Click here to Skip to main content
15,920,217 members
Search within:


How do i...update my access database
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
VB
how can i update my access database in vb.net code i use OleDb connection to the database it's make change in datagridview but not into the database
Public Sub executquery()
        Dim commandOleDb As New OleDbCommand(query, con)
        commandOleDb.ExecuteNonQuery()
        con.Close()
    End Sub
--------------------
    Private Sub ButtonInsert_Click(sender As Object, e As EventArgs)
        Dim con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Almaashat.accdb")
        Dim query As String
        Try
            con.Open()
            query = "INSERT INTO Techers (File_ID,Name,Workplace,Jop,Appointment,Class,Birthday,End_date,End_class,End_for,Note) VALUES (" & TextBoxFile_ID.Text & " ,'" & TextBoxName.Text & "' ,'" & TextBoxWorkplace.Text & "' ,'" & TextBoxJop.Text & "'  ,'" & DateTimePickerAppoiment.Text & "','" & TextBoxClass.Text & "','" & DateTimePickerBirthday.Text & "' ,'" & DateTimePickerEnd_date.Text & "' ,'" & TextBoxEnd_class.Text & "','" & TextBoxEnd_for.Text & "' ,'" & TextBoxNote.Text & "')"
            executquery()
            con.Close()
            MsgBox("Your Data Inserted")
        Catch ex As Exception
            MsgBox("Your Data Not Inserted")
        End Try
        TechersDataGridView.DataSource = TechersBindingSource
           End Sub


What I have tried:

Public Sub executquery()
        Dim commandOleDb As New OleDbCommand(query, con)
        commandOleDb.ExecuteNonQuery()
        con.Close()
    End Sub
    Private Sub ButtonInsert_Click(sender As Object, e As EventArgs)
        Dim con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Almaashat.accdb")
        Dim query As String
        Try
            con.Open()
            query = "INSERT INTO Techers (File_ID,Name,Workplace,Jop,Appointment,Class,Birthday,End_date,End_class,End_for,Note) VALUES (" & TextBoxFile_ID.Text & " ,'" & TextBoxName.Text & "' ,'" & TextBoxWorkplace.Text & "' ,'" & TextBoxJop.Text & "'  ,'" & DateTimePickerAppoiment.Text & "','" & TextBoxClass.Text & "','" & DateTimePickerBirthday.Text & "' ,'" & DateTimePickerEnd_date.Text & "' ,'" & TextBoxEnd_class.Text & "','" & TextBoxEnd_for.Text & "' ,'" & TextBoxNote.Text & "')"
            executquery()
            con.Close()
            MsgBox("تم الإدخال بنجاح")
        Catch ex As Exception
            MsgBox("لم يتم الإدخال بنجاح")
        End Try
        TechersDataGridView.DataSource = TechersBindingSource
           End Sub
Posted
Updated 5-Feb-18 20:04pm
Add a Solution

3 solutions

Never use concatenated string due to SQL Injection.
A bit information about SQL Injection and the way how to do it in proper way is described here: Record not insert in ms access database[^]
 
Share this answer
 
Posted
Not like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Fix that, and note that query inside your ButtonInsert_Click method is a local variable, so it is not in any way related to query inside your executquery method.

And do yourself a favour - don't hard-code connection strings! They should always be in configuration files, so you don;t need to change your software and recompile for each new installation.
 
Share this answer
 
Posted
Judging by the posted code, look like it could be issue in executquery() function.

1. not clear how the "query" and "con" variable get populated.

Either move these two lines outside of button click function or pass those variables to executquery()

VB
Dim query As String
Dim con As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Almaashat.accdb")


By the way, why not keep it simple and leave this two line in button click function?

VB
Dim commandOleDb As New OleDbCommand(query, con)
        commandOleDb.ExecuteNonQuery()


Once you got it to work, then you can look into using Parameterized Query
Adding and Saving Records to Access Database using VB.NET | Free source code, tutorials and articles[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How do I update some data in my database table
Update data in Microsoft access database?
Updating an Access Database
Update information in database
How do I access a database
how to update ms access database
Undo an update in Access database
update datatable records into access database
An updating of a table in access database
Sql string in an access database

Advertise
Privacy
Cookies
Terms of Use
Last Updated 6 Feb 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-06-13:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900