Click here to Skip to main content
15,993,913 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am unable to insert info into my log table. Yes the connection to data base works as it is showing its contents in data grid view on form. The data base just won't accept the insert. ( Please don't say read a book, or look on internet I have been for over a week) Now all I am is confused. Here is the code

VB.NET
Private Sub BtnLog_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BtnLog.Click
       Dim SqlConn As New SqlCeConnection
       Dim SqlCmd As New SqlCeCommand

       SqlConn.ConnectionString = ("DataSource = My_Logger.sdf;")

       Try
           SqlConn.Open()

           Dim StrInsert As String
           StrInsert = ("LDate,LTime,HCall,State,County,Band,Freq,Mode,MCall,HRST,YRST,HOper,MOper,RunStart,RunEnd,NetDuration) Values ('" & TextBox2.Text & "','" & CbxState.Text & "','" & CbxCounty.Text & "','" & ComboBox1.Text & "','" & ComboBox2.Text & "','" & ComboBox5.Text & "','" & TextBox1.Text & "','" & ComboBox3.Text & "','" & ComboBox4.Text & "','" & ComboBox6.Text & "','" & TextBox4.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "')")

           Dim Reader As SqlCeDataReader

           Dim SqlNonQuery As String
           SqlNonQuery = "insert into Log  (StrInsert)"


           SqlCmd = New SqlCeCommand(SqlNonQuery, SqlConn)
           Reader = Command.ExecuteReader

           ' SqlConn.Close()

           MsgBox("Data is Saved")
           SqlConn.Close()

       Catch ex As Exception
           MsgBox(ex.Message)
           'Make Sure Connection Is Closed
           If ConnectionState.Open Then
               SqlConn.Close()
           End If
       End Try



   End Sub


Please help new to this just need some help??????

What I have tried:

I have written the code a couple of ways as were shown in tutorials, I think the problem with that was they were ACCess data base and full blown server database's.
Posted
Updated 8-Apr-16 10:08am

1 solution

Where do I begin? First, you're using string concatenation to build your SQL query. This is a HUGE security problem. Google for "SQL Injection Attack" to find out why. Next, Google for "VB.NET parameterized queries" to mitigate the problem. Oh, and a nice side effect of that is you get far better debuggable code out of it.

Next, you've got this:
VB
SqlNonQuery = "insert into Log  (StrInsert)"

Ummmm... you used string concatenation to build the SQL query and then you completely forget how to use string concatenation to finish building the query? I'd rather you didn't use concatentation at all and did the whole query thing properly instead of band-aiding this horrible code into working.

Oh, and SqlCe, at least version 5, is deprecated and no longer supported as of 4/12/16. You might want to move to a more current database engine, like SQL Express, LocalDb, SqlLite, or whatever.
 
Share this answer
 
Comments
medic63 8-Apr-16 18:31pm    
Dave
Thanks for your input I went and googled both your suggestions, I understand what you are saying. Like I said in my post I am New to programming, and not nearly as knowledgeable as you on the subject, but I am learning.I have been using what I have and will get LocalDb as soon as I leave here. Can you point me to where I can learn the proper way to program the query ? I have looked high and low for guidance but its all, so cryptic to me. I want to learn not have it done for me.
Thanks for your input and some guidance would be appreciated.
Dave Kreskowiak 8-Apr-16 19:53pm    
The second Google search I specified will give you that. The biggest part of learning to code is learning how to do research because there is ALWAYS something we don't know how to do and have to research in order to get it done. Writing code is a side effect of do research, not the other way around.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900