Click here to Skip to main content
13,247,336 members (89,908 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
showing error read time no details show... please help me.
in this two line
cmbpartynm.Text = dr("prtynm")
cmbinvtype.Text = dr("invtyp")

if i delete the 1st line then error show the 2nd line
please help me

001 — imgbb.com[^]
002 — imgbb.com[^]
003 — imgbb.com[^]
004 — imgbb.com[^]
001 — imgbb.com[^]

Please see the link and please help me. You saying about this portion for "SQL Injection" or my coding portion. I don't know better English, please forgive me.

if I off this two line then no error
cmbpartynm.Text = dr("prtynm")
cmbinvtype.Text = dr("invtyp")

I run two privet sub in this two combox in form load event. I think problem is come from here. So, I stop the run this two privet sub. the no error and o problem.
Two Privet Sub Is---------------

1) for party name combox
Private Sub loadpartyNAME()
Call connection()
' unmcmb.Enabled = False
Dim ds As New DataSet
Dim dt As New DataTable
Dim da As New OleDb.OleDbDataAdapter
da = New OleDb.OleDbDataAdapter("select * from party_ldg", cn)
da.Fill(ds, "party_ldg")
ds.Tables(0).DefaultView.Sort = "prtynm"
' cn.Close()
With cmbpartynm
.DataSource = ds.Tables("party_ldg")
.DisplayMember = "prtynm"
'.ValueMember = "UNTid"
End With
End Sub


2) For Inv Type(cash/credit combox)

Private Sub loadinvoicetype()
Call connection()
' unmcmb.Enabled = False
Dim ds As New DataSet
' Dim dt As New DataTable
Dim da As New OleDb.OleDbDataAdapter
 
da = New OleDb.OleDbDataAdapter("select * from inv_type", cn)
da.Fill(ds, "inv_type")
ds.Tables(0).DefaultView.Sort = "invtyp"
' cn.Close()
With cmbinvtype
.DataSource = ds.Tables("inv_type")
.DisplayMember = "invtyp"
'.ValueMember = "UNTid"
End With
 
End Sub


What I have tried:

If cn.State = ConnectionState.Open Then
            cn.Close()
        End If
        cn.Open()
        Call connection()
        Dim str As String
        str = "SELECT * FROM party_ldg,inv_type,pur_inv  WHERE pur_inv.partyIDpur=party_ldg.partyID and pur_inv.invtypidpur=inv_type.invtypid and purinvid = '" & TextBox1.Text & "'"
        Dim cm As OleDb.OleDbCommand = New OleDb.OleDbCommand(str, cn)
        dr = cm.ExecuteReader
        While dr.Read()
            '     txtpurinvid.Text = dr("purinvid")
            txtminvdt.Text = dr("purinvdt")
            txtpurinvno.Text = dr("invno")
            txtmpurinvdt.Text = dr("invdt")
            txttotaltaxable.Text = dr("tottaxblamt")
            txttotaltaxamt.Text = dr("taxamt")
            txtinvamt.Text = dr("invamt")
            txtnrr.Text = dr("nrr")
            cmbpartynm.Text = dr("prtynm")
            cmbinvtype.Text = dr("invtyp")
            txtpartyid.Text = dr("partyIDpur")
            txtinvtypeid.Text = dr("invtypidpur")
        End While
        ' Button5_Click(sender, e)
        'Button2_Click(sender, e)
    End Sub
Posted 17-Jul-17 6:14am
Updated 18-Jul-17 0:14am
v3
Comments
Jayanta Modak 17-Jul-17 11:17am
   
https://ibb.co/bDLEHv
https://ibb.co/minuHv
https://ibb.co/n2FQPa
https://ibb.co/bzSuHv
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Don;t do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

That probably won;t solve your original problem immediately, but it'll save your DB later on...

We can't solve it for you - we don't have access to your data, which you need in order to look at what is actually happening. So, its going to be up to you.
Put a breakpoint on the first line in the function, and run your code through the debugger. Then look at your code, and at your data and work out what should happen manually. Then single step each line checking that what you expected to happen is exactly what did. When it isn't, that's when you have a problem, and you can back-track (or run it again and look more closely) to find out why.

Sorry, but we can't do that for you - time for you to learn a new (and very, very useful) skill: debugging!
  Permalink  
Comments
Jayanta Modak 17-Jul-17 11:48am
   
attached database screenshot ?
OriginalGriff 17-Jul-17 12:03pm
   
Doesn't help, because we can't use it against the actual data you are entering. Seriously, give the debugger a go - it's not difficult, and getting used to it on a small app like this makes your life a whole load easier later on.

And do yourself a favour: posting screenshots because you can't be bothered to copy and paste the actual data doesn't make it easier for us - and the harder you make things for people to help you, the less help you generally get. Make sense?
Jayanta Modak 18-Jul-17 1:25am
   
Thanks for reply. I am very newer in vb.net i have no knowledge about "SQL Injection"
Sorry sir, https://ibb.co/f2QX4a please see the link and please help me. You saying about this portion for "SQL Injection" or my coding portion. I don't know better English, please forgive me.

if I off this two line then no error
cmbpartynm.Text = dr("prtynm")
cmbinvtype.Text = dr("invtyp")

I run two privet sub in this two combox in form load event. I think problem is come from here. So, I stop the run this two privet sub. the no error and o problem.
Two Privet Sub Is---------------

1) for party name combox



Private Sub loadpartyNAME()
Call connection()
' unmcmb.Enabled = False
Dim ds As New DataSet
Dim dt As New DataTable
Dim da As New OleDb.OleDbDataAdapter

da = New OleDb.OleDbDataAdapter("select * from party_ldg", cn)
da.Fill(ds, "party_ldg")
ds.Tables(0).DefaultView.Sort = "prtynm"
' cn.Close()
With cmbpartynm
.DataSource = ds.Tables("party_ldg")
.DisplayMember = "prtynm"
'.ValueMember = "UNTid"
End With
End Sub

2) For Inv Type(cash/credit combox)




Private Sub loadinvoicetype()
Call connection()
' unmcmb.Enabled = False
Dim ds As New DataSet
' Dim dt As New DataTable
Dim da As New OleDb.OleDbDataAdapter

da = New OleDb.OleDbDataAdapter("select * from inv_type", cn)
da.Fill(ds, "inv_type")
ds.Tables(0).DefaultView.Sort = "invtyp"
' cn.Close()
With cmbinvtype
.DataSource = ds.Tables("inv_type")
.DisplayMember = "invtyp"
'.ValueMember = "UNTid"
End With

End Sub
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
-----
There is a tool that allow you to see what your code is doing, its name is debugger. It is also a great learning tool because it show you reality and you can see which expectation match reality.
When you don't understand what your code is doing or why it does what it does, the answer is debugger.
Use the debugger to see what your code is doing. Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.

Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]
Visual Basic / Visual Studio Video Tutorial - Basic Debugging - YouTube[^]
Visual Basic .NET programming for Beginners - Breakpoints and Debugging Tools[^]
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't find bugs, it just help you to. When the code don't do what is expected, you are close to a bug.
  Permalink  
Comments
Jayanta Modak 18-Jul-17 1:17am
   
Thanks for reply. I am very newer in vb.net i have no knowledge about "SQL Injection"
Sorry sir, https://ibb.co/f2QX4a please see the link and please help me. You saying about this portion for "SQL Injection" or my coding portion. I don't know better English, please forgive me.

if I off this two line then no error
cmbpartynm.Text = dr("prtynm")
cmbinvtype.Text = dr("invtyp")

I run two privet sub in this two combox in form load event. I think problem is come from here. So, I stop the run this two privet sub. the no error and o problem.
Two Privet Sub Is---------------

1) for party name combox



Private Sub loadpartyNAME()
Call connection()
' unmcmb.Enabled = False
Dim ds As New DataSet
Dim dt As New DataTable
Dim da As New OleDb.OleDbDataAdapter

da = New OleDb.OleDbDataAdapter("select * from party_ldg", cn)
da.Fill(ds, "party_ldg")
ds.Tables(0).DefaultView.Sort = "prtynm"
' cn.Close()
With cmbpartynm
.DataSource = ds.Tables("party_ldg")
.DisplayMember = "prtynm"
'.ValueMember = "UNTid"
End With
End Sub

2) For Inv Type(cash/credit combox)




Private Sub loadinvoicetype()
Call connection()
' unmcmb.Enabled = False
Dim ds As New DataSet
' Dim dt As New DataTable
Dim da As New OleDb.OleDbDataAdapter

da = New OleDb.OleDbDataAdapter("select * from inv_type", cn)
da.Fill(ds, "inv_type")
ds.Tables(0).DefaultView.Sort = "invtyp"
' cn.Close()
With cmbinvtype
.DataSource = ds.Tables("inv_type")
.DisplayMember = "invtyp"
'.ValueMember = "UNTid"
End With

End Sub
ppolymorphe 18-Jul-17 2:56am
   
Use Improve question to update your question.
So that everyone can pay attention to this information.
Jayanta Modak 18-Jul-17 3:46am
   
Thanks Sir. I do It

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy |
Web02 | 2.8.171114.1 | Last Updated 18 Jul 2017
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100