0

I am doing project in VB.NET and backend is mysql

Can you please tell me where the error is occured

Public Sub ins()
    con.Open()
    Dim cmd1 As New OdbcCommand("insert into party values('" + pcode_txt.Text + "','" + Trim(UCase(name_txt.Text)) + "','" + Trim(UCase(addr_txt.Text)) + "','" + phone_txt.Text + "','" + combo_route.SelectedItem + "','" + combo_area.SelectedItem + "'", con)
    cmd1.ExecuteNonQuery()
    con.Close()
End Sub

The error i get is:

ERROR [42000] [MySQL][ODBC 3.51 Driver][mysqld-5.6.24]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Improve this question
3
  • what exactly is the error you get? Commented Jun 23, 2015 at 15:28
  • The error i got is given above Commented Jun 23, 2015 at 15:30
  • For one, insert into should be uppercase and values too. Also depending on what version of mysql you are using, calling a query like that is depreciated. This I don't know but OdbcCommand does not look like Mysql. Commented Jun 23, 2015 at 15:30

1 Answer 1

Reset to default
1

you miss the closing parenthesis for the values list:

Dim cmd1 As New OdbcCommand("insert into party values('" + pcode_txt.Text + "','" + Trim(UCase(name_txt.Text)) + "','" + Trim(UCase(addr_txt.Text)) + "','" + phone_txt.Text + "','" + combo_route.SelectedItem + "','" + combo_area.SelectedItem + "')", con)

My answer is perfectly fit to your question but as suggested in the comments have clear that string concatenation is not a dependable way to build queries.

A more secure solution is based on parameters. If possible avoid the creation of sql code in the application and rely upon server statements (stored procedures and/or views).

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

While this works, it is open to sql injection. This is a poor example with that in mind.
@OneFineDay 100% agree. the right implementation is a command with parameters or a stored procedure
Correct but my project manager asked me not to use parameters

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.