How to parameterise sql statments in vb.net? - sql-server

i have the following SQL statement to search for records in a table and store them in a listview called 'lvw'. how should i convert it into a parameterised statement to prevent sql injection attacks? thanks
con.Open()
Dim da As New SqlDataAdapter("Select * from Students " & _
"where student_id like '%" & Me.srcTxt.Text.Trim & "%' " & _
"or " & _
"student_firstname like '%" & Me.srcTxt.Text.Trim & "%' " & _
"or " & _
"student_lastname like '%" & Me.srcTxt.Text.Trim & "%'", con)
da.Fill(ds)
con.Close()
For i As Integer = 0 To ds.Tables(0).Rows.Count - 1
Dim lvi As New ListViewItem
lvi.Text = ds.Tables(0).Rows(i)(0).ToString()
For j As Integer = 1 To ds.Tables(0).Rows(i).ItemArray.Length - 1
lvi.SubItems.Add(ds.Tables(0).Rows(i)(j).ToString())
Next
lvw.Items.Add(lvi)
Next


Just place parameters in the string and then add the appropriate values to the adapter's SelectCommand:
Dim da As New SqlDataAdapter("Select * from Students " & _
"where student_id like #searchTerm " & _
"or " & _
"student_firstname like #searchTerm " & _
"or " & _
"student_lastname like #searchTerm", con)
da.SelectCommand.Parameters.AddWithValue("#searchTerm", _
"%" + Me.srcTxt.Text.Trim + "%")

Related

Pass Array Into Subroutine for Excel VBA?

I'm trying to pass the results of an array into a subroutine. I have an array that picks up four different Buyer codes from a list. They're labelled as BuyOne, BuyTwo, BuyThree, BuyFour. I'm trying to get the results into the next subroutine, but I'm getting a type mismatch at the subroutine call. Even when I fiddle with it I don't know how to get the results into the subroutine. Can anyone tell me what i'm doing wrong?
Code below:
lastRow = Range("O" & Rows.Count).End(xlUp).Row
Set rBuyerList = Range("O1:O" & lastRow)
arrBuyer = Array("BuyOne", "BuyTwo", "BuyThree", "BuyFour")
For i = 0 To UBound(arrBuyer)
With Application
chkFind = .IfError(.Match(Range(arrBuyer(i)), Range("O1:O50"), 0), 0)
End With
If Range(arrBuyer(i)) = vbNullString Or chkFind = False Then
MsgBox "Invalid Buyer Code.." & arrBuyer(i)
Range(arrBuyer(i)).Select
End If
Next i
Call runFinished(sFrDt, sToDt, arrBuyer())
Sheets("Main Sheet").Select
MsgBox ("done...")
End Sub
Sub runFinished(sFrDt As String, sToDt As String, arrBuyer() As Variant)
Dim SQL As String
' add a new work sheet
ActiveWorkbook.Worksheets.Add
' dispay Criteria
Cells(1, 1) = "Run Date: " & Now()
Call MergeLeft("A1:B1")
Cells(2, 1) = "Criteria:"
Cells(2, 2) = "From " & Range("reqFrDT") & " -To- " & Range("reqToDt")
' SQL
SQL = "select a.StockCode [Finished Part], a.QtyToMake, FQOH,FQOO,/*FQIT,*/FQOA, b.Component [Base Material], CQOH,CQOO,CQIT,CQOA " & _
"from ( " & _
" SELECT StockCode, sum(QtyToMake) QtyToMake " & _
" from [MrpSugJobMaster] " & _
" WHERE 1 = 1 " & _
" AND JobStartDate >= '" & sFrDt & "' " & _
" AND JobStartDate <= '" & sToDt & "' " & _
" AND JobClassification = 'OUTS' " & _
" AND ReqPlnFlag <> 'I' AND Source <> 'E' Group BY StockCode " & _
" ) a " & _
"LEFT JOIN BomStructure b on a.StockCode = b.ParentPart " & _
"LEFT JOIN ( " & _
" select StockCode, sum(QtyOnHand) FQOH, Sum(QtyAllocated) FQOO, Sum(QtyInTransit) FQIT, Sum(QtyOnOrder) FQOA " & _
" from InvWarehouse " & _
" where Warehouse in ('01','DS','RM') " & _
" group by StockCode " & _
") c on a.StockCode = c.StockCode " & _
"LEFT JOIN ( " & _
" select StockCode, sum(QtyOnHand) CQOH, Sum(QtyAllocated) CQOO, Sum(QtyInTransit) CQIT, Sum(QtyOnOrder) CQOA " & _
" from InvWarehouse " & _
" where Warehouse in ('01','DS','RM') " & _
" group by StockCode " & _
") d on b.Component = d.StockCode "
SQL = SQL & _
"LEFT JOIN InvMaster e on a.StockCode = e.StockCode " & _
"WHERE 1 = 1 " & _
"and e.Buyer in ('" & BuyOne & "','" & BuyTwo & "','" & BuyThree & "','" & BuyFour & "') " & _
"ORDER BY a.StockCode "

If you have this line in your code
arrBuyer = Array("BuyOne", "BuyTwo", "BuyThree", "BuyFour")
Proper call should be
Call runFinished(sFrDt, sToDt, arrBuyer)
And proper declaration of the function is
Sub runFinished(sFrDt As String, sToDt As String, arrBuyer As Variant) without ()
Edit (Thanks to #Rory)
Previously stated is true if arrBuyer was not declared as follows: dim arrBuyer() as variant or dim arrBuyer(). On the other hand if declaration was dim arrBuyer() 'as variant OP's code would work w/o any changes.
Final note: I still prefer not using arrBuyer() As Variant in the sub declaration.

Incorrect Syntax Error running SQL command in VB.NET

I have a SQL command that I'm running in VB.NET... I've written this type of command countless times, however, I'm getting an error when trying to process the command below:
Dim VIconn As New SqlConnection("Data Source=MBSRVERP01;Initial Catalog=MBUk;Integrated Security=True")
Dim CMDoperation As SqlCommand = New SqlCommand()
CMDoperation.Connection = VIconn
CMDoperation.CommandText = ("INSERT INTO PRJCREATION.dbo.OPERATION_CO (WORKORDER_TYPE, WORKORDER_BASE_ID, WORKORDER_LOT_ID, WORKORDER_SPLIT_ID, WORKORDER_SUB_ID, SEQUENCE_NO, RESOURCE_ID, SETUP_HRS, " _
& "RUN, RUN_TYPE, LOAD_SIZE_QTY, RUN_HRS, MOVE_HRS, TRANSIT_DAYS, SERVICE_ID, SCRAP_YIELD_PCT, SCRAP_YIELD_TYPE, FIXED_SCRAP_UNITS, MINIMUM_MOVE_QTY, CALC_START_QTY, " _
& "CALC_END_QTY, COMPLETED_QTY, DEVIATED_QTY, ACT_SETUP_HRS, ACT_RUN_HRS, STATUS, SETUP_COMPLETED, SERVICE_BEGIN_DATE, CLOSE_DATE, OPERATION_TYPE, DRAWING_ID, DRAWING_REV_NO, " _
& "OVERRIDE_QTYS, BEGIN_TRACEABILITY, CAPACITY_USAGE_MAX, CAPACITY_USAGE_MIN, TEST_ID, SPC_QTY, SCHED_START_DATE, SCHED_FINISH_DATE, COULD_FINISH_DATE, ISDETERMINANT, " _
& "SETUP_COST_PER_HR, RUN_COST_PER_HR, RUN_COST_PER_UNIT, BUR_PER_HR_SETUP, BUR_PER_HR_RUN, BUR_PER_UNIT_RUN, SERVICE_BASE_CHG, BUR_PERCENT_SETUP, BUR_PERCENT_RUN, " _
& "BUR_PER_OPERATION, EST_ATL_LAB_COST, EST_ATL_BUR_COST, EST_ATL_SER_COST, REM_ATL_LAB_COST, REM_ATL_BUR_COST, REM_ATL_SER_COST, ACT_ATL_LAB_COST, ACT_ATL_BUR_COST, " _
& "ACT_ATL_SER_COST, EST_TTL_MAT_COST, EST_TTL_LAB_COST, EST_TTL_BUR_COST, EST_TTL_SER_COST, REM_TTL_MAT_COST, REM_TTL_LAB_COST, REM_TTL_BUR_COST, REM_TTL_SER_COST, " _
& "ACT_TTL_MAT_COST, ACT_TTL_LAB_COST, ACT_TTL_BUR_COST, ACT_TTL_SER_COST, SPLIT_ADJUSTMENT, MILESTONE_ID, SCHEDULE_TYPE, MIN_SEGMENT_SIZE, PROTECT_COST, DRAWING_FILE, " _
& "DISPATCHED_QTY, SERVICE_MIN_CHG, VENDOR_ID, VENDOR_SERVICE_ID, SERVICE_PART_ID, LAST_DISP_DATE, LAST_RECV_DATE, WAREHOUSE_ID, ALLOCATED_QTY, FULFILLED_QTY, " _
& "LEAST_MIN_MOVE_QTY, MAX_GAP_PREV_OP, APPLY_CALENDAR, MAX_DOWNTIME, ACCUM_DOWNTIME, RUN_QTY_PER_CYCLE, USER_1, USER_2, USER_3, USER_4, USER_5, USER_6, USER_7, USER_8, " _
& "USER_9, USER_10, UDF_LAYOUT_ID, NUM_MEM_TO_SCHED, SERVICE_BUFFER, MILESTONE_SUB_ID, POST_MILESTONE, PROJ_MILESTONE_OP, WBS_CODE, WBS_START_DATE, WBS_END_DATE, " _
& "WBS_DURATION, MILESTONE_SEQ_NO, PRD_INSP_PLAN_ID, SETUP_INSPECT_REQ, RUN_INSPECT_REQ, STATUS_EFF_DATE, PRED_SUB_ID, PRED_SEQ_NO, SITE_ID, SCHED_CAPACITY_USAGE)" _
& "SELECT WORKORDER_TYPE, WORKORDER_BASE_ID + 'F', WORKORDER_LOT_ID, WORKORDER_SPLIT_ID, WORKORDER_SUB_ID, SEQUENCE_NO, RESOURCE_ID, SETUP_HRS, " _
& "RUN, RUN_TYPE, LOAD_SIZE_QTY, RUN_HRS, MOVE_HRS, TRANSIT_DAYS, SERVICE_ID, SCRAP_YIELD_PCT, SCRAP_YIELD_TYPE, FIXED_SCRAP_UNITS, MINIMUM_MOVE_QTY, CALC_START_QTY, " _
& "CALC_END_QTY, COMPLETED_QTY, DEVIATED_QTY, ACT_SETUP_HRS, ACT_RUN_HRS, 'R', SETUP_COMPLETED, SERVICE_BEGIN_DATE, NULL, OPERATION_TYPE, DRAWING_ID, DRAWING_REV_NO, " _
& "OVERRIDE_QTYS, BEGIN_TRACEABILITY, CAPACITY_USAGE_MAX, CAPACITY_USAGE_MIN, TEST_ID, SPC_QTY, NULL, NULL, NULL, ISDETERMINANT, " _
& "SETUP_COST_PER_HR, RUN_COST_PER_HR, RUN_COST_PER_UNIT, BUR_PER_HR_SETUP, BUR_PER_HR_RUN, BUR_PER_UNIT_RUN, SERVICE_BASE_CHG, BUR_PERCENT_SETUP, BUR_PERCENT_RUN, " _
& "BUR_PER_OPERATION, EST_ATL_LAB_COST, EST_ATL_BUR_COST, EST_ATL_SER_COST, REM_ATL_LAB_COST, REM_ATL_BUR_COST, REM_ATL_SER_COST, ACT_ATL_LAB_COST, ACT_ATL_BUR_COST, " _
& "ACT_ATL_SER_COST, EST_TTL_MAT_COST, EST_TTL_LAB_COST, EST_TTL_BUR_COST, EST_TTL_SER_COST, REM_TTL_MAT_COST, REM_TTL_LAB_COST, REM_TTL_BUR_COST, REM_TTL_SER_COST, " _
& "ACT_TTL_MAT_COST, ACT_TTL_LAB_COST, ACT_TTL_BUR_COST, ACT_TTL_SER_COST, SPLIT_ADJUSTMENT, MILESTONE_ID, SCHEDULE_TYPE, MIN_SEGMENT_SIZE, PROTECT_COST, DRAWING_FILE, " _
& "DISPATCHED_QTY, SERVICE_MIN_CHG, VENDOR_ID, VENDOR_SERVICE_ID, SERVICE_PART_ID, LAST_DISP_DATE, LAST_RECV_DATE, WAREHOUSE_ID, ALLOCATED_QTY, FULFILLED_QTY, " _
& "LEAST_MIN_MOVE_QTY, MAX_GAP_PREV_OP, APPLY_CALENDAR, MAX_DOWNTIME, ACCUM_DOWNTIME, RUN_QTY_PER_CYCLE, USER_1, USER_2, USER_3, USER_4, USER_5, USER_6, USER_7, USER_8, " _
& "USER_9, USER_10, UDF_LAYOUT_ID, NUM_MEM_TO_SCHED, SERVICE_BUFFER, MILESTONE_SUB_ID, POST_MILESTONE, PROJ_MILESTONE_OP, WBS_CODE, WBS_START_DATE, WBS_END_DATE, " _
& "WBS_DURATION, MILESTONE_SEQ_NO, PRD_INSP_PLAN_ID, SETUP_INSPECT_REQ, RUN_INSPECT_REQ, STATUS_EFF_DATE, PRED_SUB_ID, PRED_SEQ_NO, SITE_ID, SCHED_CAPACITY_USAGE" _
& "FROM MBUK.dbo.OPERATION db2 " _
& "WHERE (db2.WORKORDER_BASE_ID = '" & rw.Cells(8).Value & "')")
CMDoperation.ExecuteNonQuery()
The error I get is {"Incorrect syntax near '.'."}
The SQL command is simply inserting data from a table in database A into a table in database B... Nothing complex.
Can anyone spot where I'm going wrong here?
Thanks

Here my 2 cents:
pay attention to VB concatenation, the end of the line is strictly attached to the following one, so in your code
& "WBS_DURATION, MILESTONE_SEQ_NO, PRD_INSP_PLAN_ID, SETUP_INSPECT_REQ, RUN_INSPECT_REQ, STATUS_EFF_DATE, PRED_SUB_ID, PRED_SEQ_NO, SITE_ID, SCHED_CAPACITY_USAGE" _
& "FROM MBUK.dbo.OPERATION db2 " _
vb ends concatenating words in this way: SCHED_CAPACITY_USAGEFROM
so add an extra space at the end of each line you concatenate.

Automation Error when executing SQL Server Script in Excel VBA

I am opening an SQL Server Connection in EXCEL VBA and on the objMyCmd.Execute line when it is using the SQL script I am getting this error message:
"Run-time error '-2147217900 (80040e14)') Automation error"
I have reviewed other SO posts that seem to reference an issue with the connection string itself, but I don't believe that is the issue as I am able to pull the first few variables listed when eliminating the rest of the SQL script.
I have attempted to review the SQL code to see if I am using an incorrect format, or if the language is not written properly and I am not able to determine the issue. I am hoping with some Q & A we may notice something I have missed in how this is written? Please let me know if there is additional information I can provide, below is the code up to the point of error.
Sub SQL_GetAgentChart()
Dim dtDate As Date
Dim myTable As ListObject
Dim DataServer As String
Dim Database As String
Dim constring As String
DataServer = "GLSSQLMADP2"
Database = "PERF_MGMT_BWRSRV_PROD"
constring = "Driver={SQL Server};Server=" & DataServer & "; Database=" & Database & "; Trusted_Connection=yes"
Dim AVStartDate As Date
Dim AVEndDate As Date
Dim RepID As Long
'Declare variables'
Set objMyConn = New ADODB.Connection
Set objMyCmd = New ADODB.Command
Set objMyRecordset = New ADODB.Recordset
Set myTable = Worksheets("Witness").ListObjects("tblWitness")
AVStartDate = DateValue("Mar 01, 2016")
AVEndDate = DateValue("Mar 31, 2016")
RepID = 2040
'Open Connection'
objMyConn.ConnectionString = constring
objMyConn.Open
'Set and Excecute SQL Command'
Set objMyCmd.ActiveConnection = objMyConn
objMyCmd.CommandText = " " & _
"SELECT PERSN_XTRNL_ID_NR, SOURCE, LOGGINGTS, DD7, CUREREASON, CUREDATE, LNSTATUS " & _
"FROM TTB " & _
"WITH INCALL AS (SELECT T.CUREREASON, CUREVALUE " & _
"FROM TTB T " & _
"JOIN PERSONNEL P ON T.PERSONNELID = P.PERSONNELID " & _
"LEFT JOIN CURETRANSLATE C ON T.CUREREASON = C.CUREREASON AND T.LNSTATUS = C.STATUS " & _
"WHERE T.PERSONNELID = " & RepID & " " & _
"AND LOGGINGTS > '" & AVStartDate & "' " & _
"AND LOGGINGTS < '" & AVEndDate + 1 & "' " & _
"AND INCOMING = 1 " & _
"AND DD7 > 0), OUTCALL AS (SELECT T.CUREREASON, CUREVALUE " & _
"FROM TTB T " & _
"JOIN AVAYA A ON T.UID = A.TTBUID " & _
"LEFT JOIN CURETRANSLATE C ON T.CUREREASON = C.CUREREASON AND T.LNSTATUS = C.STATUS " & _
"WHERE PERSONNELID = " & RepID & " " & _
"AND LOGGINGTS > '" & AVStartDate & "' " & _
"AND LOGGINGTS < '" & AVEndDate + 1 & "' " & _
"AND INCOMING = 0 " & _
"AND A.AVAYAGROUP IN ('15', '1A', '1B', '1C', '1D', '1E', '1F', '1G', '1H') " & _
"AND DD7 > 0) "
objMyCmd.CommandType = adCmdText
objMyCmd.Execute

aClassic ASP : How to locate an specific order in array, or record-set. Then move Next or Previous, starting from that order

I have done a bit of work on my code, and still unsure about how some of the code needs to be done in order to work.
So far I got a function named FunctionUp' coded, this is the code that will go in the following sequence:
If array of orders contains:
'A1G722
'A1G723
'A1G724
'A1G725
'A1G726
'A1G727
I added a reference to the current location as a query-string parameter named rowindex, so if the order passed in query-string is 'A1G725', the row index value will be 4, then function code will ideally browse in this sequence: 'A1G725', 'A1G724', 'A1G723', 'A1G722'
The code for the button:
.Write "<input type='submit' name='btnUp' value='Next' class='buttonRight' />"
The code that calls the function:
If Request("btnUp") = "Next" Then Call FuctionUp()
The code for the function:
Function FuctionUp()
Dim objConn
Dim objRS
Dim SQLOrderList
Dim SQLCurrentOrder
Dim currentorder
Dim previousorder
Dim sortby
Dim dtstart
Dim dtend
Dim index
currentorder = Trim(Request.QueryString("order"))
sortby = Request.QueryString("sortby")
currentorder = Request.QueryString("order")
dtstart = Request.QueryString("start")
dtend = Request.QueryString("end")
Set objRS = Server.CreateObject("ADODB.Recordset")
Set objConn = CreateObject("ADODB.Connection")
objConn.Open Application("conn_AWDSTAGE")
objRS.Cursortype = 3
SQLOrderList = "SELECT orderno" & _
" FROM _order" & _
" WHERE order_date >= '" & dtstart & "'" & _
" AND order_date < '" & dtend & "'" & _
" ORDER BY " & sortby
objRS.Open SQLOrderList, objConn
index = CINT(Request.QueryString("rowindex"))
If Not isNumeric(index) Or index = "" Then
index = 0
End If
'Get this to Array.
Dim iArray
Dim i
Dim sizeOfiArray
iArray = objRS.GetRows()
' sample of array contents after sql execution
'A1G722
'A1G723
'A1G724
'A1G725
'A1G726
'A1G727
sizeOfiArray = uBound(iArray) + 1
if not index >= (sizeOfiArray - 1) then previousorder = (index + 1)
If Not previousorder Is Nothing Then
Response.Redirect("~/printpreview.asp?order=" & previousorder(i) &
"&site=" & spiderSiteKey &
"&env=" & strEnv &
"&start=" & CDate(dtstart) &
"&end=" & CDate(dtend) &
"&rowindex=" & (index + 1) &
"&sortby=" & sortby)
Else
Response.Redirect("~/printpreview.asp?order=" & currentOrder.OrderID &
"&site=" & spiderSiteKey &
"&env=" & strEnv &
"&start=" & CDate(dtstart)) &
"&end=" & CDate(dtend) &
"&rowindex=" & (index) &
"&sortby=" & strSortBy &
"&LastRecord=Up")
End If
objRS.Close()
Set objRS = Nothing
objConn.Close()
Set objConn = Nothing
End Function

Wouldn't it be easier simply to get the next or previous orders directly from the database using SQL:
sSQLGetPrevOrder = "SELECT top(1) PREV.* " _
& " FROM [Order] PREV " _
& " JOIN ( " _
& " SELECT " & strOrderBy & " sortvalue, orderno " _
& " FROM Order WHERE orderno='" & strCurrentOrder & "' " _
& " ) CURR " _
& " ON PREV." & strOrderBy & " < CURR.sortvalue " _
& " OR ( PREV." & strOrderBy & " = CURR.sortvalue " _
& " AND PREV.orderno < CURR.orderno ) " _
& " ORDER BY PREV." & strOrderBy & " DESC, PREV.orderno DESC "
sSQLGetNextOrder = "SELECT top(1) NXT.* " _
& " FROM [Order] NXT " _
& " JOIN ( " _
& " SELECT " & strOrderBy & " sortvalue, orderno " _
& " FROM Order WHERE orderno='" & strCurrentOrder & "' " _
& " ) CURR " _
& " ON NXT." & strOrderBy & " > CURR.sortvalue " _
& " OR ( NXT." & strOrderBy & " = CURR.sortvalue " _
& " AND NXT.orderno > CURR.orderno ) " _
& " ORDER BY NXT." & strOrderBy & " ASC, NXT.orderno ASC "
(Apologies if this code has syntax errors, I have not been able to test it)
If orderno is always a number, you could omit the quote marks around strCurrentOrder.

SQL Date Format

I'm working with an SQL Server and I'm create a program to add records to the database. However, the database's field for the Dates of Births isn't being accepted.
At the server side, the data type is 'Date' on MS Express SQL Server that should be YYYY-MM-DD. However, when trying to 'upload' the new records from the program the dates are being rejected. I know it's down to how I'm formatting them and particularly I know it's literally just two lines of code; But I can't get it going!
SQL = "Insert into PersonsA(Members_ID," & _
"Gamer_Tag," & _
"Screenname," & _
"First_Name," & _
"Last_Name," & _
"DoB," & _
"E_Mail_Address," & _
"Position," & _
"U_G_Studio," & _
"Cautions," & _
"Record," & _
"Event_Attendance," & _
"Member_Status) values('" & Me.midtxt.Text.Trim & "'," & _
"'" & Me.gttxt.Text.Trim & "'," & _
"'" & Me.sntxt.Text.Trim & "'," & _
"'" & Me.fntxt.Text.Trim & "'," & _
"'" & Me.lntxt.Text.Trim & "'," & _
"" & Val(Me.dobtxt.Text) & "" & _ 'THIS IS THE DATES OF BIRTHS
"'" & Format(Me.dobtxt.Text, "YYYY-MM-DD") & "'," & _ 'THIS IS FORMATTING
"'" & Me.emailtxt.Text.Trim & "'," & _
"'" & Me.teamptxt.Text.Trim & "'," & _
"'" & Me.ugptxt.Text.Trim & "'," & _
"'" & Me.ugctxt.Text.Trim & "'," & _
"'" & Me.recordtxt.Text.Trim & "'," & _
"'" & Me.eventatxt.Text.Trim & "'," & _
"'" & Me.Mstattxt.Text.Trim & "')"
So as you can see the two lines I'm having trouble are:
"" & Val(Me.dobtxt.Text) & "" & _
"'" & Format(Me.dobtxt.Text, "YYYY-MM-DD") & "'," & _
I know it'll be something really stupid, but I'm newish to programming.

Reject your command string and start using SqlParameter.
Dim conn As New SqlConnection("conStr")
Dim cmd As SqlCommand = conn.CreateCommand()
cmd.CommandText = "INSERT INTO [PersonsA] ([Members_ID], [Gamer_Tag]) VALUES (#Members_ID, #Gamer_Tag);"
cmd.Parameters.AddWithValue("#Members_ID", Me.midtxt.Text.Trim) '<- If Int type change to: Integer.Parse(Me.midtxt.Text.Trim)
cmd.Parameters.AddWithValue("#Gamer_Tag", Me.gttxt.Text.Trim)
conn.Open()
cmd.ExecuteNonQuery()
Date column example:
cmd.Parameters.AddWithValue("#MY_DATE_PARAM", Date.Parse(Me.dateTextBox.Text.Trim))

Resources