Probleam with subtraction operation in database

Question

0.00/5 (No votes)

See more:

Hai, i am creating here coding which use to substract number in database from
textbox. In my coding i use textbox which receive number from user and it will
subtract a number in database. For your info i am using UPDATE sql command for this operation .In the same time i also create table name InItem and have column name Itemquantity After i click the button i got an error invalidOperationException was unhandled from my coding .Here is my coding and please correct my coding if it have missing part. I also highlight which code give this error.Oh ya , is that my sql command for subtraction is correct? i also not sure cause it get it from internet.If my command if false please show me with correct command..Bye

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

Dim ra As Integer

Dim Con As New OleDb.OleDbConnection("Provider=SQLOLEDB ;Data Source=Danawa;Initial Catalog=Store;Integrated Security=SSPI ")
Try
Con.Open()
Catch ex As InvalidOperationException
MsgBox(ex.Message)
End Try

Dim Trans = Con.BeginTransaction

Dim cmd As New OleDb.OleDbCommand("UPDATE ItemIn SET Itemquantity = Itemquantity- '" & ItemquantityTextBox.Text & "WHERE ItemName = '" & ItemNameComboBox.Text & "'", Con)

ra = cmd.ExecuteNonQuery()// This is line which cause an error//
Trans.Commit()
Con.Close()
End Sub

Posted 11-Oct-11 8:33am

Iswandi Abdul Rahman

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-10-11T08:46:00

Two things here: one is that you have an unmatched quote character in your command string: at the end of the first string there is a single quote, which is not closed after the TextBox is appended.

The other is that that is a very dangerous way to do it: it leaves your database wide open to an accidental or deliberate SQL injection attack. Use Parametrized queries instead:

Dim cmd As New OleDb.OleDbCommand("UPDATE ItemIn SET Itemquantity = Itemquantity - @IQ WHERE ItemName = @IN", Con)
cmd.Parameters.AddWithValue("IQ", Int32.Parse(ItemquantityTextBox.Text))
cmd.Parameters.AddWithValue("IN", ItemNameComboBox.Text)