0

Recently i was coding an Point of sale system , in my system when the people that work at the store try to enter a new product in the database they should select if the product is a piece if it's a drink should be an L (liter), if it is vegetables like pears , apples (KG) kilograms . I created an string names tip(type) but i get an error , not every time i insert a product the type appears.

Here is my code:

konekcija = New MySqlConnection
    konekcija.ConnectionString =
        "server=localhost;userid=root;password=1234;database=baza;port=3307"
    Dim READER As MySqlDataReader
    Dim kupovnacena As Double
    Dim prodaznacena As Double
    Dim kolicina As Double
    Dim profit As Double
    Dim ddv As Double
    Dim mkpr As String
    Dim edmerka As String
 If ComboBox3.SelectedIndex = 1 Then


            edmerka = "парче"


        End If
        If ComboBox3.SelectedIndex = 2 Then


            edmerka = "кг"


        End If
        If ComboBox3.SelectedIndex = 3 Then


            edmerka = "мг"


        End If
        If ComboBox3.SelectedIndex = 4 Then


            edmerka = "Л"


        End If

 COMMAND.Connection = konekcija

        COMMAND.CommandText = "INSERT INTO baza.artikli VALUES(@kod,@naziv,@nabavna,@prodazna,@ddv,@kolicina,@opis,@opis2,@mkproizvod,@profit,@proizvoditel,@edmerka)"
        COMMAND.Prepare()



        COMMAND.Parameters.AddWithValue("@kod", TextBoxBarkod.Text)
        COMMAND.Parameters.AddWithValue("@naziv", TextBoxNaziv.Text)
        COMMAND.Parameters.AddWithValue("@nabavna", TextBoxKupovna.Text)
        COMMAND.Parameters.AddWithValue("@prodazna", TextBoxProdazna.Text)
        COMMAND.Parameters.AddWithValue("@ddv", ddv)
        COMMAND.Parameters.AddWithValue("@kolicina", TextBoxKolicina)
        COMMAND.Parameters.AddWithValue("@opis", TextBoxOpis.Text)
        COMMAND.Parameters.AddWithValue("@opis2", TextBoxOpis2.Text)
        COMMAND.Parameters.AddWithValue("@mkproizvod", mkpr)
        COMMAND.Parameters.AddWithValue("@profit", profit)
        COMMAND.Parameters.AddWithValue("@proizvoditel", TextBoxProizvoditel.Text)
        COMMAND.Parameters.AddWithValue("@edmerka", edmerka)


        COMMAND.ExecuteNonQuery()
Improve this question
12
  • Use parameters and use COMMAND.ExecuteNonQuery(). You're doing an insert so you don't need READER. Commented Feb 16, 2017 at 17:08
  • You’re vulnerable to SQL injection. Use parameterized queries. Commented Feb 16, 2017 at 17:09
  • I am not asking for help with my data insertion , it works fine , the software is used in a local computer NOT connected to the internet also the data is not secret. Commented Feb 16, 2017 at 17:11
  • 1
    Your question is far too vague..... More specifics are required. YOu should also use types or classes to fill the ComboBox and look at ComboBox3.SelectedItem instead of doing a string of hard coding a list of If's like that. Commented Feb 16, 2017 at 17:15
  • And don't underestimate the effects of the security issue... Disgruntled employees can cause havoc. Commented Feb 16, 2017 at 17:17

2 Answers 2

Reset to default
1

Do not hard code things like that... And use the SelectedItem property of Combo Boxes.

Create a structure to hold your ComboBox option items.

 Private Structure ListItem
        Public Value As String
        Public Name As String
        Public Sub New(New_Name As String, New_Value As String)
            Value = New_Value
            Name = New_Name
        End Sub
        Public Overrides Function ToString() As String
            Return Name
        End Function
    End Structure

Then where you initialize the combobox use the following.

    ComboBox3.Items.Add(New ListItem("Whatever", "парче"))
    ComboBox3.Items.Add(New ListItem("This", "кг"))
    ComboBox3.Items.Add(New ListItem("Means", "мг"))
    etc.

Then in your subroutine simply use...

Dim edmerka As String = DirectCast(ComboBox3.SelectedItem, ListItem).Value

If item 0 is something like "Please Select" then you will need to add a first item with a value you can test for. Then test it after the above line.

ComboBox3.Items.Add(New ListItem("Whatever", "")) 'Added before the others

If emberka ="" then
    'warn user and exit sub
end if

ALSO

As others have mentioned, use Paramaters in your query so you are not susceptible to sql insertion. It may be a closed office situation, but DO NOT underestimate the effects of the security issue... Disgruntled employees can cause havoc.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

You should use DirectCast or TryCast rather than CType. The latter should only be used when you want to convert from another type and you have defined conversion operators.
Thanks for the tip @VisualVincent. I use CType because if I just try to assign it without any conversion the IDE prompts me to use the cType method. I figured.. well if you say so... LOL. In this case I think CType is sufficient since I know what the source is. But good point none the less.
In this case I think CType is sufficient since I know what the source is - Though it's when you know what the source is that you should be using Try-/DirectCast. ;)
In many cases CType compiles to a simple cast. CType(Image.FromStream(ms), Bitmap) compiles to (Bitmap)Image.FromStream(ms) which is exactly what DirectCast compiles to. The compiler isnt stupid which is why the VB Error Fix thing offers CType.
Thanks @Plutonix I have leaned more on here from answering questions than asking them... LOL
|
0

Maybe you have to test if the selected index is equal to 0 :
If ComboBox3.SelectedIndex = 0 Then edmerka = "something" End If

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.