Insert data to sql server database using vb.net

Question

cudawella

9 Years Ago

I want to add data to sql databse using vb.net form
And I am new to programming :(
I get an error message saying "Incorrect syntax near "deatails")
Can somebody tell me the reason
the following is the code I'm using

Imports System.Data
Imports System.Data.SqlClient
Public Class Customer_Profile
    Dim con As New SqlConnection("Data Source=CHAMIKA; Initial Catalog=SunAndMoonResort; Integrated Security=True")
    Dim cmd As New SqlCommand

    Private Sub GroupBox1_Enter(sender As Object, e As EventArgs) Handles grpBoxCustDetails.Enter

    End Sub

    Private Sub TextBox1_TextChanged(sender As Object, e As EventArgs)

    End Sub

    Private Sub RadioButton2_CheckedChanged(sender As Object, e As EventArgs) Handles RadButtonCustProfileGender.CheckedChanged

    End Sub

    Private Sub Button3_Click(sender As Object, e As EventArgs) Handles btnCustProfileSave.Click
        Try
            cmd.CommandType = System.Data.CommandType.Text
            cmd.CommandText = "Insert Into dbo.customer details values ('" & txtBoxCustProfileID.Text & "','" &  cmdCustProfileID.Text & "','" & TxtBoxCustProfileName.Text & "','" & TxtBoxCustProfileAddress.Text & "','" & TxtBoxCustProfileCountry.Text & "','" & RadButtonCustProfileGender.Checked & "','" & RadButtonCustProfileGenderFemale.Checked & "','" & TxtBoxCustProfileTelephone.Text & "','" & TxtBoxCustProfileEmail.Text & "','" & DateTimePickerCustBday.ToString & "','" & TxtBoxCustProfileAddress.Text & "')"
            cmd.Connection = con
            con.Open()
            cmd.ExecuteNonQuery()
            MsgBox("Succesfully Added", MsgBoxStyle.Information, "add")

        Catch ex As Exception
            MessageBox.Show(ex.Message)

        End Try

    End Sub

client-server sql vb.net

3 Contributors
5 Replies
8K Views
1 Day Discussion Span
Latest Post 9 Years Ago Latest Post by cudawella

Santanu.Das 125 Santanu Das

9 Years Ago

Make sure that is the table name customer details contains a space. If this, rename your table name and remove the space, then write the actual table name in the place of "customer details". No need to use dbo. before table name.

Hope it can help you.

Reverend Jim 4,968 Hi, I'm Jim, one of DaniWeb's moderators.

9 Years Ago

I suppose you have already noticed this but composing a query by concatenating multiple strings is just butt ugly. For one thing you have to keep track of where to add single quotes and where not to.

The first thing I can suggest is to use the full INSERT syntax in which you explicitly state the column names as in

INSERT INTO tablename (fld1, fld2, ... fldn)
    VALUES (val1, val2, ... valn)

The second thing is to use Parameterized Queries. Please refer to the Sub btnSQLDB_Click.

Because you are using SqlClient you can use named parameters that are not dependent on position. If you copy your TextBox values to appropriately typed local variables appropriate delimiters will be added automatically.

Santanu.Das commented: Perfect suggetion +5

cudawella commented: thank you very much +0

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cudawella · Answer 1 · 2015-06-20T18:33:47+00:00

yes It helped
Thankz a lot

Now I have another problem.
when I click button save without entering any detail to the form there goes a empty row to the database.

Can you help me to prevent this.

Thankz in Advance :D

Santanu.Das 125 Santanu Das · Answer 2 · 2015-06-21T04:33:08+00:00

Firstly read the Jim's tutorial mentioned above, from which you can learn how you can prevent your databases from malicious SQL Injections. And also there is no way to insert special characters to a field without using parameter in your query. if you try to insert a special character directly to a field it always returns you an error. You can do it by Parameterized Queries.

@cudawella: To prevent to create a blank row in the table you can create a data validation function, by which you can prevent your user to leave any textbox blank.
Here I am just trying to do an example.
Create a DataValidation Function to check is any textbox left blank or not. If it finds blank then the function return False else returns True.
If the fuction returns False then Exit from Save subprocedure or if it is True then save the data.

The example coes for the function should be

Private Function ValidData() As Boolean

    If String.IsNullOrEmpty(Me.TextBox1.Text) Then
        MessageBox.Show("TextBox1 is empty.")
        Me.TextBox1.Focus()
        Return False
    End If

    'Similarly for other textboxes
    '.............
    '..............
    '.............

    'Finally if there has no empty textboxs
    Return True
End Function

Now the codes to call the function

Private Sub Button3_Click(sender As Object, e As EventArgs) Handles btnCustProfileSave.Click

    'Check here if the function returns True or False
    'if it returns False then Exit Sub
    'else proceed to save the data into the database

    If Not ValidData Then
        Exit Sub
    End If

    'Do your codes to save data into the database
    '..................
    '.....................
    '................
End Sub

Hope it can help you.

cudawella · Answer 3 · 2015-06-21T05:46:41+00:00

@Shark 1

Thankz a lot
It worked and I highly appreciate your advice
thankz Once again