I've the code to input the values dynamically, when I use it to add the values for the first time, it's fine, but when I want to edit it, the old values didn't inserted on sql query but the new values inserted
Here is the example:
here is the code:
============the function=================
sub ShowItemfgEdit(query,selItemName,defValue,num,cdisable)
response.write "<select " & cdisable & " num=""" & num & """ id=""itemCombo"" name=""" & selItemName & """ class=""label"" onchange=""varUsage.ChangeSatuanDt(this)"">"
if NOT query.BOF then
query.moveFirst
WHILE NOT query.EOF
tulis = ""
if trim(defValue) = trim(query("ckdbarang")) then
tulis = "selected"
end if
response.write "<option value=""" & trim(query("ckdbarang")) & """" & tulis & ">" & trim(query("ckdbarang")) & " - " & trim(query("vnamabarang"))
query.moveNext
WEND
end if
response.write "</select>"
end sub
============calling the function================
<td class="rb" align="left"><% call ShowItemfgEdit(qGetItemfgGrp,"fitem",qGetUsageDt("ckdfg"),countLine,readonlyfg) %></td>
==============post the value======================
<input type="hidden" name="fitem" value="">
================get the value===================
for i = 1 to request.form("hdnOrderNum")
if request.form("selOrdItem_" & i) <> "" then
'bla...blaa...blaa...
ckdfg = trim(request.form("fitem_" & i)) '<==here is the problem
objCommand.commandText = "INSERT INTO IcTrPakaiDt " &_
"(id, id_h, ckdunitkey, cnopakai, dtglpakai, ckdbarang, ckdgudang, nqty1, nqty2, csatuan1, csatuan2, nqtypakai, csatuanpakai, vketerangan, cJnsPakai, ckdprodkey, ckdfg, ncountstart, ncountstop, ncounttotal) " &_
" VALUES " &_
" (" & idDt & ",'" & idHd & "','" & selLoc & "','" & nopakai & "','" & cDate(request.form("hdnUsageDate")) & "','" & trim(ckdbarang) & "','" & trim(ckdgudang) & "'," & nqty1 & "," & nqty2 & ",'" & trim(csatuan1) & "','" & trim(csatuan2) & "'," & nqtypakai & ",'" & csatuanpakai & "','" & trim(keteranganItem) & "','" & trim(cjnspakai) & "','" & ckdprodkey & "','" &ckdfg& "'," & cnt1 & "," & cnt2 & "," & totalcnt & ")"
set qInsertPakaiDt = objCommand.Execute
end if
next
problem: old value of ckdfg didn't inserted to query, but the new value inserted.
How to fix this bug?
You try to post a field with the name fitem rather than fitem_x.
Note: Besides your bug, your code has several bugs including security-related. You don't sanitize the input, for example, for SQL Injection attacks.
Related
This question already has answers here:
run time error "3061" : too few parameters, expected 1
(2 answers)
Closed 7 years ago.
I have the following vb statement at Microsoft Access 2010
CurrentDb.Execute "INSERT INTO Table3(Names,ID, center, village, association , BOD ) " & _
" VALUES(" & Me.fullnametxt & ",'" & Me.worktxt & "','" & _
Me.Combo39 & "','" & Me.assoctxt & "','" & Me.datetraintxt & "','" & Me.datetraintxt & "')"
It generates
Run-time error '3061'. Too few parameters. Expected 1.
You miss some quotes:
CurrentDb.Execute "INSERT INTO Table3 ( Names, ID, center, village, association , BOD ) " & _
" VALUES ('" & Me.fullnametxt & "','" & Me.worktxt & "','" & _
Me.Combo39 & "','" & Me.assoctxt & "','" & Me.datetraintxt & "','" & Me.datetraintxt & "')"
I keep getting a syntax error when I run a debug on the following code:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles add.Click
Dim cmd As New OleDb.OleDbCommand
If Not cnn.State = ConnectionState.Open Then
'Open Connection if not yet Open
cnn.Open() End If
cmd.Connection = cnn
If Me.sn.Tag & "" = "" Then
cmd.CommandText = "INSERT INTO First_Year(Student_No,Lastname,Firstname,Year_Level,Enroll_Date,SEX,SY,CIVIL_STATUS,Religion,Birthdate,TEL_NO,Father,Occupation_F,Mother,Occupation_m,School Last Attended,Address School,Middle_Name)" +
"VALUES ('" & Me.sn.Text & "','" & Me.fn.Text & "','" & Me.ln.Text & "' ,'" & Me.Year.Text & "','" & Me.ed.Value & "','" & Me.s.Text & "','" & Me.sy.Text & "','" & Me.cs.Text & "','" & Me.re.Text & "'," & Me.cn.Text & ",'" & Me.bd.Value & "','" & Me.fa.Text & "','" & Me.fo.Text & "','" & Me.ma.Text & "','" & Me.mo.Text & "','" & Me.lad.Text & "','" & Me.ad.Text & "','" & Me.mi.Text & "')"
cmd.ExecuteNonQuery()
Can some please point out to me whats wrong with it?
You have some fields name that contains spaces. To use these fields names you need to enclose them in square brackets
cmd.CommandText = "INSERT INTO First_Year " & _
"(Student_No,Lastname,Firstname,Year_Level,Enroll_Date,SEX, " & _
"SY,CIVIL_STATUS,Religion,Birthdate,TEL_NO,Father,Occupation_F,Mother, " &
"Occupation_m,[School Last Attended],[Address School],Middle_Name) " &
"...... "
Said that, remember that string concatenations like yours lead to Sql Injection and problem in parsing strings that contains quotes (O'Brien) or decimal numbers or date
Search about Sql Injection and Parameterized queries
A parameterized approach to your query would be
cmd.CommandText = "INSERT INTO First_Year " & _
"(Student_No,Lastname,Firstname,Year_Level,Enroll_Date,SEX, " & _
"SY,CIVIL_STATUS,Religion,Birthdate,TEL_NO,Father,Occupation_F,Mother, " &
"Occupation_m,[School Last Attended],[Address School],Middle_Name) " &
"VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
cmd.Parameters.AddWithValue("#p1", Me.sn.Text)
cmd.Parameters.AddWithValue("#p2", Me.fn.Text)
... and so on for the remainder 16 parameters placeholders
... respecting their position and converting to the appropriate datatype
you need to remove the space here (in your query) :
......School Last Attended,Address School.......
or write it like this :
..........[School Last Attended],[Address School]..........
The above error is being thrown when I run the below command:
CurrentDb.Execute "INSERT INTO Table2(FirstName, LastName)" & "VALUES('" & Me.frst_Name_txt & ", '" & Me.lst_Name_txt & "','" & "')"
Can anyone see where I am going wrong?
Thanks
The error:
You have extra value '" & "' and also Text data types require delimiters around the value. At its simplest an apostrophe.
Try this
CurrentDb.Execute "INSERT INTO Table2(FirstName, LastName)" & "VALUES('" & Me.frst_Name_txt & "','" & Me.lst_Name_txt & "')"
You're missing an apostrophe: CurrentDb.Execute "INSERT INTO Table2(FirstName, LastName) VALUES('" & Me.frst_Name_txt & "', '" & Me.lst_Name_txt & "')"
When I run this command on my table, it is bringing back the error shown in the title, can anyone see where I am going wrong?
CurrentDb.Execute "INSERT INTO Table2(VolsID, FirstName, LastName)" & _
"VALUES('" & Me.frst_Name_txt & "," & Me.lst_Name_txt & "," & _
Me.vol_ID_txt & "," & "')"
Thanks!
Try this
CurrentDb.Execute "INSERT INTO Table2(VolsID, FirstName, LastName)" & "VALUES('" & Me.frst_Name_txt & "','" & Me.lst_Name_txt & "','" & Me.vol_ID_txt & "')"
Try This. If VolsID is a string field, then wrap it with single quote. e.g. ('" & Me.frst_Name_txt & "')
CurrentDb.Execute "INSERT INTO Table2(VolsID, FirstName, LastName) VALUES (" & Me.vol_ID_txt & ",'" & Me.frst_Name_txt & "','" & Me.lst_Name_txt & "');"
This question already has an answer here:
Access VBA - Identifying text
(1 answer)
Closed 8 years ago.
I have a form and subform. Im trying to allow updates in the subform with the use of buttons. However my code is giving me.
KEY_ID is text, the other two are number types.
"Syntax error in query expression "5", ROOM=5. DRAWER=55 (this is the new value i tried to change it to) WHERE KEY_ID=5'.
This is an image of my form: http://jumpshare.com/b/17A7Pr
This is what im trying:
Private Sub cmdAdd_Click()
If Me.keyID.Tag & "" = "" Then
CurrentDb.Execute "INSERT INTO KEYS(KEY_ID, ROOM, DRAWER)" & _
" VALUES('" & Me.keyID & "'," & Me.roomID & "," & Me.drawerID & ")"
subKey.Form.Requery
Else
CurrentDb.Execute "UPDATE KEYS " & _
" SET KEY_ID=" & Chr(39) & keyID & Chr(39) & _
", ROOM=" & Me.roomID & _
", DRAWER=" & Me.drawerID & _
" WHERE KEY_ID=" & Me.keyID.Tag
Debug.Print KEY_ID
End If
Solution:
CurrentDb.Execute "UPDATE KEYS " & _
" SET KEY_ID=" & Me.keyID & _
", ROOM=" & Me.roomID & _
", DRAWER=" & Me.drawerID & _
" WHERE KEY_ID=" & Chr(39) & keyID.Tag & Chr(39)
Solution:
CurrentDb.Execute "UPDATE KEYS " & _
" SET KEY_ID=" & Me.keyID & _
", ROOM=" & Me.roomID & _
", DRAWER=" & Me.drawerID & _
" WHERE KEY_ID=" & Chr(39) & keyID.Tag & Chr(39)
Try the code without Chr(39).. This should work.
Private Sub cmdAdd_Click()
If Me.keyID.Tag & "" = "" Then
CurrentDb.Execute "INSERT INTO KEYS(KEY_ID, ROOM, DRAWER)" & _
" VALUES('" & Me.keyID & "'," & Me.roomID & "," & Me.drawerID & ")"
subKey.Form.Requery
Else
CurrentDb.Execute "UPDATE KEYS " & _
" SET KEY_ID=" & keyID & _
", ROOM=" & Me.roomID & _
", DRAWER=" & Me.drawerID & _
" WHERE KEY_ID=" & Me.keyID.Tag
Debug.Print KEY_ID
End If