Click here to Skip to main content
15,890,506 members
Search within:


how to make edit function on visual basic 2012 work properly?
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
VB
help, i'm working on a update function on my aplication program using visual studio ultimate 2012 VB.

after i fixed the error on my coding, i debug the program with f5. but, when i tried to update the data on the datagridview it doesn't change even thought the messagebox "data has been updated" show up.

how do i fix this problem?

here is the coding for update function:

form1:

VB
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
            ClassSiswa.ubahdata(New SqlConnection, (txt_nis.Text), (txt_nisn.Text), (txt_namasiswa.Text), (cmb_kelaminsiswa.Text), (txt_kotalahir.Text), (DTP_siswa.Text), (cmb_agamasiswa.Text), (txt_beratsiswa.Text), (txt_tinggi_badan.Text))
            datagridview()
        End Sub

    Private Sub UpdateDataSiswa()
        ClassSiswa.Nis = txt_nis.Text
        ClassSiswa.Nisn = txt_nisn.Text
        ClassSiswa.Nama_Siswa = txt_namasiswa.Text
        ClassSiswa.Tanggal_Lahir = DTP_siswa.Text
        ClassSiswa.Jenis_Kelamin = cmb_kelaminsiswa.Text
        ClassSiswa.Kota_Lahir = txt_kotalahir.Text
        ClassSiswa.Agama = cmb_agamasiswa.Text
        ClassSiswa.Tinggi_Badan = txt_tinggi_badan.Text
        ClassSiswa.Berat_Badan = txt_beratsiswa.Text
        ClassSiswa.Updatesiswa(ClassSiswa.opencon, (txt_nis.Text))
        datagridview()
    End Sub



VB
classSiswa:

    Public Shared Sub ubahdata(ByVal _cn As SqlClient.SqlConnection, ByVal _Nis As String, ByVal _Nisn As String, ByVal _nama_siswa As String, ByVal _jenis_kelamin As String, ByVal _kota_lahir As String, ByVal _tanggal_lahir As String, ByVal _agama As String, ByVal _berat_badan As String, ByVal tinggi_badan As String)
            Dim sql As New SqlClient.SqlCommand
            sql.Connection = _cn
            sql.CommandType = CommandType.Text
            sql.CommandText = "update siswa set nis='" & Nis & "',nisn='" & Nisn & "',nama_siswa='" & Nama_Siswa & "',jenis_kelamin='" & Jenis_Kelamin & "' ,kota_lahir='" & Kota_Lahir & "',tanggal_lahir='" & Tanggal_Lahir & "'agama='" & Agama & "'berat_badan='" & Berat_Badan & "',tinggi_badan='" & tinggi_badan & "'"


            MessageBox.Show(" Data Telah Diupdate")
            ClassSiswa.closecon()
        End Sub
        Public Shared Sub Updatesiswa(ByVal _Cn As SqlClient.SqlConnection, ByVal _nis As String)
            Dim sql As SqlClient.SqlCommand
            sql = New SqlClient.SqlCommand
            sql.Connection = _Cn
            sql.CommandType = CommandType.Text
            sql.CommandText = "Update siswa Set nis = '" & Nis & "', nisn = '" & Nisn & "' where nis = '" & _nis & "'"
            sql.ExecuteNonQuery()
        End Sub


this is the codin for opening connection:


classKoneksi:

Imports System.Data.SqlClient
Imports System.Data.Sql
Imports System.Data
Imports System.Configuration
Public Class ClassKoneksi
    Public Shared cmd As SqlClient.SqlCommand
    Public Shared CN As SqlClient.SqlConnection
    Public Shared _NamaDatabase As String

    Public Shared Property namadatabase As String
        Get
            Return _NamaDatabase

        End Get
        Set(value As String)

            _NamaDatabase = value

        End Set
    End Property

    Public Shared Function opencon() As SqlClient.SqlConnection
        CN = New SqlClient.SqlConnection
        CN.ConnectionString = "Data Source=RICKY-PC\LENOVOSQL;Initial Catalog=KPIRWAN;Integrated Security=True "
        CN.Open()
        Return CN
    End Function

    Public Shared Sub closecon()
        CN.Close()
        CN.ConnectionString = Nothing
    End Sub
End Class


and this is the sql query in sql server:

Create Database KPIRWAN
use KPIRWAN

Create Table siswa 
(
Nis int primary key,
Nisn int,
Nama_Siswa varchar(40),
Jenis_Kelamin varchar (10),
Kota_Lahir varchar (10),
Tanggal_Lahir date,
Agama varchar (10),
Berat_Badan int,
Tinggi_Badan int)


Create Table Pengguna (Nama Varchar(40), Sandi Varchar(40))
insert into Pengguna values('123','456')
insert into pengguna values('mdp','123')

select*from siswa
select*from Pengguna
Posted
Updated 28-Apr-15 22:57pm
v7
Add a Solution
Comments
Richard Deeming 28-Apr-15 9:15am    
Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

1 solution

First problem: your code is vulnerable to SQL Injection[^].

Second problem: Your ubahdata method creates a SqlCommand, but never executes it.

Third problem: The query in your ubahdata method appears to be missing a WHERE clause. It will update EVERY record in the table.

VB.NET
Public Shared Sub ubahdata(ByVal _cn As SqlClient.SqlConnection, ByVal _Nis As String, ByVal _Nisn As String, ByVal _nama_siswa As String, ByVal _jenis_kelamin As String, ByVal _kota_lahir As String, ByVal _tanggal_lahir As String, ByVal _agama As String, ByVal _berat_badan As String, ByVal tinggi_badan As String)

    Using cmd As New SqlClient.SqlCommand()
        cmd.Connection = _cn
        cmd.CommandType = CommandType.Text
        cmd.CommandText = "UPDATE siswa SET nis = @NewNis, nisn = @nisn, nama_siswa = @nama_siswa, jenis_kelamin = @jenis_kelamin, kota_lahir = @kota_lahir, tanggal_lahir = tanggal_lahir, agama = @agama, berat_badan = berat_badan, tinggi_badan = @tinggi_badan WHERE nis = @OldNis"
        
        cmd.Parameters.AddWithValue("@NewNis", Nis)
        cmd.Parameters.AddWithValue("@nisn", _Nisn)
        cmd.Parameters.AddWithValue("@nama_siswa", _nama_siswa)
        cmd.Parameters.AddWithValue("@jenis_kelamin", _jenis_kelamin)
        cmd.Parameters.AddWithValue("@kota_lahir", _kota_lahir)
        cmd.Parameters.AddWithValue("@tanggal_lahir", _tanggal_lahir)
        cmd.Parameters.AddWithValue("@agama", _agama)
        cmd.Parameters.AddWithValue("@berat_badan", _berat_badan)
        cmd.Parameters.AddWithValue("@tinggi_badan", _tinggi_badan)
        cmd.Parameters.AddWithValue("@OldNis", _Nis)
        
        cmd.ExecuteNonQuery()
    End Using
    
    MessageBox.Show(" Data Telah Diupdate")
End Sub

Public Shared Sub Updatesiswa(ByVal _Cn As SqlClient.SqlConnection, ByVal _nis As String)
    Using cmd As New SqlClient.SqlCommand()
        cmd.Connection = _cn
        cmd.CommandType = CommandType.Text
        cmd.CommandText = "UPDATE siswa SET nis = @NewNis, nisn = @Nisn WHERE nis = @OldNis"
		
        cmd.Parameters.AddWithValue("@NewNis", Nis)
        cmd.Parameters.AddWithValue("@nisn", Nisn)
		cmd.Parameters.AddWithValue("@OldNis", _Nis)
		
        cmd.ExecuteNonQuery()
    End Using
End Sub
 
Share this answer
 
Posted
Comments
Sergey Alexandrovich Kryukov 28-Apr-15 9:36am    
5ed.
—SA
asasql 28-Apr-15 11:22am    
there is an error with cmd.ExecuteNonQuery(), "invalidOperationException was unhandled" showed up when i clicked button1 to update datagridview.
the error description said "ExecuteNonQuery requires an open and available Connection. The connection's current state is closed".
Richard Deeming 28-Apr-15 11:49am    
Did you open the connection before passing it to the method?

If not, you'll need to call _cn.Open() before cmd.ExecuteNonQuery().
asasql 29-Apr-15 3:48am    
i put _cn.open before cmd.ExecuteNonQuery(), now the error said "The ConnectionString property has not been initialized" on tne _cn.open().
Richard MacCutchan 29-Apr-15 5:09am    
Then you need to initialise it with a valid connection string.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
JS functions not working properly
update function in visual basic 2012 OOP method
Why isn't setdesktoplocation working? (Visual basic 2010)
Add two numbers using function in visual basic
save function for visual basic 2012 OOP method
how to create save function for datagridview visual basic 2012
Status bar control not working properly with XP Visual Styles manifest
Space not working because of keypress visual basic 2012 (OOP method)
Problem regarding Form Display in Visual basic 2008 express edition
how to make button to change form in visual basic 2012 (OOP method)

Advertise
Privacy
Cookies
Terms of Use
Last Updated 29 Apr 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900