none
SQl Update Error:No value given for one or more required parameters RRS feed

  • Question

  •  

    Hello for everybody,
    I have been try to but an update code in my project but unfortunately something not good occurs with my program
    I will give full syntax and try to find out the error in this code

     

     

    The syntax is

     

    Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click

    'save

    Dim strSQL As String

    If txtname.Text <> "" Then

    Dim DataAdapter2 As OleDbDataAdapter = New OleDbDataAdapter

    Dim DataSet2 As DataSet = New DataSet

    If bAdd Then

    DataAdapter2.SelectCommand = New OleDbCommand("SELECT * FROM tb_supplier WHERE suppliername='" & txtname.Text & "'", Con)

    DataSet2.Clear()

    DataAdapter2.Fill(DataSet2)

    If DataSet2.Tables(0).Rows.Count = 0 Then

    strSQL = "INSERT INTO Tb_Supplier([supplierNo],[SupplierName],[Phone],[Email],[Fax]) VALUES (" & txtcount.Text & ",'" & txtname.Text & "'," & txtphone.Text & ",'" & txtemail.Text & "'," & txtfax.Text & ")"

    Dim dCmdx As OleDbCommand = New OleDbCommand(strSQL, Con)

    dCmdx.ExecuteNonQuery()

    dCmdx.Dispose()

    MessageBox.Show("The supplier name is successfully added into the database.", "Supplier Information Addition", MessageBoxButtons.OK, MessageBoxIcon.Information)

    bAdd = False

    bSuccess = True

    GroupBox1.Enabled = False

    Else

    MessageBox.Show("The supplier name entered is already found. ", "Error: Duplicate supplier name", MessageBoxButtons.OK, MessageBoxIcon.Error)

    End If

    'update

    ElseIf bEdit Then

    strSQL = "UPDATE Tb_Supplier SET suppliername='" & txtname.Text & "',phone='" & txtphone.Text & "', fax='" & txtfax.Text & "' , email='" & txtemail.Text & "' WHERE suppliernumber= " & txtcount.Text

    Dim dCmdx As OleDbCommand = New OleDbCommand(strSQL, Con)

    dCmdx.ExecuteNonQuery()

    dCmdx.Dispose()

    bEdit = False

    bSuccess = True

    GroupBox1.Enabled = False

    End If

    If bSuccess Then

    txtname.BackColor = Color.FromKnownColor(KnownColor.Window)

    btnadd.Enabled = True

    btnsave.Enabled = False

    btnedit.Enabled = True

    btndelete.Enabled = True

    btncancel.Enabled = False

    btnclose.Enabled = True

    DataBind()

    dataRefresh()

    txtname.Focus()

    bSuccess = False

    End If

    Else

    MessageBox.Show("Unable to save the information to the database." & vbCrLf & vbCrLf & "Please complete all the needed information.", "Error: Incomplete Information", MessageBoxButtons.OK, MessageBoxIcon.Error)

    txtname.BackColor = Color.FromArgb(255, 255, 192)

    End If

     

    End Sub

     

     

    The error message which I have received is:
    OleDbException was unhandled
    No value given for one or more required parameters

     

    Plz I need a help from anybody to get a good solution for this problem

    With Regards,
    banota

    Thursday, April 17, 2008 5:20 PM

Answers

  • Do you know which statement throws exception? Try to put all column names in your last UPDATE SQL statement into square brakets same way as you have done with INSERT statement.

    On another note - your code introduces SQL injection vulnerability, concatenating values from text boxes into SQL strings. You need to change your code to use parameterized queries to avoid it. Otherwise clients can execute any SQL statements they want using your application. Here is sample how to use parameters

     

    http://support.microsoft.com/kb/308049/en-us

     

    Friday, April 18, 2008 9:49 AM
    Moderator