i have this code made by myself researching,
it returns no error, it update(s) some of the data entered in textboxes but not all the fields
i check the codes near the field that is updating to compare it to the textboxes that do not
update.
but i dont see the difference, it just not update all fields, only some fields
Dim sqlconn As New SqlClient.SqlConnection
sqlconn.ConnectionString = "server = SKPI-APPS1;" & _
"Database = EOEMS;integrated security=true"
Dim myCommand As SqlCommand
Try
'update command
sqlconn.Open()
myCommand = New SqlCommand(
"UPDATE tblOfficeEquipmentProfile SET OE_Category = '" & cmbCategory.Text
& "',OE_SubCategory = '" & cmbSubCategory.Text
& "', OE_Name = '" & txtName.Text
& "', OE_User = '" & txtUser.Text
& "', OE_Brand = '" & cmbBrand.Text
& "', OE_Model = '" & cmbModel.Text
& "', OE_Specs = '" & txtSpecs.Text
& "', OE_SerialNo = '" & txtSerialNo.Text
& "', OE_PropertyNo = '" & txtPropertyNo.Text
& "', OE_MacAddress = '" & txtMacAddress.Text
& "', OE_Static_IP = '" & txtStaticIp.Text
& "', OE_Vendor = '" & cmbVendor.Text
& "', OE_PurchaseDate = '" & txtPurchaseDate.Text
& "', OE_WarrantyInclusiveYear = '" & cmbWarrantyInclusiveYear.Text
& "', OE_WarrantyStatus = '" & txtWarrantyStatus.Text
& "', OE_Status = '" & txtStatus.Text
& "', OE_Dept_Code = '" & cmbDeptCode.Text
& "', OE_Location_Code = '" & cmbLocationCode.Text
& "', OE_Remarks ='" & cmbRemarks.Text
& "' WHERE OE_ID = '" & txtOEID.Text & "'", sqlconn)
' ^^ (edited to separate lines for ease of viewing )
myCommand.ExecuteNonQuery()
MessageBox.Show("Office Equipment Profile Successfully Updated Records")
Catch ex As Exception
MsgBox(ex.Message)
End Try
Some troubleshooting suggestions:
Try a pattern like this:
Dim SQL As String = "UPDATE STaff Set Initials='RCH' WHERE Initials = 'RCH'"
myCommand = New SqlCommand(SQL, sqlconn)
Dim iCnt As Integer = myCommand.ExecuteNonQuery()
MessageBox.Show("Office Equipment Profile Successfully Updated " & iCnt & " Records")
Place a breakpoint on the second line and use the Text Visualizer to look at the SQL. You can also copy it and use in some other query tool to work on it and find the errors.
Also, capture the number of records changed (iCnt above) and do some QA and/or debug.
Injection: While your project may not be exposed to an injection attack you can step on your self by not making sure that the .Text values don't break the SQL. For example if any of the .Text contains an apostrophe the SQL will fail. You can write a Function to replace ' with '' and you'll be safe.
Or do each: OE_Location_Code = '" & cmbLocationCode.Text.replace("'","''")
This will convert "Fred's Room" to "Fred''s Room"
Related
Good day, I keep getting a "System.Data.OleDb.OleDbException: 'Syntax error in UPDATE statement" error.
Can someone please assist with why and where?
Any help will be greatly appriciated
Below is the code
Try
conec.Open()
Dim cmd As New OleDbCommand("UPDATE tblCreate Set Username = '" & txtUserName.Text & "', EMail = '" & txtEmail.Text & "', FirstName = '" & TxtName.Text & "', LastName = '" & txtSurname.Text & "', Access = '" & cmbAccess.SelectedItem & "', CreatedBY = '" & Label9.Text & "', DateCreated = '" & Label10.Text & "', ChangedBY = '" & Label6.Text & "', DateChanged = '" & Date.Now.ToString("yyyy-MMMM-dd hh:mm tt") & "' WHERE UserName = " & txtUserName.Text & ";")
cmd.CommandType = CommandType.Text
cmd.Connection = conec
cmd.ExecuteNonQuery()
MessageBox.Show("Data Updated" & vbCrLf & "Done")
conec.Close()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
Looks like you're missing apostrophes in your where clause, try:
Dim cmd As New OleDbCommand("UPDATE tblCreate Set Username = '" & txtUserName.Text & "', EMail = '" & txtEmail.Text & "', FirstName = '" & TxtName.Text & "', LastName = '" & txtSurname.Text & "', Access = '" & cmbAccess.SelectedItem & "', CreatedBY = '" & Label9.Text & "', DateCreated = '" & Label10.Text & "', ChangedBY = '" & Label6.Text & "', DateChanged = '" & Date.Now.ToString("yyyy-MMMM-dd hh:mm tt") & "' WHERE UserName = '" & txtUserName.Text & "';")
I recommend using SQL Parameters however, they're a lot easier to maintain.
Please help me. My project uses an access database. This is my code:
Try
Dim SqlQuery As String = "UPDATE Penawaran SET UP = '" & box_up.Text & "', Dari = '" & box_dari.Text & "', Hal = '" & box_hal.Text & "', No_Reference = '" & box_no_reference.Text & "', Email = '" & box_email.Text & "', CC = '" & box_cc.Text & "', No = '" & box_no.Text & "', Bahan_Proses = '" & box_bahan_proses.Text & "', Jumlah = '" & box_jumlah.Text & "', Harga_Satuan = '" & box_harga_satuan.Text & "', Total = '" & box_total.Text & "', Sub_Total = '" & box_sub_total.Text & "', Total_PPN = '" & box_ppn_10_persen.Text & "', Total_Semua = '" & box_total_semua.Text & "', Terbilang = '" & box_terbilang.Text & "', Note = '" & box_note.Text & "', Nama = '" & box_nama.Text & "', Bagian = '" & box_bagian.Text & "' WHERE Kepada = '" & box_kepada.Text & "'"
Dim SqlCommand As New OleDbCommand
With SqlCommand
.CommandText = SqlQuery
.Connection = Database
.ExecuteNonQuery()
End With
MsgBox("Data yang anda pilih sudah berhasil di ubah & simpan ke dalam sistem.")
Call Sett_pnwrn()
'Me.button_delete.Enabled = False
' Me.button_edit.Enabled = False
Catch ex As Exception
MsgBox(ex.Message)
End Try
Why it doesn't work?
This is the error message :
Syntax error in update statement.
What should I do?
Dim cmd As New OleDbCommand
OpenConnection()
cmd.Connection = con
cmd.CommandText = "INSERT INTO [StudentInfo] ([Stud_Num], [Stud_FName], [Stud_LName], [Stud_ContactNum], [Stud_Email], [Stud_Address], [Stud_Username], [Stud_Password], [Stud_ConfirmPassword]) VALUES (" & _
txtStudNum.Text & ", '" & txtFname.Text & "', '" & txtLname.Text & "', '" & _
txtNum.Text & "', '" & txtEmail.Text & "', '" & txtAddress.Text & "' , '" & txtUsername.Text & "', '" & txtPassword.Text & "', '" & txtConPassword.Text & "')"
cmd.ExecuteNonQuery()
The error was the cmd.ExecuteNonQuery() I'm still a student and a noob in using vb.net so please could you tell me what I did wrong ?
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
Here is the code for my edit command. When I click the edit button message, a syntax error on the update statement pop up. But when debugging, there was no error.
Try
Dim SqlQuery As String = "UPDATE data SET archivedate = '" & txtarcdate.Text & "', filenumber = '" & txtfilenum.Text & "', filedate = '" & txtfiled.Text & "', section ='" & txtsection.Text & "', subject '" & txtsubject.Text & "' WHERE number = " & number & ";"
Dim SqlCommand As New OleDbCommand
With SqlCommand
.CommandText = SqlQuery
.Connection = conn
.ExecuteNonQuery()
End With
MsgBox("One record successfully updated.")
loadListView()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Here is your query statement:
Dim SqlQuery As String = "UPDATE data SET archivedate = '" & txtarcdate.Text & "', filenumber = '" & txtfilenum.Text & "', filedate = '" & txtfiled.Text & "', section ='" & txtsection.Text & "', subject '" & txtsubject.Text & "' WHERE number = " & number & ";"
Lets pay attention on this part:
& "', subject '" & txtsubject.Text &
You missed the equals sign. Should be:
& "', subject = '" & txtsubject.Text &
So the complete line would be:
Dim SqlQuery As String = "UPDATE data SET archivedate = '" & txtarcdate.Text & "', filenumber = '" & txtfilenum.Text & "', filedate = '" & txtfiled.Text & "', section ='" & txtsection.Text & "', subject = '" & txtsubject.Text & "' WHERE number = " & number & ";"
And finally, research about SQL injection. It is a serious security problem that your code are suffering.
I have my code for save button and update button but is there a way I can combine the two
commands in one button?
For example When I click 'SAVE/UPDATE Button' it will save on the database if it is a new record and it will rather update if the system found that there is already record on the database and save the edited data's
CODE FOR SAVE BUTTON
Dim sqlconn As New SqlClient.SqlConnection
sqlconn.ConnectionString = "server = SKPI-APPS1;" & _
"Database = EOEMS;integrated security=true"
Try
Dim myCommand As New SqlCommand
sqlconn.Open()
myCommand = New SqlCommand("INSERT INTO tblOfficeEquipmentProfile(OE_Category,OE_SubCategory,OE_ID,OE_Name,OE_User,OE_Brand,OE_Model,OE_Specs,OE_SerialNo,OE_PropertyNo,OE_MacAddress,OE_Static_IP,OE_Vendor,OE_PurchaseDate,OE_WarrantyInclusiveYear,OE_WarrantyStatus,OE_Status,OE_Dept_Code,OE_Location_Code,OE_Remarks) VALUES('" & cmbCategory.Text & "','" & cmbSubCategory.Text & "','" & txtOEID.Text & "','" & txtName.Text & "','" & txtUser.Text & "','" & cmbBrand.Text & "','" & cmbModel.Text & "','" & txtSpecs.Text & "','" & txtSerialNo.Text & "','" & txtPropertyNo.Text & "','" & txtMacAddress.Text & "','" & txtStaticIp.Text & "','" & txtVendor.Text & "','" & txtPurchaseDate.Text & "','" & txtWarrantyInclusiveYear.Text & "', '" & txtWarrantyStatus.Text & "','" & txtStatus.Text & "','" & cmbDeptCode.Text & "','" & cmbLocationCode.Text & "','" & txtRemarks.Text & "')", sqlconn)
myCommand.ExecuteNonQuery()
MessageBox.Show("Office Equipment Profile Successfully Added")
sqlconn.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
CODE FOR UPDATE BUTTON (NOTE: but still my update button has some error still trying to fix)
Dim sqlconn As New SqlClient.SqlConnection
sqlconn.ConnectionString = "server = SKPI-APPS1;" & _
"Database = EOEMS;integrated security=true"
Dim myCommand As New SqlCommand
Try
'update command
sqlconn.Open()
myCommand = New SqlCommand("UPDATE tblOfficeEquipmentProfile SET OE_Category = '" & cmbCategory.Text & "',OE_SubCategory = '" & cmbSubCategory.Text & "', OE_Name = '" & txtName.Text & "', OE_User = '" & txtUser.Text & "', OE_Brand = '" & cmbBrand.Text & "', OE_Model = '" & cmbModel.Text & "', OE_Specs = '" & txtSpecs.Text & "', OE_SerialNo = '" & txtSerialNo.Text & "', OE_PropertyNo = '" & txtPropertyNo.Text & "', OE_MacAddress = '" & txtMacAddress.Text & "', OE_Static_IP = '" & txtStaticIp.Text & "', OE_Vendor = '" & txtVendor.Text & "', OE_PurchaseDate = '" & txtPurchaseDate.Text & "', OE_WarrantyInclusiveYear = '" & txtWarrantyInclusiveYear.Text & "', OE_WarrantyStatus = '" & txtWarrantyStatus.Text & "', OE_Status = '" & txtStatus.Text & "', OE_Dept_Code = '" & cmbDeptCode.Text & "', OE_Location_Code = '" & cmbLocationCode.Text & "', OE_Remarks ='" & txtRemarks.Text & "' WHERE OE_ID ='" & txtOEID.Text & "'", sqlconn)
Dim iCnt As Integer = myCommand.ExecuteNonQuery()
MessageBox.Show("Office Equipment Profile Successfully Updated " & iCnt & " Records")
Catch ex As Exception
MsgBox(ex.Message)
End Try
You could create an enum that contains the state:
Enum DataState
Editing
Adding
None
End Enum
Then set a class-level variable:
private mDataState as DataState
Then set this according to whether you are adding or editing a record, then in the Save_Click subroutine, use an If-Then.
Write a stored procedure that checks to see if the record exists. If it does, update it. Otherwise, insert it.
Call this stored procedure from your vb.net code. Also, change your .net code so that it sends query parameters to your stored procedure.
Yours is a perennial favorite question here on SO: how to update an existing row or else insert it? And the answers are perennially wrong.
The standard SQL to do this does not have an if statement. The standard way is to insert the row subject to the constraint that it does not exist, and then update it:
insert into T values (...)
where not exists (
select 1 from T as t
where T.key = t.key
)
optionally check the rowcount and only update if it's 0
update T set ...
where T.key = value
If you don't check the rowcount from insert, the update is redundant.
It's better to put all that in a stored procedure but, even if you don't, you should be able to put both statements in one prepared statement, and attach that to one button in your GUI.