Help me to do action at delete

Question

0.00/5 (No votes)

See more:

kindly help me when i tried to delete message show of success but in reality it not perform action of deletion

What I have tried:

Protected Sub btndelete_Click(sender As Object, e As EventArgs) Handles btndelete.Click

Con = New SqlConnection("Data Source=VU-IT-INTERN1;Initial Catalog=fuelsystem;User ID=sa;Password=123")

Try
Con.Open()
Cmd.Connection = Con
Cmd = New SqlCommand
Cmd.CommandText = "DELETE FROM fuel Where Fuel_Id='" & txtfillingid.Text & "', GenID='" & txtGeneratorId.Text & "', F_date='" & txtDate.Text & "', S_F_reading='" & txtBeforefilling.Text & "', E_F_reading='" & txtAfterfilling.Text & "', Total_Feul='" & TxtTottal.Text & "'"
lblmessage.Text = "Your data has succesfully deleted"

'For Each p As SqlParameter In Cmd.Parameters
' Cmd.Parameters.Remove(p)
'Next
Catch ex As Exception
lblmessage.Text = ex.ToString

Finally
Con.Close()
End Try

btnInsert.Visible = False
End Sub

Posted 26-May-16 0:46am

Mahar Tanvir

Updated 26-May-16 1:09am

Add a Solution

Comments

Mahar Tanvir 26-May-16 7:53am

is it correct form to use to build sql Command with connection string?
Con = New SqlConnection("Data Source=VU-IT-INTERN1;Initial Catalog=fuelsystem;User ID=sa;Password=123")

Try
Con.Open()
Cmd = New SqlCommand("DELETE FROM fuel Where Fuel_Id='" & txtfillingid.Text & "' AND GenID='" & txtGeneratorId.Text & "' AND F_date='" & txtDate.Text & "' AND S_F_reading='" & txtBeforefilling.Text & "' AND E_F_reading='" & txtAfterfilling.Text & "' AND Total_Feul='" & TxtTottal.Text & "'", Con)

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2016-05-26T01:09:00

Solution 1

Firstly, don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

And second, comma is not a WHERE condition conjunction: you need AND or OR:

SQL

DELETE FROM MyTable WHERE columnName1=value AND columnName2=otherValue

Or

SQL

DELETE FROM MyTable WHERE columnName1=value ORcolumnName2=otherValue

Finally, you need to execute the command:

VB

Cmd.ExecuteNonQuery()

Posted 26-May-16 1:09am

OriginalGriff

Comments

Mahar Tanvir 26-May-16 7:44am

Sir as You above says that"Do not concatenate strings to build a SQL command"
kindly told me about connection and command how i should do it

Richard Deeming 26-May-16 12:15pm

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]