Need help in the error

Question

1.00/5 (1 vote)

See more:

Hi all

Please find the below details and help me to solve the prob

code:

VB

Dim con1 As New SqlConnection("Data Source=KITT7-PC;Initial Catalog=project;User ID=sa;Password=1234")

       con1.Open()
       Dim cmd As New SqlCommand("insert into CompanyCreation values('" & txtCompanyName.Text & "','" & txtCompanyCode.Text & "','" & txtCompanyAlias.Text & "','" & txtAddress.Text & "','" & cmbCity.Text & "','" & txtPincode.Text & "','" & cmbState.Text & "','" & txtCountry.Text & "','" & txtPh1.Text & "','" & txtPh2.Text & "','" & txtPh3.Text & "','" & txtFax.Text & "','" & txtMobile.Text & "','" & txtEmail.Text & "','" & txtWebsite.Text & "','" & txtServiceTAX.Text & "','" & txtVATNo.Text & "','" & cmbTaxing.Text & "','" & cmbFinYear.Text & "','" & txtCurrency.Text & "','" & txtITPan.Text & "','" & cmbAccountingSystem.Text & "','" & txtTIN.Text & "','" & txtCST.Text & "','" & txtWardno.Text & "','" & txtAdminUser.Text & "','" & txtAdminPass.Text & "','" & txtConfirmPass.Text & "','" & txtcodex.Text & "','" & txtPass.Text & "','" & txtConfirmPass.Text & "')", con1)
       cmd.ExecuteNonQuery()
       Catch ex As Exception

       End Try

database:

SQL

ID	int	
CompanyCode	varchar(50)	
CompanyName	varchar(25)	
Alias	varchar(100)	
AgentType	varchar(100)	
Address	varchar(25)	
City	varchar(25)	
Pincode	int	
State	varchar(100)	
Country	varchar(100)	
Ph1	numeric(10, 0)	
Ph2	numeric(10, 0)	
Ph3	numeric(10, 0)	
Fax	numeric(10, 0)	
Mobile	numeric(10, 0)	
Email	nvarchar(30)	
Website	nvarchar(30)	
Taxing	varchar(30)	
ServiceTax	decimal(10, 2)	
VATNo	int	
FinancialYearStart	int	
IndianCurrencySymbol	varchar(25)	
ITPan	varchar(25)	
AccountingSystem	varchar(15)	
Account	varchar(25)	
TIN	numeric(10, 0)	
CST	varchar(25)	
WardNo	int	
AdminUser	varchar(30)	
AdminPass	varchar(30)	
LocatonofDataSave	varchar(50)	
Codex	int

I am getting the error saying
Error converting data type varchar to numeric.

Please tell me where is the problem.

Posted 26-Apr-13 3:19am

Code-Hunt

Add a Solution

Comments

StianSandberg 26-Apr-13 9:24am

your code is vulnerable to sql-injections. You really should do something about it...

Jochen Arndt 26-Apr-13 9:36am

With sqlite, you must pass NULL as first value for the ID field when it is the primary key.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2013-04-26T03:33:00

What a mess!
There are a number of things you need to do before you will get a good idea what is happening here:
1) Use Parametrized queries. As AlluvialDeposit says, you are wide open to SQL injection attacks as your code stands. Parametrized queries will also make you code much, much more readable.
2) Name the fields you are inserting into.

SQL

INSERT INTO CompanyCreation (ID, CompanyCode, CompanyName, ...) VALUES (...

That way, SQL knows exactly which value you want to insert into which column.

It would also be a very good idea to convert the values to an appropriate datatype before passing them through to SQL - that way if the user makes a mistake, you can issue a specific error message instead of your app failing with an exception because SQL can't convert a value either.

Doing those will probably get rid of your problem as well as improving usability, readability, reliability and maintainability.

StianSandberg · Answer 2 · 2013-04-26T03:30:00

Solution 1

The error means that you are trying to insert a string value into a number column. Try to write out your generated sql-query before you execute it to see if you can spot the error.

C#

Response.Write(cmd.CommandText);
Response.End();

Posted 26-Apr-13 3:30am

StianSandberg