Simple ASP.NET 2.0 Insert

  • Thread starter Thread starter ACE FAN
  • Start date Start date
A

ACE FAN

I'm in a bind trying to do a simple insert:

OleDbCommand cmdInsert = new OleDbCommand("INSERT INTO
VEHICLE_TYPE(VEHICLE_TYPE_ID, NAME) "+
"VALUES(" +
Convert.ToString(VehTypeID + "," + tbName.Text + ")"));
cmdInsert.Connection =
(OleDbConnection)Session["dbConnMADS"];

cmdInsert.Connection.Open();
cmdInsert.ExecuteNonQuery();
cmdInsert.Connection.Close();

Both values have valid values (2, "Some Text") but when I go to execute
this thing on an Access database, I get an error saying that no value
was given for 1 or more required parameters. The Insert statement works
fine in Access. What am I doing wrong?

Thanks much.

Curt
 
Hi,

Perhaps you are missing quotes (NAME values should be embedded in quotes)?
But the real problem with your code is not using parameters.
This piece of code is sql injection prone not to mention that Close() is not
within finally block - as far this is only an example its fine.
 
Thanks!! I used this.
Notice that it would only work if I used only one parameter for the
name field. Why is that? Adding 2 paramters made the VEHICLE_ID value
go to both the ID and the NAME fields.

Thanks again.

Curt
OleDbCommand cmdInsert = new OleDbCommand("INSERT INTO
VEHICLE_TYPE(VEHICLE_TYPE_ID, NAME) "+
"VALUES(" +
Convert.ToString(VehTypeID + "," + tbName.Text + ")"));
// cmdInsert.Parameters.Add(new
OleDbParameter("VEHICLE_TYPE_ID", OleDbType.Numeric));
cmdInsert.Parameters.Add(new OleDbParameter("NAME",
OleDbType.VarWChar));
//cmdInsert.Parameters["VEHICLE_TYPE_ID"].Value =
VehTypeID;
cmdInsert.Parameters["NAME"].Value = tbName.Text;
cmdInsert.Connection =
(OleDbConnection)Session["dbConnMADS"];

cmdInsert.Connection.Open();
cmdInsert.ExecuteNonQuery();
cmdInsert.Connection.Close();
 
Back
Top