Solved

Insert Statement for RichTextBox

Posted on 2009-05-06
6
203 Views
Last Modified: 2012-05-06
I am having trouble with the followini line of code that takes text from a rtb and saves it to sql2005 server
I am getting the error on the insert statement with the (@RTFData) part, of "expression expected for the @ in particular...

Any ideas would be very much appreciated


Dim conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")

Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "','" & (@RTFData) & "')", conn)

 Command.Parameters.Add("@RTFData", SqlDbType.Text).Value = richtextbox1.Rtf
        conn.Open()
        Command.ExecuteNonQuery()
        conn.Close()
        conn.Dispose()
0
Comment
Question by:H-SC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Accepted Solution

by:
GuitarRich earned 500 total points
ID: 24315816
The @RTFData bit isn't enclosed within speach marks so the compiler thinks its code. Change this line:
 Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "',@RTFData", conn)
That will now see the @RTFData as a parameter in the SQL - while your at it, it would be a good idea to change all the values to use parameters as doing it this way leaves you open to SQL Injection attacks.
0
 
LVL 1

Author Comment

by:H-SC
ID: 24315994
GuitarRich,

Many thanks for the reply...I tried that and keep getting error of "Incorrect syntax near '@RTFData'. any ideas??
0
 
LVL 1

Author Comment

by:H-SC
ID: 24316049
ok I think I have it, I put a ) after the @RTFData like
time100.Text & "',@RTFData)", conn)

and seems to work
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 12

Expert Comment

by:GuitarRich
ID: 24316110
I would probably code it more like this:

        Dim sql As String = "insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values (@controlNumber, @j1, @bl, @rm, @wd, @time100, @RTFData)"
 
        Using conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")
 
            conn.Open()
 
            Dim cmd As New SqlClient.SqlCommand(sql, conn)
            cmd.CommandType = CommandType.Text
 
            cmd.Parameters.AddWithValue("@controlNumber", controlNumber.Text)
            cmd.Parameters.AddWithValue("@j1", j1.Text)
            cmd.Parameters.AddWithValue("@bl", b1.Text)
            cmd.Parameters.AddWithValue("@rm", rm.Text)
            cmd.Parameters.AddWithValue("@wd", wd.Text)
            cmd.Parameters.AddWithValue("@time100", time100.Text)
            cmd.Parameters.AddWithValue("@RTFData", richtextbox1.Rtf)
 
            cmd.ExecuteNonQuery()
            conn.Close()
        End Using

Open in new window

0
 
LVL 1

Author Comment

by:H-SC
ID: 24316129
oh, quick question..

what are SQL Injection attacks?
0
 
LVL 12

Expert Comment

by:GuitarRich
ID: 24323651
in your earlier code  a user could write sql into the text box which would be executed against the db. something like
'); truncate table users go //
More info here: http://en.wikipedia.org/wiki/SQL_injection
you can prevent this by always using parameters in your sql.
 
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: jpaulino
XML Literals are a great way to handle XML files and the community doesn’t use it as much as it should.  An XML Literal is like a String (http://msdn.microsoft.com/en-us/library/system.string.aspx) Literal, only instead of starting and ending with w…
Microsoft Reports are based on a report definition, which is an XML file that describes data and layout for the report, with a different extension. You can create a client-side report definition language (*.rdlc) file with Visual Studio, and build g…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question