Importing excel files to my SQL using bulkcopy

Question

0.00/5 (No votes)

See more:

hello guys I'm having a problem with a project that I build
I'm trying to import excel files to sql server 2016 using bulkcopy and I got this error

"'DAFTAR1$' is not a valid name. Make sure that it does not include invalid characters or punctuation and that it is not too long"

I think there is a problem with this code
Dim query_excel As String = "SELECT * from [" & file & "$]"

i tried all of this code on another pc and it works perfectly but on my pc it's getting that error, I don't know what did I wrong, I'm using visual basic 2010 professional edition, sql management server 2016 and microsoft office 2016

can anyone help me to figure what is wrong with the code ?

What I have tried:

VB

<pre>
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        If OpenFileDialog1.ShowDialog = DialogResult.OK Then
            TextBox1.Text = OpenFileDialog1.FileName
            file = System.IO.Path.GetFileNameWithoutExtension(TextBox1.Text)

        End If

    End Sub

    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click

        Dim koneksi_excel As New System.Data.OleDb.OleDbConnection("Provider=Microsoft.ace.OLEDB.12.0;Data Source='" & TextBox1.Text & "';Extended Properties=""Excel 12.0 Xml;HDR=YES;""")
        koneksi_excel.Open()

        Dim query_excel As String = "SELECT * from [" & file & "$]"
        Dim cmd As OleDb.OleDbCommand = New OleDb.OleDbCommand(query_excel, koneksi_excel)
        Dim rd As OleDb.OleDbDataReader

        rd = cmd.ExecuteReader()

        Dim koneksi As New SqlClient.SqlConnection()
        Dim koneksidatabase As String = "server=DESKTOP-KJQ8PNO\SQLEXPRESS;database=otto;Integrated Security=True"
        koneksi.ConnectionString = koneksidatabase


        koneksi.Open()
        Dim da As New OleDb.OleDbDataAdapter
        Dim ds As New DataSet()
        Dim dt As New DataTable
        ds.Tables.Add(dt)
        da = New OleDb.OleDbDataAdapter(query_excel, koneksi_excel)
        da.Fill(dt)


        Using bulkcopy As SqlClient.SqlBulkCopy = New SqlClient.SqlBulkCopy(koneksi)
            bulkcopy.DestinationTableName = file
            bulkcopy.BulkCopyTimeout = 600
            bulkcopy.WriteToServer(rd)
            rd.Close()


            MsgBox("Data uploaded to database", MsgBoxStyle.Information, "Uploaded")
            TextBox1.Text = ""
        End Using
    End Sub

Posted 28-Mar-17 22:42pm

Member 13052135

Updated 29-Mar-17 12:45pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Answer 1 · 2017-03-29T12:44:00

VB

Dim query_excel As String = "SELECT * from [" & file & "$]"

Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[^]
SQL Injection[^]

Quote:
I got this error "'DAFTAR1$' is not a valid name.

And what is the real database name?
Are you sure it exist in your PC?