473,486 Members | 2,270 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

insert record in Access database

To insert a record in a Ms Access database and be able to retrieve the newly
created ID (autonumber) I used the code below (code 1).
Now, the problem is that this is not very secure and that, if for example an
insertion contains a ' or a " this code fails. It is much better to work
with @parameters.

So could someone change my code to make it work with @parameters and that I
still can retrieve that autonumber. (note that it is for a MS Access dbase,
where stored procedures do not work, unfortunately !)
I think that by changing just a few things in my code, we should be able to
make it work, but I'm not 'professional' enough yet for this...

So, hope someone can help me.
Thank you !

Here's my code (code 1):

---------------- my insert code -----------------
Sub insert_new_content () 'sender As Object, e As EventArgs)

'define where the connectionstring is here:
Dim MyConnectionString as String =
ConfigurationSettings.AppSettings("ConnectionStrin g")
dim commInsert = Server.CreateObject("ADODB.Connection")
dim rsnewID = Server.CreateObject("ADODB.recordset")
commInsert.Open(MyConnectionString) ' Replace with your OLE DB
connection string.
commInsert.Execute("INSERT INTO tbl_contents (contenttypeID,
contentEN, contentFR, contentNL, contentDU, contentdescriptionEN,
contentdescriptionFR, contentdescriptionNL, contentdescriptionDU,
contentavailable, contentorder, contentfile1, contentfile2, contentfile3,
contentfile4, contentfile5) VALUES('" &
ctype(contenttypeID.selecteditem.value,integer) & "','" & contentEN.text &
"','" & contentFR.text & "','" & contentNL.text & "','" & contentDU.text &
"','" & contentdescriptionEN.text & "','" & contentdescriptionFR.text &
"','" & contentdescriptionNL.text & "','" & contentdescriptionDU.text & "',"
& contentavailable.checked & ",'" & contentorder.text & "','" & extfile1 &
"','" & extfile2 & "','" & extfile3 & "','" & extfile4 & "','" & extfile5 &
"');") ' Execute the insert command
rsNewID = commInsert.Execute("SELECT @@IDENTITY ") ' Create a
recordset and SELECT the new Identity
dim intNewID = rsNewID(0).value ' Store the value of the new
identity in variable intNewID
rsNewID.Close
rsNewID = Nothing
commInsert.Close
commInsert = Nothing
End Sub
---------------- end of my insert code -----------------

---------------- my update code -----------------
Sub update_content () 'sender As Object, e As EventArgs)

'define where the connectionstring is here:
Dim MyConnectionString as String =
ConfigurationSettings.AppSettings("ConnectionStrin g")
dim commInsert = Server.CreateObject("ADODB.Connection")
commInsert.Open(MyConnectionString) ' Replace with your OLE DB
connection string.
commInsert.Execute("UPDATE tbl_contents SET contenttypeID ='" &
ctype(contenttypeID.selecteditem.value,integer) & "', contentEN='" &
contentEN.text & "', contentFR='" & contentFR.text & "', contentNL='" &
contentNL.text & "', contentDU='" & contentDU.text & "',
contentdescriptionEN='" & contentdescriptionEN.text & "',
contentdescriptionFR='" & contentdescriptionFR.text & "',
contentdescriptionNL='" & contentdescriptionNL.text & "',
contentdescriptionDU='" & contentdescriptionDU.text & "', contentavailable="
& contentavailable.checked & ", contentorder='" & contentorder.text & "',
contentfile1='" & extfile1 & "', contentfile2='" & extfile2 & "',
contentfile3='" & extfile3 & "', contentfile4='" & extfile4 & "',
contentfile5='" & extfile5 & "' WHERE contentID = " &
request.querystring("contentID") & ";") ' Execute the update command
commInsert.Close
commInsert = Nothing

End Sub
---------------- end of my update code -----------------
Nov 18 '05 #1
1 2354
here is my solution to 'my' problem...and it works:

Sub insert_new_content () 'sender As Object, e As EventArgs)

'define where the connectionstring is here:
Dim MyConnectionString as String =
ConfigurationSettings.AppSettings("ConnectionStrin g")
Dim dbConn As OleDbConnection

'Create a new connection object pointing to the database
dbConn = New OleDbConnection(MyConnectionString)

If Page.IsValid Then

Dim dbComm As New OleDbCommand()
dbComm.CommandType = CommandType.Text
dbComm.CommandText = "INSERT INTO tbl_contents(contenttypeID,
contentEN, contentFR, contentNL, contentDU, contentdescriptionEN,
contentdescriptionFR, contentdescriptionNL, contentdescriptionDU,
contentavailable, contentorder) VALUES (?,?,?,?,?,?,?,?,?,?,?)"
dbComm.Connection = dbConn
dbComm.Parameters.Add("@contenttypeID",SqlDbType.i nt)
dbComm.Parameters.Add("@contentEN",SqlDbType.NVarC har,50)
dbComm.Parameters.Add("@contentFR",SqlDbType.NVarC har,50)
dbComm.Parameters.Add("@contentNL",SqlDbType.NVarC har,50)
dbComm.Parameters.Add("@contentDU",SqlDbType.NVarC har,50)
dbComm.Parameters.Add("@contentdescriptionEN",SqlD bType.Ntext)
dbComm.Parameters.Add("@contentdescriptionFR",SqlD bType.Ntext)
dbComm.Parameters.Add("@contentdescriptionNL",SqlD bType.Ntext)
dbComm.Parameters.Add("@contentdescriptionDU",SqlD bType.Ntext)
dbComm.Parameters.Add("@contentavailable",SqlDbTyp e.bit)
dbComm.Parameters.Add("@contentorder",SqlDbType.NV arChar,50)
dbComm.Parameters("@contenttypeID").Value =
ctype(contenttypeID.selecteditem.value,integer)
dbComm.Parameters("@contentEN").Value = contentEN.text
dbComm.Parameters("@contentFR").Value = contentFR.text
dbComm.Parameters("@contentNL").Value = contentNL.text
dbComm.Parameters("@contentDU").Value = contentDU.text
dbComm.Parameters("@contentdescriptionEN").Value =
contentdescriptionEN.text
dbComm.Parameters("@contentdescriptionFR").Value =
contentdescriptionFR.text
dbComm.Parameters("@contentdescriptionNL").Value =
contentdescriptionNL.text
dbComm.Parameters("@contentdescriptionDU").Value =
contentdescriptionDU.text
dbComm.Parameters("@contentavailable").Value =
contentavailable.checked
dbComm.Parameters("@contentorder").Value = contentorder.text
Dim dbCommID As New OleDbCommand()
dbCommID.CommandType = CommandType.Text
dbCommID.CommandText = "SELECT @@IDENTITY AS 'Identity'"
dbCommID.Connection = dbConn

Dim intNewID as Integer

Try
dbConn.Open()
dbComm.ExecuteScalar()
intNewID = dbCommID.ExecuteScalar()

tblform.visible = false
processing.visible = true
lblrecord.text = "OK"
lbldone.text = "Done !"

Catch ex As Exception
tblform.visible = false
processing.visible = true
lblrecord.text = "AN ERROR OCCURRED !!!!"
lbldone.text = ex.Message

Finally
If dbConn.State = ConnectionState.Open Then
dbConn.Close()
End If
End Try

End If
End Sub

"nicholas" <mu********@hotmail.com> wrote in message
news:Og**************@TK2MSFTNGP09.phx.gbl...
To insert a record in a Ms Access database and be able to retrieve the newly created ID (autonumber) I used the code below (code 1).
Now, the problem is that this is not very secure and that, if for example an insertion contains a ' or a " this code fails. It is much better to work
with @parameters.

So could someone change my code to make it work with @parameters and that I still can retrieve that autonumber. (note that it is for a MS Access dbase, where stored procedures do not work, unfortunately !)
I think that by changing just a few things in my code, we should be able to make it work, but I'm not 'professional' enough yet for this...

So, hope someone can help me.
Thank you !

Here's my code (code 1):

---------------- my insert code -----------------
Sub insert_new_content () 'sender As Object, e As EventArgs)

'define where the connectionstring is here:
Dim MyConnectionString as String =
ConfigurationSettings.AppSettings("ConnectionStrin g")
dim commInsert = Server.CreateObject("ADODB.Connection")
dim rsnewID = Server.CreateObject("ADODB.recordset")
commInsert.Open(MyConnectionString) ' Replace with your OLE DB
connection string.
commInsert.Execute("INSERT INTO tbl_contents (contenttypeID,
contentEN, contentFR, contentNL, contentDU, contentdescriptionEN,
contentdescriptionFR, contentdescriptionNL, contentdescriptionDU,
contentavailable, contentorder, contentfile1, contentfile2, contentfile3,
contentfile4, contentfile5) VALUES('" &
ctype(contenttypeID.selecteditem.value,integer) & "','" & contentEN.text &
"','" & contentFR.text & "','" & contentNL.text & "','" & contentDU.text &
"','" & contentdescriptionEN.text & "','" & contentdescriptionFR.text &
"','" & contentdescriptionNL.text & "','" & contentdescriptionDU.text & "'," & contentavailable.checked & ",'" & contentorder.text & "','" & extfile1 & "','" & extfile2 & "','" & extfile3 & "','" & extfile4 & "','" & extfile5 & "');") ' Execute the insert command
rsNewID = commInsert.Execute("SELECT @@IDENTITY ") ' Create a
recordset and SELECT the new Identity
dim intNewID = rsNewID(0).value ' Store the value of the new
identity in variable intNewID
rsNewID.Close
rsNewID = Nothing
commInsert.Close
commInsert = Nothing
End Sub
---------------- end of my insert code -----------------

---------------- my update code -----------------
Sub update_content () 'sender As Object, e As EventArgs)

'define where the connectionstring is here:
Dim MyConnectionString as String =
ConfigurationSettings.AppSettings("ConnectionStrin g")
dim commInsert = Server.CreateObject("ADODB.Connection")
commInsert.Open(MyConnectionString) ' Replace with your OLE DB
connection string.
commInsert.Execute("UPDATE tbl_contents SET contenttypeID ='" &
ctype(contenttypeID.selecteditem.value,integer) & "', contentEN='" &
contentEN.text & "', contentFR='" & contentFR.text & "', contentNL='" &
contentNL.text & "', contentDU='" & contentDU.text & "',
contentdescriptionEN='" & contentdescriptionEN.text & "',
contentdescriptionFR='" & contentdescriptionFR.text & "',
contentdescriptionNL='" & contentdescriptionNL.text & "',
contentdescriptionDU='" & contentdescriptionDU.text & "', contentavailable=" & contentavailable.checked & ", contentorder='" & contentorder.text & "',
contentfile1='" & extfile1 & "', contentfile2='" & extfile2 & "',
contentfile3='" & extfile3 & "', contentfile4='" & extfile4 & "',
contentfile5='" & extfile5 & "' WHERE contentID = " &
request.querystring("contentID") & ";") ' Execute the update command
commInsert.Close
commInsert = Nothing

End Sub
---------------- end of my update code -----------------

Nov 18 '05 #2
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1738
HELP: Access record ID's corrupted by WWW insert and updates, memo field may be culprit
by: htmlgeek | last post by:
I'm adding and updating records in an Access .mdb via WWW .asp page. Authored in Dreamweaver 2004 MX. Help is welcome on this one. I have a great set of pages that work fine, but it seems that...
Microsoft Access / VBA
8
6273
INSERT Query on two dependent joined tables ??
by: Carl | last post by:
Hi, I hope someone can share some of their professional advice and help me out with my embarissing problem concerning an Access INSERT query. I have never attempted to create a table with...
Microsoft Access / VBA
1
2908
Insert into Access with C#
by: Abareblue | last post by:
I have no clue on how to insert a record into access. here is the whole thing using System; using System.Drawing; using System.Collections; using System.ComponentModel;
C# / C Sharp
4
11810
insert a data record into a data table of a access database(mdb)
by: authorking | last post by:
I use the following code to insert a data record in to a datatable of an access database.But every time I execute the command, there will rise an exception and the insert operation can't be...
C# / C Sharp
3
3422
Insert, Update and Delete. Can somebody please help me?
by: Shapper | last post by:
Hello, I have created 3 functions to insert, update and delete an Access database record. The Insert and the Delete code are working fine. The update is not. I checked and my database has all...
ASP.NET
4
1462
Insert
by: unwantedspam | last post by:
Hi All, Thank you in advance. I am trying to insert into two tables but I am getting the following error: "You cannot add or change a record because a related record is required in table..." I am...
Visual Basic .NET
6
3436
Irritating INSERT INTO Error
by: rn5a | last post by:
During registration, users are supposed to enter the following details: First Name, Last Name, EMail, UserName, Password, Confirm Password, Address, City, State, Country, Zip & Phone Number. I am...
ASP.NET
5
4573
"Insert Into" statement not working
by: djsdaddy | last post by:
Good Day All, I have some EEO data in an old dBase4 database that I have converted to an Access table. Since dBase was not a relational database, I didn't create any key fields. I linked all of the...
Microsoft Access / VBA
10
12649
Is it possible to determine the record ID when using INSERT INTO?
by: MLH | last post by:
Suppose, in a multi-user environment, you have append query SQL in a VBA procedure that looks like INSERT INTO MyTable... and the next line reads MyVar=DMax("","MyTable... You can never be...
Microsoft Access / VBA
1
3171
Can't insert record into Access Database
by: Zuggy | last post by:
I'm trying to create a registration/login script using Access 2003. I'm using ADOdb to connect through ODBC. <?php // Connects to your Database include('adodb/adodb.inc.php'); # load code...
PHP
0
6964
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7123
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7175
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6842
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
1
4864
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
3069
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3070
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1378
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
262
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us