Solved

Insert Statement for RichTextBox

Posted on 2009-05-06
6
200 Views
Last Modified: 2012-05-06
I am having trouble with the followini line of code that takes text from a rtb and saves it to sql2005 server
I am getting the error on the insert statement with the (@RTFData) part, of "expression expected for the @ in particular...

Any ideas would be very much appreciated


Dim conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")

Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "','" & (@RTFData) & "')", conn)

 Command.Parameters.Add("@RTFData", SqlDbType.Text).Value = richtextbox1.Rtf
        conn.Open()
        Command.ExecuteNonQuery()
        conn.Close()
        conn.Dispose()
0
Comment
Question by:H-SC
  • 3
  • 3
6 Comments
 
LVL 12

Accepted Solution

by:
GuitarRich earned 500 total points
ID: 24315816
The @RTFData bit isn't enclosed within speach marks so the compiler thinks its code. Change this line:
 Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "',@RTFData", conn)
That will now see the @RTFData as a parameter in the SQL - while your at it, it would be a good idea to change all the values to use parameters as doing it this way leaves you open to SQL Injection attacks.
0
 
LVL 1

Author Comment

by:H-SC
ID: 24315994
GuitarRich,

Many thanks for the reply...I tried that and keep getting error of "Incorrect syntax near '@RTFData'. any ideas??
0
 
LVL 1

Author Comment

by:H-SC
ID: 24316049
ok I think I have it, I put a ) after the @RTFData like
time100.Text & "',@RTFData)", conn)

and seems to work
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 12

Expert Comment

by:GuitarRich
ID: 24316110
I would probably code it more like this:


        Dim sql As String = "insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values (@controlNumber, @j1, @bl, @rm, @wd, @time100, @RTFData)"
 

        Using conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")
 

            conn.Open()
 

            Dim cmd As New SqlClient.SqlCommand(sql, conn)

            cmd.CommandType = CommandType.Text
 

            cmd.Parameters.AddWithValue("@controlNumber", controlNumber.Text)

            cmd.Parameters.AddWithValue("@j1", j1.Text)

            cmd.Parameters.AddWithValue("@bl", b1.Text)

            cmd.Parameters.AddWithValue("@rm", rm.Text)

            cmd.Parameters.AddWithValue("@wd", wd.Text)

            cmd.Parameters.AddWithValue("@time100", time100.Text)

            cmd.Parameters.AddWithValue("@RTFData", richtextbox1.Rtf)
 

            cmd.ExecuteNonQuery()

            conn.Close()

        End Using

Open in new window

0
 
LVL 1

Author Comment

by:H-SC
ID: 24316129
oh, quick question..

what are SQL Injection attacks?
0
 
LVL 12

Expert Comment

by:GuitarRich
ID: 24323651
in your earlier code  a user could write sql into the text box which would be executed against the db. something like
'); truncate table users go //
More info here: http://en.wikipedia.org/wiki/SQL_injection
you can prevent this by always using parameters in your sql.
 
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now