flann Posted August 31, 2005 Posted August 31, 2005 I'm trying to update a sql database field with a string value. I'm getting a wierd error saying "Invalid column name 'NO'". The field that I'm trying to update is just simply the value out of a dropdownlist, and the two values are 'yes' and 'no'. Here is my update statement. Dim sqlcommand As New SqlCommand Dim judgement As String = ddlLegal.SelectedValue sqlcommand.Connection = connPayables sqlcommand.CommandText = "UPDATE ClientInfo SET OutJudgements = " & judgement & " WHERE LeadID = " & intLeadid connPayables.Open() sqlcommand.ExecuteNonQuery() connPayables.Close() I know that the variable "judgement" is holding the correct value, what could be causeing my error? Quote Flann Mortgage Calculator | Debt Free Credit Card Debt | Filing Bankruptcy
Joe Mamma Posted August 31, 2005 Posted August 31, 2005 what could be causeing my error?Not using parameters! Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
flann Posted August 31, 2005 Author Posted August 31, 2005 Not using parameters! What do you mean? I use the same type of update statement on other forms, and they work fine. Quote Flann Mortgage Calculator | Debt Free Credit Card Debt | Filing Bankruptcy
Joe Mamma Posted August 31, 2005 Posted August 31, 2005 What do you mean? I use the same type of update statement on other forms, and they work fine.That is just a coincidence. . . Use parameters. . . never build sql! Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
*Experts* Nerseus Posted August 31, 2005 *Experts* Posted August 31, 2005 You don't have to use SqlParameter objects, but in your example I definitely would. Your problem, however, is probably because OutJudgements is a string column and you're not putting the value in single quotes. Try this: ' ... sqlcommand.CommandText = "UPDATE ClientInfo SET OutJudgements = '" & judgement.Replace("'", "''") & "' WHERE LeadID = " & intLeadid ' ... Two things I changed: 1. I put single quotes around the value in judgement (they're embedded in the CommandText string - look next to each side of the double quotes). 2. Added Replace to the judgement variable. This replace will double up the single quotes. Without that, you may allow SQL injection to get in your code. By using parameters you won't have to worry about that. -ner Quote "I want to stand as close to the edge as I can without going over. Out on the edge you see all the kinds of things you can't see from the center." - Kurt Vonnegut
Joe Mamma Posted September 1, 2005 Posted September 1, 2005 Without that' date=' you may allow SQL injection to get in your code. By using parameters you won't have to worry about that.[/quote']Exactly. Also the code reads cleanly: Dim cmd As New SqlCommand("UPDATE ClientInfo SET " & _ [indent]"OutJudgements = @judgement where LeadID = @leadId", new SqlConnection(someConnStr)) [/indent] try [indent] cmd.Parameters.Add(@judgement, ddlLegal.SelectedValue) cmd.Parameters.Add(@leadId, intLeadid) cmd.Connection.Open() cmd.ExecuteNonQuery() [/indent] finally [indent] try [indent]cmd.Connection.Dispose() [/indent] finally [indent]cmd.Dispose() [/indent] end [/indent]end BTW, there are alot of bad practices you are employing in your example. Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.