Public member 'to' on type 'string' not found error

Question

0.00/5 (No votes)

See more:

This window keeps popping up whenever I try to click the data grid to update information. I need to update the date columns in my data grid. I'm using SQLite and vb.net Any help would be appreciated.

Code to my datagrid

VB

Private Sub dgLogs_CellContentClick(sender As Object, e As DataGridViewCellEventArgs) Handles dgLogs.CellContentClick
    btnUpdate.Enabled = True

    Try
        txtLog.Text = dgLogs.Rows(e.RowIndex).Cells(0).Value.ToString
        dtpDateB.CustomFormat = dgLogs.Rows(e.RowIndex).Cells(1).Value.To("MM/dd/yyyy hh:mm")
        dtpDateR.CustomFormat = dgLogs.Rows(e.RowIndex).Cells(2).Value.To("MM/dd/yyyy hh:mm")
        txtLRN.Text = dgLogs.Rows(e.RowIndex).Cells(3).Value.ToString
        txtItem.Text = dgLogs.Rows(e.RowIndex).Cells(4).Value.ToString
    Catch ex As Exception
        MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
    End Try
End Sub

This is the code to my update button

VB

Private Sub updateLogs()
        'UPDATE `tblLogs` SET `fldLog`=? WHERE _rowid_='13';
        strSQL = "UPDATE tblLogs SET fldDateB='" & dtpDateB.Text & "',
                                        fldDateR='" & dtpDateR.Text & "',
                                        fldLRN='" & txtLRN.Text & "',
                                        fldItem='" & txtItem.Text & "',
                                        WHERE fldLog='" & txtLog.Text & "'"
        Result = ExecNonQuery(strSQL)
        MessageBox.Show("Data has been updated", "Update", MessageBoxButtons.OK, MessageBoxIcon.Information)
        Load_Data()
        initializeBtn()
    End Sub

What I have tried:

I tried adding ParseExact for the date but I barely understand it.

I also tried changing the properties for the dates like changing

.Text to .CustomFormat

but instead of showing two boxes of the same error, it changed only to one. I didn't know what it did but it helped.

I also tried using .To("MM/dd/yyyy hh:mm) rather than ToString but it did nothing

Posted 25-Mar-18 4:08am

IamLance1578

Updated 25-Mar-18 4:59am

Add a Solution

Comments

phil.o 25-Mar-18 10:12am

Why are you trying to change the format strings of your DateTimePickers everytime a cell is clicked? Do you understand what the format string is for?

PIEBALDconsult 25-Mar-18 10:25am

Are you saying that the code you show isn't the code that produces the stated error?

IamLance1578 25-Mar-18 10:30am

I think that's the code. The error only appears whenever I click on the data grid.

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Answer 1 · 2018-03-25T04:33:00

VB

dtpDateB.CustomFormat = dgLogs.Rows(e.RowIndex).Cells(1).Value.To("MM/dd/yyyy hh:mm")

The String class does not contain a method named To. Use the documentation to see how to create a formatted date.

And please do not use string concatenation to create SQL statements. Use proper parameterised queries, with user input that you first validate.

OriginalGriff · Answer 2 · 2018-03-25T04:35:00

The object class doesn't have a To property or method so the system complains. It's possible that ToString will do it, but ... that's some very odd code.
You are setting the DateTimePicker Format when someone clicks on a cell - that's fine, but if the cell contains the format string why are you trying to modify it? Doesn;t that defeat the purpose? Try:

dtpDateB.CustomFormat = dgLogs.Rows(e.RowIndex).Cells(1).Value.ToString

and see if that works.
If it doesn't, then what are you trying to set the CustomFormat property at all?

And even more important, why are you concatenating strings to form an SQL command? Don;t you realise how dangerous that is?
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

SQL

DROP TABLE MyTable;

A perfectly valid "delete the table" command

SQL

--'

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

phil.o · Answer 3 · 2018-03-25T04:41:00

Your question unfortunately raises even more questions than it allows valid solutions.

First of all, as in my comment, what is the point changing the format of your date times everytime a cell haas been clicked?

Second, as we can see the Value property of the Cell object has type string. Depending on the datatype of the fldDateB and fldDateR columns in your database, there are two solutions:
- the columns in the database have a datetime type: you have to get a valid DateTime value out of the string stored in the datagridview's column (see below).
- the columns in the database have a (n)varchar type: you can store the value as is in the database. But then, you have another problem: you are not using the proper datatype to store your data. As one of my teachers liked to say to us while reviewing our newbies' codes, if you are not using the proper datatype for the data you want to work on, you deserve your problems.

So, there are several ways to get a valid datetime value out of a string; all best of them imply the use of DateTime.Parse[^], DateTime.TryParse[^] and DateTime.TryParseExact[^] methods and their overloads.

For example, using TryParseExact(string, string, IFormatProvider) method applied to your case:

VB

Dim dtb As DateTime = DateTime.TryParseExact(
   dgLogs.Rows(e.RowIndex).Cells(1).Value,
   "MM/dd/yyyy hh:mm",
   CultureInfo.CurrentCulture)

Dim dtr As DateTime = DateTime.TryParseExact(
   dgLogs.Rows(e.RowIndex).Cells(2).Value,
   "MM/dd/yyyy hh:mm",
   CultureInfo.CurrentCulture)

When you do that, you get valid datetime values in dtb and dtr variables. Values that you can then feed into your database.

Which brings us to the last point, by far the most important of all: never, in any situation, use concatenated strings to build SQL queries. Never. Just, do not do that. This leaves your code open to SQL injection attacks, which is a subject that is addressed several times a day on this forum.
Griff's solution is talking about that, too. Please follow this advise, it is a crucial one.

Patrice T · Answer 4 · 2018-03-25T05:00:00

VB

strSQL = "UPDATE tblLogs SET fldDateB='" & dtpDateB.Text & "',
    fldDateR='" & dtpDateR.Text & "', fldLRN='" & txtLRN.Text & "',
    fldItem='" & txtItem.Text & "', WHERE fldLog='" & txtLog.Text & "'"

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]

Public member 'to' on type 'string' not found error

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0