Dear Folk's i'm using the following code in order to send the bytes of a picture into the stream table:
Dim FirstColumnNames As String = imTable(0) & "_Code, " & imTable(0) & "_Price, " & imTable(0) & "_Title, " & imTable(0) & "_Type, " & imTable(0) & "_Height, " & imTable(0) & "_Width, " & imTable(0) & "_Comments "
Dim FirstFieldsValues As String = "'" & imParam(1) & "', '" & imParam(2) & "', '" & imParam(0) & "', '" & imType.ToString & "', '" & imHeight & "', '" & imWidth & "', '" & imParam(3) & "' "
RemoteSQLcmd = New SqlCommand("INSERT INTO " & imTable(0) & " (" & FirstColumnNames & ") VALUES (" & FirstFieldsValues & ") ", RemoteSQLConn, RemoteSQLtx)
RemoteSQLcmd.ExecuteNonQuery()
RemoteSQLcmd = New SqlCommand("SELECT * FROM " & imTable(0) & " WHERE " & imTable(0) & "_Code = " & "'" & imParam(1) & "'", RemoteSQLConn, RemoteSQLtx)
AbsRecord = RemoteSQLcmd.ExecuteScalar
Dim imGUID As Guid = Guid.NewGuid()
Dim SecondColumnNames As String = imTable(1) & "_" & imTable(0) & "_ID , " & imTable(1) & "_GUID "
Dim SecondFieldsValues As String = "'" & AbsRecord & "', '" & imGUID.ToString & "'"
RemoteSQLcmd = New SqlCommand("INSERT INTO " & imTable(1) & " (" & SecondColumnNames & ") VALUES (" & SecondFieldsValues & ") ", RemoteSQLConn, RemoteSQLtx)
RemoteSQLcmd.ExecuteNonQuery()
RemoteSQLcmd = New SqlCommand("SELECT GET_FILESTREAM_TRANSACTION_CONTEXT() " & "FROM " & imTable(1) & " WHERE " & imTable(1) & "_" & imTable(0) & "_ID = " &AbsRecord, RemoteSQLConn, RemoteSQLtx)
RemoteSQLcmd.Parameters.Add("#" & imTable(1) & "_GUID", SqlDbType.UniqueIdentifier).Value = imGUID
Dim tokenObject As Object = RemoteSQLcmd.ExecuteScalar()
tokenReader = RemoteSQLcmd.ExecuteReader(CommandBehavior.SingleRow)
tokenReader.Read()
filePathName = tokenReader.GetSqlString(1)
fileToken = DirectCast(tokenReader(3), Byte())
tokenReader.Close()
Dim sqlFile As SqlFileStream = New SqlFileStream(filePathName.Value, fileToken.Value, FileAccess.Write)
The tables have the fllowing stracture
Thats the First Table:
myCommand = New SqlCommand("CREATE TABLE " & TablesStat(0, 0) & _
" (" & TablesStat(0, 0) & "_ID int NOT NULL PRIMARY KEY IDENTITY(1,1), " & TablesStat(0, 0) & "_Code varchar(20) NULL, " & TablesStat(0, 0) & "_Price money NULL, " & TablesStat(0, 0) & "_Title varchar(50) NULL, " & TablesStat(0, 0) & "_Type sql_variant NULL, " & TablesStat(0, 0) & "_Height int NULL, " & TablesStat(0, 0) & "_Width int NULL, " & TablesStat(0, 0) & "_Comments nvarchar(MAX) NULL)", RemoteSQLConn)
myCommand.ExecuteNonQuery()
End the second table is:
myCommand = New SqlCommand("CREATE TABLE " & TablesStat(1, 0) & _
" (" & TablesStat(1, 0) & "_ID int NOT NULL PRIMARY KEY IDENTITY(1,1), " & TablesStat(1, 0) & "_GUID UNIQUEIDENTIFIER ROWGUIDCOL NOT NULL UNIQUE , " & TablesStat(1, 0) & "_" & TablesStat(0, 0) & "_ID int FOREIGN KEY REFERENCES " & TablesStat(0, 0) & " (" & TablesStat(0, 0) & "_ID) NOT NULL, " & TablesStat(1, 0) & "_Image varbinary(MAX) FILESTREAM NULL ) ", RemoteSQLConn)
myCommand.ExecuteNonQuery()
My problem comes when i'm trying to read the 'filePathName' and the 'fileToken'
the privious SELECT GET_FILESTREAM.... return me only one colomn to read the colomn 0 which has the GUID in binary format
I know i'm doing something wrong but i don't know what
My issue is that i'm not geting th 'filePathName' and the fileToken'
is there anybody to assist me?
Look Max
I did what you told me but nothing
RemoteSQLcmd = New SqlCommand("SELECT GET_FILESTREAM_TRANSACTION_CONTEXT()", RemoteSQLConn, RemoteSQLtx)
Dim tokenObject As Object = RemoteSQLcmd.ExecuteScalar()
tokenReader = RemoteSQLcmd.ExecuteReader(CommandBehavior.SingleRow)
tokenReader.Read()
fileToken = DirectCast(tokenReader(1), Byte())
filePathName = tokenReader.GetSqlString(3)
And the Transaction starts far upper of this command
And never stops
Dim imGUID As Guid = Guid.NewGuid()
Dim imImage As Byte() = New Byte(imStream.Length) {}
Dim bytesRead As Integer = imStream.Read(imImage, 0, imStream.Length)
Dim SecondColumnNames As String = _
imTable(1) & "_GUID, " & _
imTable(1) & "_" & imTable(0) & "_ID"
Dim SecondFieldsValues As String = "'" & imGUID.ToString & "', '" & AbsRecord & "'"
RemoteSQLcmd = New SqlCommand("INSERT INTO " & imTable(1) & _
" (" & SecondColumnNames & ") VALUES (" & SecondFieldsValues & ")", RemoteSQLConn, RemoteSQLtx)
RemoteSQLcmd.Parameters.Add("#" & imTable(1) & "_GUID", SqlDbType.UniqueIdentifier).Value = imGUID
RemoteSQLcmd.Parameters.Add("#" & imTable(1) & "_Image", SqlDbType.Image).Value = imImage
RemoteSQLcmd.ExecuteNonQuery()
RemoteSQLcmd = New SqlCommand("SELECT GET_FILESTREAM_TRANSACTION_CONTEXT() FROM " & imTable(1), RemoteSQLConn, RemoteSQLtx)
Dim tokenObject As Object = RemoteSQLcmd.ExecuteScalar()
tokenReader = RemoteSQLcmd.ExecuteReader(CommandBehavior.SingleRow)
tokenReader.Read()
As you can see i put again the FROM claus.
But please look what i'm receiving in the reader
tokenReader.Depth 0
tokenReader.FieldCount 1
tokenReader.HasRows True
tokenReader.IsClosed False
tokenReader.Item In order to evaluate an indexed property, the property must be qualified and the arguments must be explicitly supplied by the user.
tokenReader.RecordsAffected -1
As you can see here i have only one column to read and nothing else
I really don't know if that is helpful but anyway i put it there
tokenReader.VisibleFieldCount 1
MSDN said you should
do this inside TRANSACTION
do "SELECT GET_FILESTREAM_TRANSACTION_CONTEXT()" without any "FROM TABLE"
There is a sample in Working with FILESTREAM using VB .NET By Yan Pan:
' Obtain a transaction context. All FILESTREAM BLOB operations occur '
' within a transaction context to maintain data consistency. '
Dim transaction As SqlTransaction =
sqlConnection.BeginTransaction("mainTranaction")
sqlCommand.Transaction = transaction
sqlCommand.CommandText = "SELECT GET_FILESTREAM_TRANSACTION_CONTEXT()"
Dim obj As Object = sqlCommand.ExecuteScalar()
Dim txContext As Byte() = Nothing
If Not obj.Equals(DBNull.Value) Then
txContext = DirectCast(obj, Byte())
Else
Throw New System.Exception("GET_FILESTREAM_TRANSACTION_CONTEXT() failed")
End If
' Obtain a handle that can be passed to the Win32 FILE APIs. '
Dim sqlFileStream As New SqlFileStream(filePath, txContext, FileAccess.Write)
' Converting the image to a byte array. '
' Please change C:\Spire.jpg to your image file path. '
Dim byteImg As Byte()
byteImg = File.ReadAllBytes("C:\Spire.jpg")
'Write the image file to the FILESTREAM BLOB. '
sqlFileStream.Write(byteImg, 0, byteImg.Length)
' Close the FILESTREAM handle. '
sqlFileStream.Close()
' Commit the write operation that was performed on the FILESTREAM BLOB. '
sqlCommand.Transaction.Commit()
Try to change your code according to sample:
filePath variable is initiated before opening file transaction
there is a simple "SELECT GET_FILESTREAM_TRANSACTION_CONTEXT()" command for file context
there is a null check and DirectCast(obj, Byte()) to cast value into byte
not sure if it make difference, but SqlFileStream is opening with txContext, not txContext.Value
UPDATE
How I understand the problem:
filePathName - filename from where we will open filestream. this value should be selected from some field of some your table. If you don't know what [table].[field] it is, see inside db table values and find where file path are saved.
fileToken - filestream transaction context. should be selected in separate command execute, and casted to Byte.
SQL Injections means when you do things like
RemoteSQLcmd = New SqlCommand("SELECT * FROM " & imTable(0) & " WHERE "
& imTable(0) & "_Code = " & "'" & imParam(1)
& "'", RemoteSQLConn, RemoteSQLtx)
in codebehind and imParam is an URL parameter value than someone may play a bad joke with you putting "'; DROP TABLE users;" in it which may resolve into
SELECT * FROM table WHERE table_Code = ''; DROP TABLE users;
Related
been a while since I've posted so please forgive any formatting issues. Looking to update a table field with a value from another record in the same field in the same table.
I've declared two strings, and the strDeal string is coming back with the correct values when debugging. However when I introduce the string into the sql statement I can't the query to update the field. I'm not sure exactly what isn't working correctly, so any help would be appreciated.
The basics are I'm trying to update the Case_Qty field with a value from the same field in the same table based on the returned value from a subquery. Thanks!
Dim strDeal As String
Dim strSQL As String
strDeal = DMax("[Deal_No]", "[tblStructuresNoDAworking]", "[Structure_Name] = Forms!frmStructNoDASetup!Structure_Name AND [FG_Ind] = 0 AND [Deal_No] < Forms!frmStructNoDASetup!Deal_No")
strSQL = "UPDATE tblStructuresNoDAworking SET tblStructuresNoDAworking.Case_Qty = (SELECT [Case_Qty] FROM tblStructuresNoDAworking WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & strDeal & "') WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & Me.Deal_No.Value & "'"
DoCmd.RunSQL (strSQL)
Try this where you concatenate the values from the form:
Dim strDeal As String
Dim strSQL As String
strDeal = DMax("[Deal_No]", "[tblStructuresNoDAworking]", "[Structure_Name] = '" & Forms!frmStructNoDASetup!Structure_Name & "' AND [FG_Ind] = 0 AND [Deal_No] < '" & Forms!frmStructNoDASetup!Deal_No & "'")
strSQL = "UPDATE tblStructuresNoDAworking " & _
"SET tblStructuresNoDAworking.Case_Qty = " & _
" (SELECT [Case_Qty] " & _
" FROM tblStructuresNoDAworking " & _
" WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & strDeal & "') " & _
"WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & Me.Deal_No.Value & "'"
DoCmd.RunSQL strSQL
For numeric Deal:
Dim Deal As Long
Dim strSQL As String
Deal = DMax("[Deal_No]", "[tblStructuresNoDAworking]", "[Structure_Name] = '" & Forms!frmStructNoDASetup!Structure_Name & "' AND [FG_Ind] = 0 AND [Deal_No] < '" & Forms!frmStructNoDASetup!Deal_No & "'")
strSQL = "UPDATE tblStructuresNoDAworking " & _
"SET tblStructuresNoDAworking.Case_Qty = " & _
" (SELECT [Case_Qty] " & _
" FROM tblStructuresNoDAworking " & _
" WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = " & Deal & ") " & _
"WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = " & Me.Deal_No.Value & ""
DoCmd.RunSQL strSQL
I'm always getting the "enter parameter value error" when I try to run this code. The error refers to idPat, idSP, idPar and measure_value.
I have checked with the debug idPar, idPat, idSP and measure_value and they assume the correct value; the errors comes out when I run sql.
Dim idPar As Integer
Dim idPat As Integer
Dim idSP As Integer
Dim current_fc As String
Dim namePar As String
Dim sql As String
Dim measureValue As Integer
current_fc = TempVars!CurrentUsername
namePar = Me.cmbManualDailyPar.Value
measureValue = Me.txtMeasureValue
idPar = Nz(DLookup("ID_par", "Parameter", "name_par = '" & namePar & "'"), 0)
idPat = Nz(DLookup("ID_patient", "Patient", "fiscal_code = '" & current_fc & "'"), 0)
idSP = Nz(DLookup("ID_SP", "Diagnosis", "ID_patient = " & idPat & ""), 0)
sql = "INSERT INTO Measure(ID_par, measure_value,ID_SP,ID_patient)" & _
" VALUES(idPar,measureValue,idSP,idPat);"
DoCmd.RunSQL sql
Your VALUES part is just text. What you need is:
" VALUES(" & idPar & "," & measureValue & "," & idSP & "," & idPat & ")"
You may also need to enclose text values in database quotes, for example:
" VALUES(" & idPar & ", '" & measureValue & "'," & idSP & "," & idPat & ")"
to enclose measureValue if it is text.
want to update record if exists and insert if not exists into vsolv_trn_tsalesregdump Is tsalesregdump_name is unique in table vsolv_trn_tsalesregdump
when i click check box that particular row should be check on other table and how to use it for loop in form loop i can use the "tsalesdump_date,tsalesdump_name,executivename_executive" this three if the value is same its go to update and otherwise its not to same its move on insert how can i write it can any 1help me
if i have use two table one temp and other 1 is orginal\ temp table =vsolv_tmp_tsalesdump orginal table=vsolv_trn_tsalesregdump.
if already i hav save the data in orginal table,again if i hav assing data for temp table and view in radgrid if select and submit the button its go to check on orginal table if the value is already there its update it otherwise insert how can use it
Protected Sub btn_Submit_Click(ByVal sender As Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles btn_Submit.Click
lblerrmsg.Text = ""
Dim chk As CheckBox
Dim lbtn As LinkButton
Dim Res As Long
Dim lobjrow As DataRow
Dim lObjErrTable As New DataTable
Dim a As Integer = 0
Dim dtcarbooking As New DataTable
Dim dtDumpBooking As New DataTable
Dim lsRefid As String = String.Empty
Dim dtdumpsample As New DataTable
Dim name As String = String.Empty
If Check_Validation() = True Then
Exit Sub
End If
Gobjdbconn.OpenConn()
lObjErrTable = Error_TabelFill()
For i As Integer = 0 To GVUpload.Items.Count - 1
chk = GVUpload.Items(i).FindControl("chkupload")
If chk.Checked = True Then
lsRefid = GVUpload.Items(i).GetDataKeyValue("tsalesdump_gid").ToString()
MsSql = ""
MsSql &= "Select tsalesdump_gid,tsalesdump_date,tsalesdump_name,executivename_executive,tsalesdump_vch_no,tsalesdump_debit,tsalesdump_credit"
MsSql &= " from vsolv_tmp_tsalesdump as a"
MsSql &= " left join vsolv_trn_executivename as b on a.tsalesdump_name = b.executivename_particulars"
MsSql &= " where tsalesdump_gid = '" & lsRefid & "' and tsalesdump_isremoved = 'N'"
dtDumpBooking = Gobjdbconn.GetDataTable(MsSql)
MsSql = ""
MsSql &= "Insert into vsolv_trn_tsalesregdump(tsalesregdump_date,tsalesregdump_name,tsalesregdump_executive,tsalesregdump_vch_no"
MsSql &= " ,tsalesregdump_debit,tsalesregdump_credit,tsalesregdump_importby)"
MsSql &= " Values ('" & Format(CDate(dtDumpBooking.Rows(0).Item("tsalesdump_date")), "yyyy-MMM-dd").ToString() & "'"
MsSql &= ",'" & dtDumpBooking.Rows(0).Item("tsalesdump_name").ToString() & "'"
MsSql &= ",'" & dtDumpBooking.Rows(0).Item("executivename_executive").ToString() & "'"
MsSql &= " ,'" & dtDumpBooking.Rows(0).Item("tsalesdump_vch_no").ToString() & "'"
MsSql &= " ,'" & dtDumpBooking.Rows(0).Item("tsalesdump_debit").ToString() & "','" & dtDumpBooking.Rows(0).Item("tsalesdump_credit").ToString() & "','SIVA')"
MnResult = Gobjdbconn.ExecuteNonQuerySQL(MsSql)
If MnResult = 1 Then
MsSql = ""
MsSql &= " Delete from vsolv_tmp_tsalesdump where tsalesdump_gid = '" & lsRefid & "'"
Gobjdbconn.ExecuteNonQuerySQL(MsSql)
Else
lobjrow = lObjErrTable.NewRow()
a = a + 1
lobjrow("Sno") = a
lobjrow("Booking Ref No") = dtcarbooking.Rows(0).Item("tsalesregdump_name").ToString
lobjrow("Description") = "Duplicate Record"
lObjErrTable.Rows.Add(lobjrow)
End If
End If
Next
POPSummary()
If Not lObjErrTable Is Nothing Then
If lObjErrTable.Rows.Count > 0 Then
Call Pop_Data(lObjErrTable)
End If
End If
End Sub
If you want to update record if already exists else insert in SQL then you can achieve by following: You need to change MsSql string for Insert command
MsSql = "" + _
"IF EXISTS(Select tsalesregdump_name From vsolv_trn_tsalesregdump Where tsalesregdump_name = '" & dtDumpBooking.Rows(0).Item("tsalesdump_name").ToString() & "') " + _
"BEGIN " + _
" Update vsolv_trn_tsalesregdump " + _
" Set tsalesregdump_date = '" & Format(CDate(dtDumpBooking.Rows(0).Item("tsalesdump_date")), "yyyy-MMM-dd").ToString() & "' " + _
" ,tsalesregdump_executive = '" & dtDumpBooking.Rows(0).Item("executivename_executive").ToString() & "' " + _
" ,tsalesregdump_vch_no = '" & dtDumpBooking.Rows(0).Item("tsalesdump_vch_no").ToString() & "' " + _
" ,tsalesregdump_debit = '" & dtDumpBooking.Rows(0).Item("tsalesdump_debit").ToString() & "' " + _
" ,tsalesregdump_credit = '" & dtDumpBooking.Rows(0).Item("tsalesdump_credit").ToString() & "' " + _
" ,tsalesregdump_importby = 'SIVA' " + _
" Where tsalesregdump_name = '" & dtDumpBooking.Rows(0).Item("tsalesdump_name").ToString() & "' " + _
"END " + _
"ELSE " + _
"BEGIN " + _
" Insert into vsolv_trn_tsalesregdump(tsalesregdump_date,tsalesregdump_name,tsalesregdump_executive,tsalesregdump_vch_no " + _
" ,tsalesregdump_debit,tsalesregdump_credit,tsalesregdump_importby) " + _
" Values ('" & Format(CDate(dtDumpBooking.Rows(0).Item("tsalesdump_date")), "yyyy-MMM-dd").ToString() & "' " + _
" ,'" & dtDumpBooking.Rows(0).Item("tsalesdump_name").ToString() & "' " + _
" ,'" & dtDumpBooking.Rows(0).Item("executivename_executive").ToString() & "' " + _
" ,'" & dtDumpBooking.Rows(0).Item("tsalesdump_vch_no").ToString() & "' " + _
" ,'" & dtDumpBooking.Rows(0).Item("tsalesdump_debit").ToString() & "','" & dtDumpBooking.Rows(0).Item("tsalesdump_credit").ToString() & "','SIVA') " + _
"END "
MnResult = Gobjdbconn.ExecuteNonQuerySQL(MsSql)
I am assuming here that tsalesregdump_name is unique.
When I try to edit and update the data in datagriview it comes up with an error message saying Operator '&' is not defined for type 'TextBox' and string "".
please help. Thanks
Here is my code
Private Sub btnaddrecord_Click(sender As Object, e As EventArgs) Handles btnaddrecord.Click
Dim cmd As New OleDb.OleDbCommand
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
cmd.Connection = cnn
If Me.IdentificationNotest.Tag & "" = "" Then
cmd.CommandText = "INSERT INTO vehicledefects(Codenumber, vehiclereg, datereported, defects1, repaired1, defects2, repaired2, defects3, repaired3, datefixed) " & _
" VALUES(" & Me.IdentificationNotest.Text & ",'" & Me.vehiclereg.Text & "','" & Me.datereported.Text & "','" & Me.defects1.Text & "','" & Me.repaired1.Text & "','" & _
Me.defects2.Text & "','" & Me.repaired2.Text & "','" & _
Me.defects3.Text & "','" & Me.repaired3.Text & "','" & _
Me.datefixed.Text & "')"
cmd.ExecuteNonQuery()
Else
cmd.CommandText = "UPDATE vehicledefects" & _
" SET Codenumber =" & Me.IdentificationNotest.Text & _
", vehiclereg ='" & Me.vehiclereg.Text & "'" & _
", datereported ='" & Me.datereported.Text & "'" & _
", defects1 ='" & Me.defects1.Text & "'" & _
", repaired1 ='" & Me.repaired1.Text & "'" & _
", defects2 ='" & Me.defects2.Text & "'" & _
", repaired2='" & Me.repaired2.Text & "'" & _
", defects3='" & Me.defects3.Text & "'" & _
", repaired3='" & Me.repaired3.Text & "'" & _
", datefixed='" & Me.datefixed.Text & "'" & _
" WHERE Codenumber =" & Me.IdentificationNotest.Tag
cmd.ExecuteNonQuery()
End If
refreshdata()
Me.btnclear.PerformClick()
cnn.Close()
datefixed.Text = ""
IdentificationNotest.Text = ""
End Sub
In the future, you should also post the line number the error is being thrown on.
The error is telling you that you're doing something like:
dim myString as String = myTextBox & " some more text"
in this case, you would need to do:
dim myString as String = myTextBox.Text & " some more text"
In the code you posted, I wasn't able to find an instance of this - so perhaps its somewhere else in the code. Though, the code was hard to read so I may have missed it.
You may also be aware that this code is susceptible to SQL Injection attacks
I am having below error
Conversion from type 'DBNull' to type 'Integer' is not valid. When submit the form above error is showing Is it because of any fields in database having NULL VALUE or what could be the real reason.
When I click save
Dim intresult As String
Dim objParam As OleDbParameter() = {objDA.OutputParam("#Next_DocumentNo", OleDbType.VarChar, 20), _
objDA.InputParam("#Dtype", OleDbType.VarChar, 10, "D"), _
objDA.InputParam("#MID", OleDbType.VarChar, 20, Session("Mid"))}
intresult = objDA.ExecSP("dbo.GetNextDocNo", objParam)
If intresult = 1 Then
tNextDocNo = objDA.varOutputRet
Else
Exit Sub
End If
vDocType = "D"
vAllocID = "501"
vDummy = " "
vDummyBuyer = "NEX"
vRemarks = Replace(Replace(Me.TextRemark.Text, "'", "''"), vbCrLf, "")
strSQL = "INSERT INTO dbo.Hder (Document_Type, Document_No, Document_Date, Trans_Type, Type_Desc, V_Type, " & _
"Mid,Total_Amount, Total_Qty,Prepared_By,Remarks) " & _
"VALUES ('" & vDocType & "', '" & tNextDocNo & "', '" & Me.TextDate.Text & "', 'D', 'gift IN', 'GIFT', " & _
"'" & Mid & "', " & CDbl(Me.txtGrandTotal.Text) & ", " & CDbl(Me.txtTotalQty.Text) & ", " & _
"'" & GCurrentUserName & "', '" & vRemarks & "')"
intresult = objDA.ExecSP(strSQL, "Trans")
varOutputRet = CType(objCmd.Parameters(0).Value, Integer)
Error is highlighted in the below code in another form when I submit the above code
varOutputRet = CType(objCmd.Parameters(0).Value, Integer)
Check for DBNull before you cast:
varOutputRet = CInt(If(IsDBNull(objCmd.Parameters(0).Value), 0, objCmd.Parameters(0).Value))