?
Solved

Insert Statement for RichTextBox

Posted on 2009-05-06
6
Medium Priority
?
208 Views
Last Modified: 2012-05-06
I am having trouble with the followini line of code that takes text from a rtb and saves it to sql2005 server
I am getting the error on the insert statement with the (@RTFData) part, of "expression expected for the @ in particular...

Any ideas would be very much appreciated


Dim conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")

Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "','" & (@RTFData) & "')", conn)

 Command.Parameters.Add("@RTFData", SqlDbType.Text).Value = richtextbox1.Rtf
        conn.Open()
        Command.ExecuteNonQuery()
        conn.Close()
        conn.Dispose()
0
Comment
Question by:H-SC
  • 3
  • 3
6 Comments
 
LVL 12

Accepted Solution

by:
GuitarRich earned 2000 total points
ID: 24315816
The @RTFData bit isn't enclosed within speach marks so the compiler thinks its code. Change this line:
 Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "',@RTFData", conn)
That will now see the @RTFData as a parameter in the SQL - while your at it, it would be a good idea to change all the values to use parameters as doing it this way leaves you open to SQL Injection attacks.
0
 
LVL 1

Author Comment

by:H-SC
ID: 24315994
GuitarRich,

Many thanks for the reply...I tried that and keep getting error of "Incorrect syntax near '@RTFData'. any ideas??
0
 
LVL 1

Author Comment

by:H-SC
ID: 24316049
ok I think I have it, I put a ) after the @RTFData like
time100.Text & "',@RTFData)", conn)

and seems to work
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
LVL 12

Expert Comment

by:GuitarRich
ID: 24316110
I would probably code it more like this:

        Dim sql As String = "insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values (@controlNumber, @j1, @bl, @rm, @wd, @time100, @RTFData)"
 
        Using conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")
 
            conn.Open()
 
            Dim cmd As New SqlClient.SqlCommand(sql, conn)
            cmd.CommandType = CommandType.Text
 
            cmd.Parameters.AddWithValue("@controlNumber", controlNumber.Text)
            cmd.Parameters.AddWithValue("@j1", j1.Text)
            cmd.Parameters.AddWithValue("@bl", b1.Text)
            cmd.Parameters.AddWithValue("@rm", rm.Text)
            cmd.Parameters.AddWithValue("@wd", wd.Text)
            cmd.Parameters.AddWithValue("@time100", time100.Text)
            cmd.Parameters.AddWithValue("@RTFData", richtextbox1.Rtf)
 
            cmd.ExecuteNonQuery()
            conn.Close()
        End Using

Open in new window

0
 
LVL 1

Author Comment

by:H-SC
ID: 24316129
oh, quick question..

what are SQL Injection attacks?
0
 
LVL 12

Expert Comment

by:GuitarRich
ID: 24323651
in your earlier code  a user could write sql into the text box which would be executed against the db. something like
'); truncate table users go //
More info here: http://en.wikipedia.org/wiki/SQL_injection
you can prevent this by always using parameters in your sql.
 
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s quite interesting for me as I worked with Excel using vb.net for some time. Here are some topics which I know want to share with others whom this might help. First of all if you are working with Excel then you need to Download the Following …
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question