|
Your SQL statement is wrong. You may want to lookup the syntax for the DELETE statement. It should be:
DELETE FROM Team WHERE ID = ...
I highly discourage using string concatenation to build an SQL query like this. Google for "SQL Injection Attack" to see why and for example on using a parameterized query that is safer and easier to debug.
By the way, thank you very much for exposing one of your SQL Server's usernames and passwords to everyone on the ENTIRE INTERNET!
|
|
|
|
|
Dave Kreskowiak wrote: thank you very much for exposing one of your SQL Server's usernames and passwords to everyone on the ENTIRE INTERNET!
Ha!
|
|
|
|
|
I'm not concerned about it, as it's public anyway, not much you can really do to somehow affect my server.
The password is changed frequently also.
Also, I'm not really worried about SQL Injection as only my trusted friends are going to be able to have access to this application.
|
|
|
|
|
eginteractive wrote: Also, I'm not really worried about SQL Injection as only my trusted friends are going to be able to have access to this application.
You are a trusting soul. That's so nice to see these days.
Jon
Smith & Wesson: The original point and click interface
Both democrats and republicans are playing for the same team and it's not us. - Chris Austin
|
|
|
|
|
IMO you are underestimating the skills of a lot of folks out there.
जय हिंद
|
|
|
|
|
You have mixed SQL insert and delete statements. Check the syntax for delete.
जय हिंद
|
|
|
|
|
Confused on what's borked with your SQL command?
1. Run profiler and see what's being sent to the server. Copy and paste that command into a query window in SQL Management Studio. Fix it until its right and reflect the changes in VB.
2. OR get the command.commandtext and paste that into the query window.
Easy to find and easy to fix. If your statement doesn't work in SQL natively, it will never work from VB.
"There's no such thing as a stupid question, only stupid people." - Mr. Garrison
|
|
|
|
|
sqlconn.Open()
Catch ex As Exception
MsgBox("Could not connect!", MsgBoxStyle.Critical, "Connection Error!")
End Try
If sqlconn.State = 1 Then
Dim sqlremovedata As New SqlCommand( _
"DELETE FROM [Team] WHERE ([ID]) = "(ListBox1.SelectedItem))
sqlremovedata.ExecuteNonQuery()
MsgBox("Deleted successfully!", MsgBoxStyle.Information, "Record Deleted!")
sqlconn.Close()
End If
OH WONDERFUL. Now I've got a new error.
Conversion from type 'DataRowView' to type 'Integer' is not valid.
|
|
|
|
|
I am stuck on a problem.
i need to delete a file by click a button in but before i need to check if the file exists.
Please reply.
|
|
|
|
|
Imports System.IO
If File.Exist("YourFileName.txt") Then
End If
My advice is free, and you may get what you paid for.
|
|
|
|
|
Where should i write Imports.Sytem.IO ?
|
|
|
|
|
Write Imports System.IO all the way at the top of your code, before all other code.
The rest goes in the click event of your button
My advice is free, and you may get what you paid for.
|
|
|
|
|
|
The rest goes in a seperate method and the button click event calls.
|
|
|
|
|
Considering the question I figured I'd keep it simple
Have a look at the next post above this one, the code in it is soooo wrong I am afraid to even answer anything.
My advice is free, and you may get what you paid for.
|
|
|
|
|
Yeah, I saw a bunch of things wrong with it, but only pointed out a couple of issues. Since he's bent on writing bad code and practicing bad habits, why bother saying anything...
|
|
|
|
|
Having seen all your recent posts, why not try buying a book and using that? These are very simple, basic questions you are asking and it seems as if you have no real idea what you are doing.
Bob
Ashfield Consultants Ltd
Proud to be a 2009 Code Project MVP
|
|
|
|
|
I already have many books , but the information is very confusing
please suggest a good one for begginners like me?
|
|
|
|
|
If you wanted to be really lazy, you could use the My.Computer.FileSystem methods as well.
Check this. Get you pointed in the right direction with the basics.
You could always search code sites for tutorials (ahem, CodeProject anyone?) or press F1 and search the MSDN library. For most topics, its really not that hard to find examples in the MSDN with minimal searching.
Is it beer thirty yet?
"There's no such thing as a stupid question, only stupid people." - Mr. Garrison
|
|
|
|
|
I have no idea what book would be suitable for a beginner as I haven't looked at that level f information for many years, but there are hundreds to choose from. Go to a good book shop or Amazon and browse a few until you find one you can understand. In the meantime, press F1 for help or use google, there are thousands of examples and code snippets out there, it just takes a little initiative to look for yourself rather than expecting other people to do your research for you.
I just had a quick look on Amazon and thsi sounds about your level:
Microsoft Visual Basic.NET Programming for the Absolute Beginner (Absolute Beginners) (Paperback)
by Jonathan Harbour
If that one is too complex then change career, t can't be much simpler than this.
Bob
Ashfield Consultants Ltd
Proud to be a 2009 Code Project MVP
|
|
|
|
|
Ashfield wrote:
If that one is too complex then change career, t can't be much simpler than this.
Honesty is the best policy. I think people who attempt to pick up programming for the first time tend to pick projects that are nearly impossible to start with. Start with the basics and then move on.
"There's no such thing as a stupid question, only stupid people." - Mr. Garrison
|
|
|
|
|
Hey all, I've been working with making a client to insert / delete ect. from a database, and I can't get text fields to insert values into a database for some strange reason.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles button1.Click
Dim sqlconn As New SqlClient.SqlConnection
sqlconn.ConnectionString = "Server=[removed];Database=erik_asp;Uid=asp;Pwd=[removed for security purposes];"
Try
sqlconn.Open()
Catch ex As Exception
MsgBox("Could not connect!", MsgBoxStyle.Critical, "Connection Error!")
End Try
If sqlconn.State = 1 Then
Dim sqlconnecter As New SqlCommand( _
"INSERT INTO [Team] ([position], [name], [email]) VALUES (" & positionbx.Text & ", " & usernamebx.Text & ", " & emailbx.Text & "))", sqlconn)
sqlconnecter.ExecuteNonQuery()
sqlconn.Close()
End If
End Sub
It returns this error:
The name 'blahblahblahtext' is not permitted in this context. Only constants, expressions, or variables allowed here. Column names are not permitted.
This happens with all the text boxes.
Please note I am able to easily connect and view current data in the grid, I just can't insert this data and it's starting to irritate me.
|
|
|
|
|
Hi,
1.
when presenting string literals SQL expects them to be in quotes (so they can include keywords, spaces, some special symbols, etc. without confusing the SQL parser).
2.
your code is vulnerable to "SQL injection" where the user could make your command do entirely different things simply by entering well chosen text into your textboxes. Use parameterized queries instead.
Luc Pattyn [Forum Guidelines] [My Articles]
The quality and detail of your question reflects on the effectiveness of the help you are likely to get.
Show formatted code inside PRE tags, and give clear symptoms when describing a problem.
|
|
|
|
|
Can you explain to me how to fix this if you would? I am newer at using databases in Visual Basic, and I have experience in PHP (not much though) and SQL injection on MySQL databases, but MS SQL is different for me. I am not too worried about other users having this because I am the only one that will have this, I'm programming it for my convenience down the road.
|
|
|
|
|
AFAIK the same is true for PHP+MySQL, you need single quotes (be careful not to include extraneous spaces!)
Example:
...VALUES (" & positionbx.Text & ", " & usernamebx.Text & ", ... should be changed to
...VALUES ('" & positionbx.Text & "', '" & usernamebx.Text & "', ...
When in doubt, print the final SQL statement (e.g. using Console.WriteLine) so you can have a real look.
Luc Pattyn [Forum Guidelines] [My Articles]
The quality and detail of your question reflects on the effectiveness of the help you are likely to get.
Show formatted code inside PRE tags, and give clear symptoms when describing a problem.
|
|
|
|