SQl Update Error:No value given for one or more required parameters RRS feed

  • Question


    Hello for everybody,
    I have been try to but an update code in my project but unfortunately something not good occurs with my program
    I will give full syntax and try to find out the error in this code



    The syntax is


    Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click


    Dim strSQL As String

    If txtname.Text <> "" Then

    Dim DataAdapter2 As OleDbDataAdapter = New OleDbDataAdapter

    Dim DataSet2 As DataSet = New DataSet

    If bAdd Then

    DataAdapter2.SelectCommand = New OleDbCommand("SELECT * FROM tb_supplier WHERE suppliername='" & txtname.Text & "'", Con)



    If DataSet2.Tables(0).Rows.Count = 0 Then

    strSQL = "INSERT INTO Tb_Supplier([supplierNo],[SupplierName],[Phone],[Email],[Fax]) VALUES (" & txtcount.Text & ",'" & txtname.Text & "'," & txtphone.Text & ",'" & txtemail.Text & "'," & txtfax.Text & ")"

    Dim dCmdx As OleDbCommand = New OleDbCommand(strSQL, Con)



    MessageBox.Show("The supplier name is successfully added into the database.", "Supplier Information Addition", MessageBoxButtons.OK, MessageBoxIcon.Information)

    bAdd = False

    bSuccess = True

    GroupBox1.Enabled = False


    MessageBox.Show("The supplier name entered is already found. ", "Error: Duplicate supplier name", MessageBoxButtons.OK, MessageBoxIcon.Error)

    End If


    ElseIf bEdit Then

    strSQL = "UPDATE Tb_Supplier SET suppliername='" & txtname.Text & "',phone='" & txtphone.Text & "', fax='" & txtfax.Text & "' , email='" & txtemail.Text & "' WHERE suppliernumber= " & txtcount.Text

    Dim dCmdx As OleDbCommand = New OleDbCommand(strSQL, Con)



    bEdit = False

    bSuccess = True

    GroupBox1.Enabled = False

    End If

    If bSuccess Then

    txtname.BackColor = Color.FromKnownColor(KnownColor.Window)

    btnadd.Enabled = True

    btnsave.Enabled = False

    btnedit.Enabled = True

    btndelete.Enabled = True

    btncancel.Enabled = False

    btnclose.Enabled = True




    bSuccess = False

    End If


    MessageBox.Show("Unable to save the information to the database." & vbCrLf & vbCrLf & "Please complete all the needed information.", "Error: Incomplete Information", MessageBoxButtons.OK, MessageBoxIcon.Error)

    txtname.BackColor = Color.FromArgb(255, 255, 192)

    End If


    End Sub



    The error message which I have received is:
    OleDbException was unhandled
    No value given for one or more required parameters


    Plz I need a help from anybody to get a good solution for this problem

    With Regards,

    Thursday, April 17, 2008 5:20 PM


  • Do you know which statement throws exception? Try to put all column names in your last UPDATE SQL statement into square brakets same way as you have done with INSERT statement.

    On another note - your code introduces SQL injection vulnerability, concatenating values from text boxes into SQL strings. You need to change your code to use parameterized queries to avoid it. Otherwise clients can execute any SQL statements they want using your application. Here is sample how to use parameters



    Friday, April 18, 2008 9:49 AM