Code:
If TxtName2.Text = "" Then
MsgBox("please give a Folder Name")
Exit Sub
Else
qry1 = "insert into soft (Folderneym"
qry2 = ") values ( " & TxtName2.Text & "'"
End If
-
--> what could be the problem with this code? I erased a double quote, and spaces but it all appears to have DATABASE ERROR, either its a (missing operator) in query expression or an error in string in query..please help asap.. thank you very much. Godbless -
Please use code tags when posting code.
If it's a text field, then you will need to surround the value in quotes. You're also missing your closing parenthesis. -
Just for reference, you want to use Parametrized queries, otherwise you're opening yourself up to Sql Injection attacks.
Given that here's an example of using SqlParameterCol lection.AddWith Value
Code:Public Function LoginToSystemParameterized(un As String, pwd As String) As Boolean Dim count As Integer = 0 Using conn = New SqlConnection("YourConnectionStringHere") Dim sql As String = "SELECT COUNT(userId) FROM users WHERE userName = @username AND password = @password" Using cmd = New SqlCommand(sql, conn) conn.Open() cmd.CommandType = System.Data.CommandType.Text 'now add our parameters cmd.Parameters.AddWithValue("@username", un) cmd.Parameters.AddWithValue("@password", pwd) count = Convert.ToInteger(cmd.ExecuteScalar()) End Using End Using Return If(count > 0, True, False) End FunctionLast edited by PsychoCoder; Jun 30 '12, 04:57 PM.Comment
Comment