1

I input the Right dataSource but it didnt i cant fixed the problem cmd.ExecuteNonQuery() saying:

Syntax error in INSERT INTO statement.

Code:

Private Sub btnadd1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnadd1.Click
    Dim cmd As New OleDb.OleDbCommand
    Dim Printlist1 As New DataTable
    If Not con.State = ConnectionState.Open Then
        con.ConnectionString = "Provider=Microsoft.Ace.OLEDB.12.0; Data Source=c:Database11.accdb"
        con.Open()
        cmd.Connection = con
    End If
    If Me.text1.Tag & "" = "" Then
        cmd.CommandText = "INSERT INTO Printlist1(StickerCode, Description, Company, Department, Location, User, SerialNumber, DatePurchased, Tagable, Quantity, Brand, Model)" & _
                            " VALUES(" & Me.text1.Text & ",'" & Me.text2.Text & "','" & _
                                Me.text3.Text & "','" & Me.text4.Text & "','" & Me.text5.Text & "','" & _
                                Me.text6.Text & "','" & Me.text7.Text & "','" & Me.text8.Text & "','" & _
                                Me.text9.Text & "','" & Me.text10.Text & "','" & Me.text11.Text & "','" & _
                                Me.text12.Text & "')"
        cmd = New OleDbCommand(cmd.CommandText, con)
        cmd.ExecuteNonQuery()
    Else
        cmd.CommandText = "UPDATE Printlist1 " & _
                        " SET StickerCode='" & Me.text1.Text & _
                        ", Description='" & Me.text2.Text & "'" & _
                        ", Company='" & Me.text3.Text & "'" & _
                        ", Department='" & Me.text4.Text & "'" & _
                        ", Location='" & Me.text5.Text & "'" & _
                        ", User='" & Me.text6.Text & "'" & _
                        ", SerialNumber='" & Me.text7.Text & "'" & _
                        ", DatePurchased='" & Me.text8.Text & "'" & _
                        ", Tagable='" & Me.text9.Text & "'" & _
                        ", Quantity='" & Me.text10.Text & "'" & _
                        ", Brand='" & Me.text11.Text & "'" & _
                        ", Model='" & Me.text12.Text & "'" & _
                        " WHERE text1=" & Me.text1.Tag
        cmd.ExecuteNonQuery()
    End If
    RefreshData()
    Me.btnclear1.PerformClick()
    con.Close()
End Sub
Improve this question
4
  • 5
    Please learn to use parameters. Commented Dec 3, 2013 at 16:11
  • When you trace through the code, what's the value of the cmd.CommandText property right before it gives it to the OleDbCommand? Also, as someone mentioned yesterday, you really ought to be using parameters. Commented Dec 3, 2013 at 16:11
  • I really dont think you have to use SQL to insert in a datatable, you can do it just with vb net code Commented Dec 3, 2013 at 16:13
  • Do any of those textboxes contain an apostrophe? Commented Dec 3, 2013 at 16:15

4 Answers 4

Reset to default
6

Use a parameterized query, like this:

cmd.CommandText = "INSERT INTO Printlist1(StickerCode, Description, Company, Department, Location, User, SerialNumber, DatePurchased, Tagable, Quantity, Brand, Model)" & _
                        " VALUES(@StickerCode, @Description, @Company, @Department, @Location, @User, @SerialNumber, @DatePurchased, @Tagable, @Quantity, @Brand, @Model)"

cmd.Parameters.AddWithValue("@StickerCode", Me.Text1.Text)
cmd.Parameters.AddWithValue("@Description", Me.Text2.Text)
cmd.Parameters.AddWithValue("@Company", Me.Text3.Text)
cmd.Parameters.AddWithValue("@Department", Me.Text4.Text)
cmd.Parameters.AddWithValue("@Location", Me.Text5.Text)
cmd.Parameters.AddWithValue("@User", Me.Text6.Text)
cmd.Parameters.AddWithValue("@SerialNumber", Me.Text7.Text)
cmd.Parameters.AddWithValue("@DatePurchased", Me.Text8.Text)
cmd.Parameters.AddWithValue("@Tagable", Me.Text9.Text)
cmd.Parameters.AddWithValue("@Quantity", Me.Text10.Text)
cmd.Parameters.AddWithValue("@Brand", Me.Text11.Text)
cmd.Parameters.AddWithValue("@Model", Me.Text12.Text)

Note: It is best to keep the order of the parameters in line with the query, as databases like Microsoft Access will not execute the query correctly if the order is altered.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i will try and i will try to understand the Parameterizes query..thankyou.
3

It is likely that one of your Me.textN.Text values has an apostrophe in it or some other unexpected character that is breaking your SQL quotes. The solution to this is to use parametized queries and/or stored procedure instead.

This incidentally, will also protect you form the SQL Injection attacks that take advantage of the same shortcoming in composing SQL commands as strings in the client application.

(NOTE: I am assuming the Me.text1.Text as the StickerCode is a number. Otherwise that's the problem as you are not quoting it the way you do with the other columns.)

Improve this answer

Comments

1

First line is missing as ' 

...
"SET StickerCode='" & Me.text1.Text & "'" & _ 
...
Improve this answer

2 Comments

But that's an error in the update command, not the insert command.
@StevenDoggart Or both. If StickerCode is a text field then the quotes are missing on the INSERT statement too.
0

You are missing single quotes around your first value. Try

" VALUES('" & Me.text1.Text & "','" & Me.text2.Text & "','" & _
    Me.text3.Text & "','" & Me.text4.Text & "','" & Me.text5.Text & "','" & _
    Me.text6.Text & "','" & Me.text7.Text & "','" & Me.text8.Text & "','" & _
    Me.text9.Text & "','" & Me.text10.Text & "','" & Me.text11.Text & "','" & _
    Me.text12.Text & "')"
Improve this answer

2 Comments

Doesnt that depend on the datatype?
Yes it does depend on the data type of the column. From the variable name, text1, I assumed the column is a string type.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.