Click here to Skip to main content
15,885,244 members
Search within:


How do I put the items I picked in listview and the value inside the textbox to my database?
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
VB
SQL
I'm trying to put the name which is in the textbox, product and price from listview1 to database and it will show in listview2. It works but there's a message saying "Incorrect syntax near '100'. the datatypes of my productorder is: name (varchar), product (varchar), and price(int).

What I have tried:

Imports System.Data.SqlClient
Imports System.IO

Public Class Form1
Dim con As SqlConnection = New SqlConnection("server=.\SQL;database=try;Trusted_Connection=TRUE")
Dim cmd As SqlCommand
Dim cmd2 As SqlCommand
Dim rdr As SqlDataReader

Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
con.Open()
con.Close()
list()

list2()
End Sub
Sub list()
con.Open()


cmd = New SqlCommand("SELECT * FROM ProductTable", con)
rdr = cmd.ExecuteReader
ListView1.Items.Clear()
If rdr.HasRows Then
Do While rdr.Read()
Dim arr As String() = New String(2) {}
Dim itm As ListViewItem

arr(0) = rdr("productID")
arr(1) = rdr("product")
arr(2) = rdr("price")

itm = New ListViewItem(arr)
ListView1.Items.Add(itm)


Loop

End If

con.Close()
End Sub


Private Sub btnsave_Click(sender As Object, e As EventArgs) Handles btnsave.Click

modifyrecord("Insert into ProductOrder([name],[product],[price]) values ('" & txtname.Text & "','" & ListView1.SelectedItems(0).SubItems(1).Text & "'," & ListView1.SelectedItems(0).SubItems(2).Text & "")



End Sub
Private Sub listView1_MouseClick_1(ByVal sender As Object, ByVal e As MouseEventArgs)

End Sub

Sub list2()
con.Open()


cmd2 = New SqlCommand("SELECT * FROM ProductOrder", con)
rdr = cmd2.ExecuteReader
ListView2.Items.Clear()
If rdr.HasRows Then
Do While rdr.Read()
Dim arr As String() = New String(3) {}
Dim itm As ListViewItem

arr(0) = rdr("id")
arr(1) = rdr("name")
arr(2) = rdr("product")
arr(3) = rdr("price")

itm = New ListViewItem(arr)
ListView2.Items.Add(itm)


Loop

End If

con.Close()
End Sub
Sub modifyrecord(ByVal sql)

If txtname.Text = "" Or ListView1.SelectedItems(0).SubItems(1).Text = "" Or IsNumeric(ListView1.SelectedItems(0).SubItems(2).Text) = False Then


Else
con.Open()
cmd = New SqlCommand(sql, con)
cmd.ExecuteNonQuery()
con.Close()
list()

End If

End Sub
End Class
Posted
Updated 9-Oct-17 1:24am
Add a Solution
Comments
GKP1992 9-Oct-17 7:24am    
Please debug your code and find out which line throws the error.

1 solution

Don't do it like that. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And when you fix that, the problem you have noticed will go away as well...
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Set dropdownlist selected item with database value in listview
How to save a dynamically generated textbox value which is inside a jquery datatable to a database using ajax
How do I multiply the value in the textbox and the column in listview?
How to put the value inside a specific with level column?
How do I filter my items in a datagrid using a textbox or checkboxes?
How do I load/save the selected item of a combobox embedded in a listview in WPF?
How to put information from the database into an intptr
Putting in the same row on a ListView values from one column of database
How do I receive a Control itself out of an Item in a ListView?
Dropdown list inside listview insert item template passing null to database?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 Oct 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900