Insert/Delete records using VB.Net code

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

SQL Server 2005 Forums

SQL Server Administration (2005)

Insert/Delete records using VB.Net code

Author

Topic

edse
Starting Member

1 Post

Posted - 2009-12-30 : 04:32:44

Hello Everybody of the SQL Team.

Sorry for my English.

Can somebody help me with the following problem.

I try to add and delete records in a SQL 2008 server data base with the following code in VB.Net. By running the code the following error appears.

The multi-part identifier "txtNaam.text" could not be bound. The multi-part identifier "txtVoornaam.text" could not be bound.

See beneath for more details about the using code.

Code to insert new records.

Dim con As New SqlClient.SqlConnection
Dim cmd As New SqlClient.SqlCommand
con.ConnectionString = "Server=BGC-IPAUZLIX959\SQLEXPRESS;Database=Colibri;Integrated Security=True"

con.Open()

cmd.Connection = con

cmd.CommandText = "INSERT INTO KlantenT (KlantNaam,KlantVoornaam) VALUES (txtNaam.text ,txtVoornaam.text)"

cmd.ExecuteNonQuery()

'cmd.ExecuteScalar()

End Sub

Code to delete records.

Dim con As New SqlClient.SqlConnection
Dim cmd As New SqlClient.SqlCommand
Try
con.ConnectionString = "Server=BGC-IPAUZLIX959\SQLEXPRESS;Database=Colibri;Integrated Security=True"
con.Open()
cmd.Connection = con
cmd.CommandText = "DELETE FROM KlantenT WHERE KlantId = txtKlantNummer.text"
cmd.ExecuteNonQuery()

Catch ex As Exception
MessageBox.Show("Error while deleting record on table..." & ex.Message, "Delete Records")
Finally
con.Close()
End Try
End Sub.

Thanks in advance.
Edse.

russell
Pyro-ma-ni-yak

5072 Posts

Posted - 2009-12-30 : 08:35:34

change this line:

cmd.CommandText = "INSERT INTO KlantenT (KlantNaam,KlantVoornaam) VALUES (txtNaam.text ,txtVoornaam.text)"

if the variables are numeric to this:

cmd.CommandText = "INSERT INTO KlantenT (KlantNaam,KlantVoornaam) VALUES (" & txtNaam.text & ", " & txtVoornaam.text & ")"

and if they are strings to this:

cmd.CommandText = "INSERT INTO KlantenT (KlantNaam,KlantVoornaam) VALUES ('" & txtNaam.text & "', '" & txtVoornaam.text & "')"

BUT you really should be using stored procedures and validating your input. This setup is just begging for SQL Injection hacks -- one of the easiest and most damaging hacks out there. Do a little research on "SQL Injection"

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources