IxiRancid Posted February 21, 2006 Posted February 21, 2006 (edited) I ran into a nasty problem, perhaps someone can help me: I'm inserting/updating some data into database. Some of the fields are Double type. Now, when I do this: Dim strUPDATE As String strUPDATE = "UPDATE tblPostavke SET " & _ "IDpodjetja = " & s_podjetje & ", " & _ "zunanjast = '" & s_zunanjast & "', " & _ "datumvnosa = " & s_datumvnosa & ", " & _ "datumopravljene = " & s_datumopravljene & ", " & _ "datumzapadlosti = " & s_datumzapadlosti & ", " & _ "znesekSIT = " & s_znesekSIT & ", " & _ "znesekEUR = " & s_znesekEUR & _ " WHERE IDfaktura = 21" Some values (got from s_znesekEUR = txtZnsesek.Text - s_znesekEUR = Double) get this value 123,45. It's because of my local settings in WinXP. Can I somehow change this decimal sign into a dot (.)? Because the UPADTE clearely doesn't work, it's like there is an additional value after the comma. Hope it's clear enough and thanks! Edited February 22, 2006 by PlausiblyDamp Quote
Administrators PlausiblyDamp Posted February 21, 2006 Administrators Posted February 21, 2006 If you use either a stored procedure or a parameterised query then this wouldn't be an issue. String concatenation and SQL statements are always error prone, subject to odd issues like localisation and a potential security risk. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
kejpa Posted February 21, 2006 Posted February 21, 2006 Standard answer... Use Parameters instead of parsing a string. Safer and more robust HTH /Kejpa Quote
IxiRancid Posted February 21, 2006 Author Posted February 21, 2006 Thanks to both, but those Parameters are really time consuming (I write my code by hand so I dont use DataAdapters and Designer stuff), however this probably will be the solution. I got something to work with RegEx, but it took a lot of time, I think this will be as it is, and the next pages will use Parameters. Quote
Administrators PlausiblyDamp Posted February 21, 2006 Administrators Posted February 21, 2006 The big question is though how much more time consuming is it to do data access with parameters in the first place compared to the time and effort taken to debug your string concatenation based code. Plus the time taken to handle all the special cases that only crop up at runtime. Plus invalid input / data types. Plus security implications. In the end did you save anytime by having to resort to RegEx to make this work... Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Joe Mamma Posted February 21, 2006 Posted February 21, 2006 Thanks to both, but those Parameters are really time consuming (I write my code by hand so I dont use DataAdapters and Designer stuff), however this probably will be the solution. I got something to work with RegEx, but it took a lot of time, I think this will be as it is, and the next pages will use Parameters. With intellisense and code completion, parameters are trivial. And as PD mentioned . . . I know exactly how much time it costs to code with parameters. I have no idea what a bug will cost, time - money - customers. Nip it in the bud! Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.