473,804 Members | 3,526 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

insert record in Access database

To insert a record in a Ms Access database and be able to retrieve the newly
created ID (autonumber) I used the code below (code 1).
Now, the problem is that this is not very secure and that, if for example an
insertion contains a ' or a " this code fails. It is much better to work
with @parameters.

So could someone change my code to make it work with @parameters and that I
still can retrieve that autonumber. (note that it is for a MS Access dbase,
where stored procedures do not work, unfortunately !)
I think that by changing just a few things in my code, we should be able to
make it work, but I'm not 'professional' enough yet for this...

So, hope someone can help me.
Thank you !

Here's my code (code 1):

---------------- my insert code -----------------
Sub insert_new_cont ent () 'sender As Object, e As EventArgs)

'define where the connectionstrin g is here:
Dim MyConnectionStr ing as String =
ConfigurationSe ttings.AppSetti ngs("Connection String")
dim commInsert = Server.CreateOb ject("ADODB.Con nection")
dim rsnewID = Server.CreateOb ject("ADODB.rec ordset")
commInsert.Open (MyConnectionSt ring) ' Replace with your OLE DB
connection string.
commInsert.Exec ute("INSERT INTO tbl_contents (contenttypeID,
contentEN, contentFR, contentNL, contentDU, contentdescript ionEN,
contentdescript ionFR, contentdescript ionNL, contentdescript ionDU,
contentavailabl e, contentorder, contentfile1, contentfile2, contentfile3,
contentfile4, contentfile5) VALUES('" &
ctype(contentty peID.selectedit em.value,intege r) & "','" & contentEN.text &
"','" & contentFR.text & "','" & contentNL.text & "','" & contentDU.text &
"','" & contentdescript ionEN.text & "','" & contentdescript ionFR.text &
"','" & contentdescript ionNL.text & "','" & contentdescript ionDU.text & "',"
& contentavailabl e.checked & ",'" & contentorder.te xt & "','" & extfile1 &
"','" & extfile2 & "','" & extfile3 & "','" & extfile4 & "','" & extfile5 &
"');") ' Execute the insert command
rsNewID = commInsert.Exec ute("SELECT @@IDENTITY ") ' Create a
recordset and SELECT the new Identity
dim intNewID = rsNewID(0).valu e ' Store the value of the new
identity in variable intNewID
rsNewID.Close
rsNewID = Nothing
commInsert.Clos e
commInsert = Nothing
End Sub
---------------- end of my insert code -----------------

---------------- my update code -----------------
Sub update_content () 'sender As Object, e As EventArgs)

'define where the connectionstrin g is here:
Dim MyConnectionStr ing as String =
ConfigurationSe ttings.AppSetti ngs("Connection String")
dim commInsert = Server.CreateOb ject("ADODB.Con nection")
commInsert.Open (MyConnectionSt ring) ' Replace with your OLE DB
connection string.
commInsert.Exec ute("UPDATE tbl_contents SET contenttypeID ='" &
ctype(contentty peID.selectedit em.value,intege r) & "', contentEN='" &
contentEN.text & "', contentFR='" & contentFR.text & "', contentNL='" &
contentNL.text & "', contentDU='" & contentDU.text & "',
contentdescript ionEN='" & contentdescript ionEN.text & "',
contentdescript ionFR='" & contentdescript ionFR.text & "',
contentdescript ionNL='" & contentdescript ionNL.text & "',
contentdescript ionDU='" & contentdescript ionDU.text & "', contentavailabl e="
& contentavailabl e.checked & ", contentorder='" & contentorder.te xt & "',
contentfile1='" & extfile1 & "', contentfile2='" & extfile2 & "',
contentfile3='" & extfile3 & "', contentfile4='" & extfile4 & "',
contentfile5='" & extfile5 & "' WHERE contentID = " &
request.queryst ring("contentID ") & ";") ' Execute the update command
commInsert.Clos e
commInsert = Nothing

End Sub
---------------- end of my update code -----------------
Nov 18 '05 #1
1 2370
here is my solution to 'my' problem...and it works:

Sub insert_new_cont ent () 'sender As Object, e As EventArgs)

'define where the connectionstrin g is here:
Dim MyConnectionStr ing as String =
ConfigurationSe ttings.AppSetti ngs("Connection String")
Dim dbConn As OleDbConnection

'Create a new connection object pointing to the database
dbConn = New OleDbConnection (MyConnectionSt ring)

If Page.IsValid Then

Dim dbComm As New OleDbCommand()
dbComm.CommandT ype = CommandType.Tex t
dbComm.CommandT ext = "INSERT INTO tbl_contents(co ntenttypeID,
contentEN, contentFR, contentNL, contentDU, contentdescript ionEN,
contentdescript ionFR, contentdescript ionNL, contentdescript ionDU,
contentavailabl e, contentorder) VALUES (?,?,?,?,?,?,?, ?,?,?,?)"
dbComm.Connecti on = dbConn
dbComm.Paramete rs.Add("@conten ttypeID",SqlDbT ype.int)
dbComm.Paramete rs.Add("@conten tEN",SqlDbType. NVarChar,50)
dbComm.Paramete rs.Add("@conten tFR",SqlDbType. NVarChar,50)
dbComm.Paramete rs.Add("@conten tNL",SqlDbType. NVarChar,50)
dbComm.Paramete rs.Add("@conten tDU",SqlDbType. NVarChar,50)
dbComm.Paramete rs.Add("@conten tdescriptionEN" ,SqlDbType.Ntex t)
dbComm.Paramete rs.Add("@conten tdescriptionFR" ,SqlDbType.Ntex t)
dbComm.Paramete rs.Add("@conten tdescriptionNL" ,SqlDbType.Ntex t)
dbComm.Paramete rs.Add("@conten tdescriptionDU" ,SqlDbType.Ntex t)
dbComm.Paramete rs.Add("@conten tavailable",Sql DbType.bit)
dbComm.Paramete rs.Add("@conten torder",SqlDbTy pe.NVarChar,50)
dbComm.Paramete rs("@contenttyp eID").Value =
ctype(contentty peID.selectedit em.value,intege r)
dbComm.Paramete rs("@contentEN" ).Value = contentEN.text
dbComm.Paramete rs("@contentFR" ).Value = contentFR.text
dbComm.Paramete rs("@contentNL" ).Value = contentNL.text
dbComm.Paramete rs("@contentDU" ).Value = contentDU.text
dbComm.Paramete rs("@contentdes criptionEN").Va lue =
contentdescript ionEN.text
dbComm.Paramete rs("@contentdes criptionFR").Va lue =
contentdescript ionFR.text
dbComm.Paramete rs("@contentdes criptionNL").Va lue =
contentdescript ionNL.text
dbComm.Paramete rs("@contentdes criptionDU").Va lue =
contentdescript ionDU.text
dbComm.Paramete rs("@contentava ilable").Value =
contentavailabl e.checked
dbComm.Paramete rs("@contentord er").Value = contentorder.te xt
Dim dbCommID As New OleDbCommand()
dbCommID.Comman dType = CommandType.Tex t
dbCommID.Comman dText = "SELECT @@IDENTITY AS 'Identity'"
dbCommID.Connec tion = dbConn

Dim intNewID as Integer

Try
dbConn.Open()
dbComm.ExecuteS calar()
intNewID = dbCommID.Execut eScalar()

tblform.visible = false
processing.visi ble = true
lblrecord.text = "OK"
lbldone.text = "Done !"

Catch ex As Exception
tblform.visible = false
processing.visi ble = true
lblrecord.text = "AN ERROR OCCURRED !!!!"
lbldone.text = ex.Message

Finally
If dbConn.State = ConnectionState .Open Then
dbConn.Close()
End If
End Try

End If
End Sub

"nicholas" <mu********@hot mail.com> wrote in message
news:Og******** ******@TK2MSFTN GP09.phx.gbl...
To insert a record in a Ms Access database and be able to retrieve the newly created ID (autonumber) I used the code below (code 1).
Now, the problem is that this is not very secure and that, if for example an insertion contains a ' or a " this code fails. It is much better to work
with @parameters.

So could someone change my code to make it work with @parameters and that I still can retrieve that autonumber. (note that it is for a MS Access dbase, where stored procedures do not work, unfortunately !)
I think that by changing just a few things in my code, we should be able to make it work, but I'm not 'professional' enough yet for this...

So, hope someone can help me.
Thank you !

Here's my code (code 1):

---------------- my insert code -----------------
Sub insert_new_cont ent () 'sender As Object, e As EventArgs)

'define where the connectionstrin g is here:
Dim MyConnectionStr ing as String =
ConfigurationSe ttings.AppSetti ngs("Connection String")
dim commInsert = Server.CreateOb ject("ADODB.Con nection")
dim rsnewID = Server.CreateOb ject("ADODB.rec ordset")
commInsert.Open (MyConnectionSt ring) ' Replace with your OLE DB
connection string.
commInsert.Exec ute("INSERT INTO tbl_contents (contenttypeID,
contentEN, contentFR, contentNL, contentDU, contentdescript ionEN,
contentdescript ionFR, contentdescript ionNL, contentdescript ionDU,
contentavailabl e, contentorder, contentfile1, contentfile2, contentfile3,
contentfile4, contentfile5) VALUES('" &
ctype(contentty peID.selectedit em.value,intege r) & "','" & contentEN.text &
"','" & contentFR.text & "','" & contentNL.text & "','" & contentDU.text &
"','" & contentdescript ionEN.text & "','" & contentdescript ionFR.text &
"','" & contentdescript ionNL.text & "','" & contentdescript ionDU.text & "'," & contentavailabl e.checked & ",'" & contentorder.te xt & "','" & extfile1 & "','" & extfile2 & "','" & extfile3 & "','" & extfile4 & "','" & extfile5 & "');") ' Execute the insert command
rsNewID = commInsert.Exec ute("SELECT @@IDENTITY ") ' Create a
recordset and SELECT the new Identity
dim intNewID = rsNewID(0).valu e ' Store the value of the new
identity in variable intNewID
rsNewID.Close
rsNewID = Nothing
commInsert.Clos e
commInsert = Nothing
End Sub
---------------- end of my insert code -----------------

---------------- my update code -----------------
Sub update_content () 'sender As Object, e As EventArgs)

'define where the connectionstrin g is here:
Dim MyConnectionStr ing as String =
ConfigurationSe ttings.AppSetti ngs("Connection String")
dim commInsert = Server.CreateOb ject("ADODB.Con nection")
commInsert.Open (MyConnectionSt ring) ' Replace with your OLE DB
connection string.
commInsert.Exec ute("UPDATE tbl_contents SET contenttypeID ='" &
ctype(contentty peID.selectedit em.value,intege r) & "', contentEN='" &
contentEN.text & "', contentFR='" & contentFR.text & "', contentNL='" &
contentNL.text & "', contentDU='" & contentDU.text & "',
contentdescript ionEN='" & contentdescript ionEN.text & "',
contentdescript ionFR='" & contentdescript ionFR.text & "',
contentdescript ionNL='" & contentdescript ionNL.text & "',
contentdescript ionDU='" & contentdescript ionDU.text & "', contentavailabl e=" & contentavailabl e.checked & ", contentorder='" & contentorder.te xt & "',
contentfile1='" & extfile1 & "', contentfile2='" & extfile2 & "',
contentfile3='" & extfile3 & "', contentfile4='" & extfile4 & "',
contentfile5='" & extfile5 & "' WHERE contentID = " &
request.queryst ring("contentID ") & ";") ' Execute the update command
commInsert.Clos e
commInsert = Nothing

End Sub
---------------- end of my update code -----------------

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1756
HELP: Access record ID's corrupted by WWW insert and updates, memo field may be culprit
by: htmlgeek | last post by:
I'm adding and updating records in an Access .mdb via WWW .asp page. Authored in Dreamweaver 2004 MX. Help is welcome on this one. I have a great set of pages that work fine, but it seems that insert or update pages don't always work now on some records . . . It seems that when lots of text is shoved into a memo fields the database ID for that record gets messed up. Intial record insertion goes OK, but updating is then hosed.
Microsoft Access / VBA
8
6301
INSERT Query on two dependent joined tables ??
by: Carl | last post by:
Hi, I hope someone can share some of their professional advice and help me out with my embarissing problem concerning an Access INSERT query. I have never attempted to create a table with one-to-one relationship but on this occasion I must keep username/password details within a seperate table. Here's the basic specs and database schema: -------------------------------------------
Microsoft Access / VBA
1
2930
Insert into Access with C#
by: Abareblue | last post by:
I have no clue on how to insert a record into access. here is the whole thing using System; using System.Drawing; using System.Collections; using System.ComponentModel;
C# / C Sharp
4
11838
insert a data record into a data table of a access database(mdb)
by: authorking | last post by:
I use the following code to insert a data record in to a datatable of an access database.But every time I execute the command, there will rise an exception and the insert operation can't be completed. here's the code: System.Data.OleDb.OleDbConnection hist_cnn = new System.Data.OleDb.OleDbConnection(); System.Data.OleDb.OleDbCommand hist_command = new System.Data.OleDb.OleDbCommand();
C# / C Sharp
3
3453
Insert, Update and Delete. Can somebody please help me?
by: Shapper | last post by:
Hello, I have created 3 functions to insert, update and delete an Access database record. The Insert and the Delete code are working fine. The update is not. I checked and my database has all the necessary records in it when testing it. I get the error "No value given for one or more required parameters." when I try to update the database. Can you tell me what am I doing wrong?
ASP.NET
4
1483
Insert
by: unwantedspam | last post by:
Hi All, Thank you in advance. I am trying to insert into two tables but I am getting the following error: "You cannot add or change a record because a related record is required in table..." I am not sure why this is happening since I am using transactions. Below is the code I am using. Dim con as OleDbConnection Dim cmd as OleDbCommand Dim tran as OleDbTranscation
Visual Basic .NET
6
3478
Irritating INSERT INTO Error
by: rn5a | last post by:
During registration, users are supposed to enter the following details: First Name, Last Name, EMail, UserName, Password, Confirm Password, Address, City, State, Country, Zip & Phone Number. I am using MS-Access 2000 database table for this app. Note that the datatype of all the fields mentioned above are Text. Apart from the above columns, there's another column in the DB table named 'RegDateTime' whose datatype is Date/Time which is...
ASP.NET
5
4597
"Insert Into" statement not working
by: djsdaddy | last post by:
Good Day All, I have some EEO data in an old dBase4 database that I have converted to an Access table. Since dBase was not a relational database, I didn't create any key fields. I linked all of the tables together on Employees' SSN; therefore, in order to use this data with the current Access database, I need to create a relationship between the old dBase4 EEO data and the Access employee data. The Access employee data was also an old dBase...
Microsoft Access / VBA
10
12721
Is it possible to determine the record ID when using INSERT INTO?
by: MLH | last post by:
Suppose, in a multi-user environment, you have append query SQL in a VBA procedure that looks like INSERT INTO MyTable... and the next line reads MyVar=DMax("","MyTable... You can never be certain that MyVar will be set to the key-field value that was created when the Append query ran. Now, there are other ways to do it - I know - that will ensure you 'nab' the correct record. But I was wondering
Microsoft Access / VBA
1
3185
Can't insert record into Access Database
by: Zuggy | last post by:
I'm trying to create a registration/login script using Access 2003. I'm using ADOdb to connect through ODBC. <?php // Connects to your Database include('adodb/adodb.inc.php'); # load code common to ADOdb $db = &ADONewConnection('access'); # create a connection $db->PConnect('evdb'); # connect to MS-Access, evdb DSN $db->debug = true; //This code runs if the form has been submitted
PHP
0
9588
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10340
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
10085
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9161
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7625
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6857
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5663
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4302
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3828
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us