how to correct my runtime error

Question

1.00/5 (1 vote)

See more:

my insert query is

VB

Private Sub addnew_Click()
str = "insert into profile(rollno,fathername,occupation,contactno,mothername,mother's occupation,annualincome,religion,caste,address,city,state)values(" & rno.Text & ", ' " & fname.Text & " ',' " & occu.Text & " ',' " & cno.Text & " ' ,' " & mname.Text & " ',' " & occupation.Text & " ', ' " & ain.Text & " ', ' " & religion.Text & " ', ' " & caste.Text & " ', ' " & address.Text & " ',' " & city.Text & " ',' " & state.Text & " ')"
cn.Execute (str)
MsgBox ("DETAILS ADDED ")
End Sub

while executing this i got a runtime error,
can anyone help in correcting this runtime error.
THANKS IN ADVANCE............

Posted 16-Sep-12 4:51am

srisubha

Add a Solution

Comments

[no name] 16-Sep-12 10:53am

And that error would be...? It helps to give us all of the information...
Your error would probably go away if you used parameterized queries like you should be using to prevent SQL injection attacks.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-09-16T05:02:00

Did you really name a column "mother's occupation"?

I am surprised that SQL server let you do that. If you did, then you will need to enclos it in '[' and ']' characters:

SQL

str = "insert into profile(rollno,fathername,occupation,contactno,mothername,[mother's occupation],annualincome,religion,caste,address,city,state)...

But also, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.