Chat LIVE With Programming Experts! There Are 23 Online Right Now...

Dream.In.Code > Programming Help > VB.NET

Welcome to Dream.In.Code
	Become a VB.NET Expert! Join 244,304 VB.NET Programmers for FREE! Get instant access to thousands of VB.NET experts, tutorials, code snippets, and more! There are 773 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a VB.NET Expert

SQL insert statement syntax error

Reply to this topic

Start new topic

SQL insert statement syntax error, Unable to insert to SQLserver

daniel50096230	6 Jan, 2009 - 03:48 AM Post #1
New D.I.C Head Joined: 15 May, 2008 Posts: 12	CODE Private Sub btnRegister_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnRegister.Click Dim msg As String = "" Dim result1 As Integer conKk.Close() conKk.Open() ''Validate empty field If (txtName.Text = "") Then msg += "Name is empty" & vbCrLf End If If (mskIC.Text = "" Or mskIC.MaskCompleted = False) Then msg += "IC is empty or incorrect format" & vbCrLf End If If (cboDate.Text = "") Then msg += "Birth date is empty" & vbCrLf End If If (cboMth.Text = "") Then msg += "Birth month is empty" & vbCrLf End If If (cboYear.Text = "") Then msg += "Birth year is empty" & vbCrLf End If If (radMale.Checked = False And radFemale.Checked = False) Then msg += "Gender is empty" & vbCrLf End If If (mskPhone.Text = "" Or mskPhone.MaskCompleted = False) Then msg += "Phone is empty or incorrect format" & vbCrLf End If If (txtAddress.Text = "") Then msg += "Address is empty" & vbCrLf End If If (txtEmail.Text = "") Then msg += "Email is empty" & vbCrLf End If If (txtPassword.Text = "") Then msg += "Password is empty" & vbCrLf End If If (txtRetype.Text = "") Then msg += "Retype password is empty" & vbCrLf End If ''Compare password If (txtPassword.Text <> "" And txtRetype.Text <> "") Then Dim Pass As String = txtPassword.Text Dim RetypeP As String = txtRetype.Text result1 = String.Compare(Pass, RetypeP) If (result1 = -1) Then msg += "Password and retype password is unmatch!,Please enter again." & vbCrLf 'MessageBox.Show(result1) Else 'MessageBox.Show(result1) End If End If ''Concatenate combo box Dim DOB As String = "" If (cboDate.Text <> "" And cboMth.Text <> "" And cboYear.Text <> "") Then DOB = cboDate.SelectedItem.ToString() & "/" & cboMth.SelectedItem.ToString() & "/" & cboYear.SelectedItem.ToString() End If ''Get gender text Dim Gender1 As String = "" If (radMale.Checked = True) Then Gender1 += radMale.Text End If If (radFemale.Checked = True) Then Gender1 += radFemale.Text End If ''Display error message or update to database If (msg <> "") Then MessageBox.Show("Please enter the following items:" & vbCrLf & vbCrLf & msg, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error) Else Dim myInsert As SqlCommand myInsert = New SqlCommand("Insert into Member([MemberID], [Name], [IC], [DOB], [Gender], [TelNo], [Address], [Email], [Password]) Values('" & txtMID.Text & "','" & txtName.Text & "','" & mskIC.Text & "','" & DOB & "','" & Gender1 & "','" & mskPhone.Text & "','" & txtAddress.Text & "','" & txtEmail.Text & "','" & txtPassword.Text & "'", conKk) myInsert.ExecuteNonQuery() MessageBox.Show("Thanks for your registration,enjoy our services now!", "Registered", MessageBoxButtons.OK, MessageBoxIcon.Information) End If conKk.Close() End Sub I get the following errors: See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************ Exception Text ************ System.Data.SqlClient.SqlException: Incorrect syntax near '1'. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at FYP.AddMember.btnRegister_Click(Object sender, EventArgs e) in D:\Pendrive\fyp interfaces\FYPvb\FYP\AddMember.vb:line 155 at System.Windows.Forms.Control.OnClick(EventArgs e) at System.Windows.Forms.Button.OnClick(EventArgs e) at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ButtonBase.WndProc(Message& m) at System.Windows.Forms.Button.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) It stated that "incorrect syntax near 1"... Anyone can help me on this matter?
	This Post Was Helpful!

Register for Free to Make These Ads Go Away!

dklingman	RE: SQL Insert Statement Syntax Error 6 Jan, 2009 - 05:59 AM Post #2
D.I.C Regular Joined: 23 Dec, 2008 Posts: 254 Thanked: 31 times My Contributions	one do any of the values have single quotes in them? i.e. lets say you have a value that you are trying to enter for you password that's like the following 123'dse that single quote is going to cause a problem you need to do something like this CODE '" & txtPassword.Text.Replace("'", "''") & "'" how ever a much better solution to avoid running into problems like this is to use parameters in and with your statements. for example. CODE myInsert = New System.Data.SqlClient.SqlCommand("Insert into Member([MemberID], [Name], [IC], [DOB], [Gender], [TelNo], [Address], [Email], [Password]) Values(@MID,@Name,@mskIC,@DOB,@Gender1,@mskPhone,@Address,@Email,@Password,@conKk)") With myInsert.Parameters .AddWithValue("@MID", txtMID.Text) .AddWithValue("@Name", txtName.Text) .AddWithValue("@mskIC", mskIC.Text) .AddWithValue("@DOB", DOB) .AddWithValue("@Gender1", Gender1) .AddWithValue("@mskPhone", mskPhone.Text) .AddWithValue("@Address", txtAddress.Text) .AddWithValue("@Email", txtEmail.Text) .AddWithValue("@Password", txtPassword.Text) .AddWithValue("@conKk", conKk) End With myInsert.ExecuteNonQuery() This post has been edited by dklingman: 6 Jan, 2009 - 05:59 AM
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 7/4/09 06:09PM

Invision Power Board v2.1.7 © 2009 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Advertise on this site through Lake Quincy Media

Forum Index: Programming Help | C and C++ | VB6 | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Mobile Development | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | Linux Tutorials | PHP Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Graphic Design & Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials | ASP.NET Tutorials | Game Programming Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36
Server: secure2

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live VB.NET Help!

Be Social

VB.NET Tutorials

Reference Sheets

VB.NET Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month