Click here to Skip to main content
12,944,475 members (49,150 online)
Rate this:
Please Sign up or sign in to vote.
I'm developing a small application which involves sql server and vb for the front end. my tables has timestamp as one of the column. when i write query directly on sql timestamp field can be skipped. But when query is written within the vb app. The query returns a error NOT ENOUGH ARGUMENTS SUPPLIED!!
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
com.ConnectionString = "server=.\sqlexpress;Database=mjjsj1;trusted_connection=True;"
If TextBox1.Text <> "" And TextBox2.Text <> "" And TextBox3.Text <> "" Then
cmd = New SqlCommand("insert into BACHELI values(" + TextBox2.Text + "," + TextBox5.Text + "," + TextBox8.Text + ")", com)
End If
End Sub

Posted 24-Aug-12 20:22pm
Updated 24-Aug-12 21:52pm
Mehdi Gholam 25-Aug-12 2:43am
Show your code.
Sharath2790 25-Aug-12 3:03am
Mehdi Gholam
I've update ques

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead - it will almost certainly cure your problem at the same time!

cmd = New SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com)
cmd.Parameters.AddWithValue("@T1", TextBox2.Text)
cmd.Parameters.AddWithValue("@T2", TextBox5.Text)
cmd.Parameters.AddWithValue("@T3", TextBox8.Text)
You will need to rename "mycolumn1" etc. to match your columns, and it would be a good idea to rename the parameters "@T1" and so on to something more sensible as well.

While we are on the subject, stop taking VS defaults for names - you may remember today what "TextBox8" holds, but when you come back to makes changes in a weeks time? Or next month? Always use sensible names instead that describe what it is used for.
Sharath2790 20-Oct-12 1:45am
This method can be used in C#????
OriginalGriff 20-Oct-12 2:31am
Yes - and should. Just replace the "New" with "new" and add semicolons to the end of each line:
cmd = new SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com);
cmd.Parameters.AddWithValue("@T1", TextBox2.Text);
cmd.Parameters.AddWithValue("@T2", TextBox5.Text);
cmd.Parameters.AddWithValue("@T3", TextBox8.Text);

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month
OriginalGriff 4,651
CHill60 3,055
Maciej Los 2,423
Jochen Arndt 1,910
ppolymorphe 1,765

Advertise | Privacy | Mobile
Web02 | 2.8.170518.1 | Last Updated 25 Aug 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100