Join 149,936 VB.NET Programmers for FREE! Get instant access to thousands of VB.NET experts, tutorials, code snippets, and more! There are 1,435 people online right now. Registration is fast and FREE... Join Now!
The syntax you're using for insert is non standard SQL; I believe MySQL supports something like that. However, you're using SqlCommand, which is Microsoft product specific, so it's a given it wont work.
I'm afraid you'll usually have to call the command once for each of those inserts. Look into binding parameter values for the most efficient way to do this.
Yeah, there's no Insert statement like that. But there is a little bit of a shortcut. Instead of having to run more than 20 commands, you can just write all the commands into the same command text delimeted by semicolons. Your command text then would look something like this:
CODE
envInsert.CommandText = _ "INSERT INTO TempTable (envDate, envType, envTotal) VALUES ('Thing', '234', 'Other'); " & vbCrLf & _ "INSERT INTO TempTable (envDate, envType, envTotal) VALUES ('Thin2', '235', 'SomeOther'); " & vbCrLf & _ "INSERT INTO TempTable (envDate, envType, envTotal) VALUES ('Thin3', '236', 'AnOther'); " 'And continue like that
So that's kind of a shortcut. Still long, but shorterish. Hope that helps!
For this program I'm not doing anything especially serious but SQL injection was something that bothered me although I'm still fairly new in the VB.Net coding world and I'm learning the ropes...still having a little trouble finding any good articles on what you are talking about though, if you know of any off hand would be greatly appreciated. Oh, and Grawp says hi.
P.S.--The text boxes only allow numerics also.....now that I think about it
And consequently, that statement that you used threw an unhandled exception but nothing hit SQL server. I've got numeric qualifiers on all the text boxes and the executenonquery wrapped in a try-catch.
This post has been edited by nofear217: 31 Jan, 2008 - 10:35 AM
I took your advice in a manner of speaking, I'm not using parameterized SQL, but I'm rewriting the SQL stuff in LINQ which I've found very manageable and helps with strong typing the input....and it also allows me to use logic on what to insert into the database and what not to and can still use the ErrorProvider for numeric checking.
CODE
Dim db As New EEUDataContext("*** :P")
Try
If txt1.Text <> 0 Or txt1.Text <> "" Then Dim type1 As New envDataTotal type1.envDate = CType(dtDate.Value.Date, DateTime) type1.envType = txt1.Tag type1.envTotal = txt1.Text db.envDataTotals.InsertOnSubmit(type1) End If
If txt2.Text <> 0 Or txt2.Text <> "" Then Dim type2 As New envDataTotal type2.envDate = CType(dtDate.Value.Date, DateTime) type2.envType = txt2.Tag type2.envTotal = txt2.Text db.envDataTotals.InsertOnSubmit(type2) End If . . . db.SubmitChanges()
Catch ex As Exception
End Try
Again, thanks for the help.
This post has been edited by nofear217: 1 Feb, 2008 - 02:42 PM
25 Jan, 2008 - 09:02 AM
| 