datapath").ToString
End While
reader.Close()
MsgBox(PN & " " & DP & " " & path,,)
If a record for the part number entered doesnt exist, and nothing is returned, insert a new line
If path = "" Then
Dim addQuery = "INSERT INTO [Sheet1$] ([TravellerPN],[Datapath]) VALUES (#T, #D)"
Dim addCommand As New OleDbCommand(addQuery, connection)
addCommand.Parameters.Add("#T", OleDbType.VarChar).Value = PN
addCommand.Parameters.Add("#D", OleDbType.VarChar).Value = DP
Dim rows As Integer = addCommand.ExecuteNonQuery()
And this was where it returns the error.
MsgBox(rows & " row added!",, "") 'Never diplayed
And other query that doesn't work either:
Else 'If does exist, confirm replacement'
Dim replaceResponse = MsgBox("A path already exists for " & PN & "." & vbNewLine & "Do you want to replace " & path & " with " & DP & "?", MsgBoxStyle.YesNo, "Overwrite previous datapath?")
Dim replaceQuery = "UPDATE [Sheet1$] SET [Datapath] = #D WHERE [TravellerPN]=#T"
Dim replaceCommand As New OleDbCommand(replaceQuery, connection)
replaceCommand.Parameters.Add("#D", OleDbType.VarChar).Value = DP
replaceCommand.Parameters.Add("#T", OleDbType.VarChar).Value = PN
Dim rows As Integer = replaceCommand.ExecuteNonQuery()
MsgBox(rows & " row updated!",, "")
End If
connection.Close()
End Using
I've tried to fix the issue: it could be caused by permissions, so I authorized even guests accounts to modify my folder.
If it were a ReadOnly mode in the connection: I tried adding Mode=ReadWrite but my connection String didn't work after that. (That option seems only available for ADO connections?)
I tried running the app as administrator
And finally, I'm posting this here hoping to get some help.
Sorry or the long post, I was trying to give all the elements that could potentially be a problem.
Thanks.
I want to concat(add to what already exist) to an access cell using the text from a vb.net textbox. I tried using UPDATE but I'm getting a syntax error. This is what I tried so far
Dim ds As New DataSet()
Dim ConnectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\equip_full.mdb;Jet OLEDB:Database Password=matt"
Dim db As String = "Update INTO Equipment set TypeItem = ISNULL(TypeItem, '') & #EquipmentItem WHERE EquipmentCat = #category"
Using cn As New OleDbConnection(ConnectionString)
Using cmd = New OleDbCommand(db, cn)
cn.Open()
cmd.Parameters.Add("#EquipmentItem", OleDbType.VarWChar).Value = Form4.TextBox1.Text & ";"
cmd.Parameters.Add("#category", OleDbType.VarWChar).Value = Me.item_text.Text
Using reader = cmd.ExecuteReader()
'some code...
End Using
End Using
End Using
The correct syntax for an Update query is
UPDATE tablename SET field=value, field1=value1,.... WHERE condition
Then you need to remove that INTO that is used in the INSERT queries
Dim db As String = "Update Equipment set TypeItem = .... " &
"WHERE EquipmentCat = #category"
After fixing this first syntax error, then you have another problem with ISNull
ISNull is a boolean expression that return true or false.
If you want to replace the null value with an empty string you need the help of the IIF function that you could use to test the return value of ISNull and prepare the base string to which you concatenate the #Equipment parameter.
Something like this
Dim db As String = "Update Equipment " & _
"set TypeItem = IIF(ISNULL(TypeItem),'', TypeItem) & #EquipmentItem " & _
"WHERE EquipmentCat = #category"
am using vb.net, and i want to insert a row to my db Table "adwPays" from my windows form.
this is my code:
Dim CC, EngName, FreName, LanCode As String
Dim DialCode As Integer
CC = txtCC.Text
EngName = txtEN.Text
FreName = txtFN.Text
LanCode = txtLC.Text
DialCode = txtDC.Text
Dim MyConn As New SqlConnection("Server=(local);Database=dbAjout;Integrated Security=True")
Dim query As String
query = "INSERT INTO adwPays (CC, Anglais,Francais,CodeLangue,IndicInter) VALUES ( ' " & CC & "','" & EngName & "','" & FreName & "','" & LanCode & "','" & DialCode & " ');"
Dim cmd As New SqlCommand(query, MyConn)
MyConn.Open()
cmd.ExecuteScalar()
MyConn.Close()
BUT its giving me this error
"An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: String or binary data would be truncated.
The statement has been terminated."
any help?
Use a parameterized query like this
Dim query = "INSERT INTO adwPays (CC, Anglais,Francais,CodeLangue,IndicInter) " &
"VALUES (#cc, #ename, #fname, #lan, #dial)"
Using MyConn = New SqlConnection("Server=(local);Database=dbAjout;Integrated Security=True")
Using cmd = New SqlCommand(query, MyConn)
cmd.Parameters.AddWithValue("#cc", CC)
cmd.Parameters.AddWithValue("#ename", EngName)
cmd.Parameters.AddWithValue("#fname", FreName)
cmd.Parameters.AddWithValue("#lan", LanCode)
cmd.Parameters.AddWithValue("#dial", DialCode)
MyConn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
Using a parameterized query allows to avoid problems with Sql Injections and clears the command text from the formatting quotes around strings and dates and also let the framework code pass the correct decimal point for the numeric types when need
I have also added a Using Statement around the SqlConnection and the SqlCommand to be sure that the objects are closed and destroyed. The parameters are all passed as strings, this could be wrong if any of your database fields are not of text type.
It sounds like you have a String value that is longer than the database type size allows. Can you verify the type and size of each of the following fields:
cc
ename
fname
lan
Now cross-reference those sizes with what the values are in the textbox fields you are pulling them from in the UI.
My money is on one of those exceeding the database size limits.
If that is the case, then you need to introduce length checking before you attempt to save to the database.
I have some code I was hoping someone could look at for performance improvements. I have a spreadsheet that I need to import weekly. The sheet has 112 columns and about 35,000 rows. The code I have works, but it takes about 20 minutes to import the data. The excel column names do not match the database column names (I inherited this). Here is the code I am using. (I removed alot of the fields so it is easier to read)
'Connection String to Excel Workbook
Dim excelConnectionString As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & MyFile & ";Extended Properties=""Excel 12.0;HDR=Yes;"""
' Create Connection to Excel Workbook
Using connection As New System.Data.OleDb.OleDbConnection(excelConnectionString)
'List columns you need from the Excel file
Dim command As New System.Data.OleDb.OleDbCommand("Select * FROM [" & txtSheetName.Text & "$]", connection)
connection.Open()
' Create DbDataReader to Data Worksheet
Using dr As System.Data.OleDb.OleDbDataReader = command.ExecuteReader()
Dim strSql As String = ""
strSql = "INSERT INTO MyTestTable (" & _
"State, [Store Code], [Store Name], [Store Zone Code], [Store Zone Code Name], " & _
"WeekProd, YTDNew, " & _
"UpdatedBy, DateUpdated" & _
") VALUES (" & _
"#State, #StoreCode, #StoreName, #StoreZoneCode, #StoreZoneCodeName, " & _
"#WeekProd, #YTDNew, " & _
"#UpdatedBy, #DateUpdated" & _
Try
If dr.HasRows() Then
While dr.Read()
If Convert.ToString(dr.Item(0)) <> "" Then
Dim MyZone As String = Convert.ToString(dr.Item(1))
MyZone = StrConv(MyZone, vbProperCase)
Dim cmd As New SqlClient.SqlCommand
cmd.Connection = cn
cmd.CommandType = CommandType.Text
cmd.CommandText = strSql
cmd.Parameters.Add("#State", SqlDbType.VarChar).Value = ""
cmd.Parameters.Add("#StoreCode", SqlDbType.VarChar).Value = Convert.ToString(dr.Item(0))
cmd.Parameters.Add("#StoreName", SqlDbType.VarChar).Value = MyZone
cmd.Parameters.Add("#StoreZoneCode", SqlDbType.VarChar).Value = Convert.ToString(dr.Item(2))
cmd.Parameters.Add("#StoreZoneCodeName", SqlDbType.VarChar).Value = Convert.ToString(dr.Item(3))
cmd.Parameters.Add("#WeekProd", SqlDbType.Float).Value = Convert.ToDecimal(dr.Item(93))
cmd.Parameters.Add("#YTDNew", SqlDbType.Float).Value = Convert.ToDecimal(dr.Item(94))
cmd.Parameters.Add("#UpdatedBy", SqlDbType.VarChar).Value = MyUser.Substring(MyUser.Length - 4)
cmd.Parameters.Add("#DateUpdated", SqlDbType.Date).Value = Date.Today()
cmd.ExecuteScalar()
End If
End While
End If
Catch ex As Exception
lblMessage.Text = ex.Message
Exit Sub
Finally
cn.Close()
cn = Nothing
End Try
End Using
End Using
Won't promise this will set the world on fire performance-wise, but it might help.
My first thought would be to not create a new SqlCommand object and parameter set for every row in the Excel table. I would create it one time (which should save you the overhead of about 35K object instantiations given your data size), establish the parameter names, all outside the reader loop, and then call SetParameter to set the values for each column as each row in the Excel is traversed. That should trade you the overhead of about 35K * (number of real fields) parameter addition calls for setparameter calls to existing parameters. And I would also change the call type to ExecuteNonQuery rather than ExecuteScalar.
Now, ordinarily, the conventional wisdom would hold that you only open/close a connection to a database as you need it, and I think that is implied in this structure (open/close for each insert) but in this case, for a data update scenario like this, I think this would be a reasonable exception.
I am trying to prevent from having to escape apostrophes in my string variables by using a parameterized query with a SqlConnection, but it is not working. any help would be appreciated.
UPDATED: this is current code...
'Populate Connection Object
Dim oCnn As New SqlConnection(strConnection)
'Define our sql query
Dim sSQL As String = "INSERT INTO [" & foreignTable & "] (data_text) VALUES (#data_text) ; "
'Populate Command Object
Dim oCmd As New SqlCommand(sSQL, oCnn)
'Add up the parameter, associated it with its value
oCmd.Parameters.AddWithValue("#data_text", data_text)
'Opening Connection for our DB operation
oCnn.Open()
Try
Dim results As Integer = oCmd.ExecuteScalar
Catch ex As Exception
LabelImport.Text &= "<font color=red>ROOT Import ERROR: " & ex.ToString & ", From Database: " & dbName & ", Text String: " & data_text & "</font><br />"
Throw
End Try
oCnn.Close()
oCmd.Parameters.Clear()
Thanks for any help.
Yeah, that's not right.
It should look like this:
Dim sSQL As String = "INSERT INTO [" & foreignTable & "] (data_text) VALUES (#data_text);"
and for the parameter:
oCmd.Parameters.AddWithValue("#data_text", data_text)
Note: I don't "think" you can pass the table name as a parameter. You would have to have the table name in the string. See Parametise table name in .Net/SQL?
Also, change this:
Dim results As Integer = oCmd.ExecuteScalar
to
Dim results as Integer = oCmd.ExecuteNonQuery()
You can use table name only when creating query (I mean concatenating it from parts: "INSERT INTO " + foreignTable + " (data_text) VALUES..., AFAIK), not as query parameter. Check SqlParameterCollection.AddWithValue on MSDN for more information about SqlCommand parameters, there is very good example as well.
'Populate Connection Object
Dim oCnn As New SqlConnection(strConnection)
'Define our sql query
Dim sSQL As String = "INSERT INTO " & foreignTable & " (data_text) VALUES (#data_text);"
'Populate Command Object
Dim oCmd As New SqlCommand(sSQL, oCnn)
'Add up the parameter, associated it with its value
oCmd.Parameters.AddWithValue("#data_text", data_text)
'Opening Connection for our DB operation
oCnn.Open()
Edit:
+ changed to & because of C# as "native language".