Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Insert Statement for RichTextBox

Posted on 2009-05-06
6
Medium Priority
?
206 Views
Last Modified: 2012-05-06
I am having trouble with the followini line of code that takes text from a rtb and saves it to sql2005 server
I am getting the error on the insert statement with the (@RTFData) part, of "expression expected for the @ in particular...

Any ideas would be very much appreciated


Dim conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")

Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "','" & (@RTFData) & "')", conn)

 Command.Parameters.Add("@RTFData", SqlDbType.Text).Value = richtextbox1.Rtf
        conn.Open()
        Command.ExecuteNonQuery()
        conn.Close()
        conn.Dispose()
0
Comment
Question by:H-SC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Accepted Solution

by:
GuitarRich earned 2000 total points
ID: 24315816
The @RTFData bit isn't enclosed within speach marks so the compiler thinks its code. Change this line:
 Dim command As New SqlClient.SqlCommand("insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values ( '" & controlnumber.Text & "','" & j1.Text & "','" & bl.Text & "', '" & rm.Text & "', '" & wd.Text & "', '" & time100.Text & "',@RTFData", conn)
That will now see the @RTFData as a parameter in the SQL - while your at it, it would be a good idea to change all the values to use parameters as doing it this way leaves you open to SQL Injection attacks.
0
 
LVL 1

Author Comment

by:H-SC
ID: 24315994
GuitarRich,

Many thanks for the reply...I tried that and keep getting error of "Incorrect syntax near '@RTFData'. any ideas??
0
 
LVL 1

Author Comment

by:H-SC
ID: 24316049
ok I think I have it, I put a ) after the @RTFData like
time100.Text & "',@RTFData)", conn)

and seems to work
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 12

Expert Comment

by:GuitarRich
ID: 24316110
I would probably code it more like this:

        Dim sql As String = "insert into my_table(controlnumber,id_1, cde, de2, wa,stmp, eml) values (@controlNumber, @j1, @bl, @rm, @wd, @time100, @RTFData)"
 
        Using conn As New SqlClient.SqlConnection("Server=myserver;Database=mydb;Trusted_Connection=yes;")
 
            conn.Open()
 
            Dim cmd As New SqlClient.SqlCommand(sql, conn)
            cmd.CommandType = CommandType.Text
 
            cmd.Parameters.AddWithValue("@controlNumber", controlNumber.Text)
            cmd.Parameters.AddWithValue("@j1", j1.Text)
            cmd.Parameters.AddWithValue("@bl", b1.Text)
            cmd.Parameters.AddWithValue("@rm", rm.Text)
            cmd.Parameters.AddWithValue("@wd", wd.Text)
            cmd.Parameters.AddWithValue("@time100", time100.Text)
            cmd.Parameters.AddWithValue("@RTFData", richtextbox1.Rtf)
 
            cmd.ExecuteNonQuery()
            conn.Close()
        End Using

Open in new window

0
 
LVL 1

Author Comment

by:H-SC
ID: 24316129
oh, quick question..

what are SQL Injection attacks?
0
 
LVL 12

Expert Comment

by:GuitarRich
ID: 24323651
in your earlier code  a user could write sql into the text box which would be executed against the db. something like
'); truncate table users go //
More info here: http://en.wikipedia.org/wiki/SQL_injection
you can prevent this by always using parameters in your sql.
 
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question