See this question about adding information to the database

advertisements

I am using VB 2010 and have successfully connected it to SQL Management Studio 2008. I am able to make a connection to the database which i have called "TestDatabase" and can successfully add data to a database table. So now the problem lies in that I can only change the data I want to input into the database through code. I want to use the textbox I have created for this purpose. Here's my CommendText:

sqCmd.CommandText = "INSERT INTO TestTable" & "(FirstColumn, SecondColumn)" & "VALUES (textbox1,textbox1)"

The part in the string that I specified as (textbox1,textbox1) is for the values I want to put in but it seems that the word 'textbox1' is going in instead of the textbox's value.

I think there is some special syntax for this. Please be kind enough to inform me.


That's because you are using it as a string. You can try adding the textbox value inline:

sqCmd.CommandText = "INSERT INTO TestTable" & "(FirstColumn, SecondColumn)" & "VALUES (" & textbox1 & "," & textbox1 & ")"

or even better take a look at sql parameters which is a better way of dealing with parameterized queries since besides query simplicity, it prevents sql injections

With sql parameters your statement could be:

sqCmd.CommandText = "INSERT INTO TestTable" & "(FirstColumn, SecondColumn)" & "VALUES (@textboxValue,@textboxValue)"
sqCmd.Parameters.Add(new SqlParameter("@textboxValue", textbox1))

Update:

The error you get is because you parse the textbox as an object straight to the database and not it's actual value. In my above example i just assumed textbox1 was a string variable declared before. To fix this you could alter your commands as such:

Dim myTextBoxValue As String
myTextBoxValue = textbox1.Text
sqCmd.CommandText = "INSERT INTO TestTable" & "(FirstColumn, SecondColumn)" & "VALUES (@textboxValue,@textboxValue)"
sqCmd.Parameters.Add(new SqlParameter("@textboxValue", myTextBoxValue ))