468,527 Members | 2,108 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,527 developers. It's quick & easy.

Still Need Help with pulling Record ID for new record and assigning it to a var

Thanks for writing back and don't laugh at what I am
about to post I am new to this type of stuff....this is
what I have tried and it isn't working(please note in the
try section I was just trying to see if it was grabbing
my variable or not any suggestions or hints would be
greatly appreciated:

********
Private Sub AddArticle()

Dim sql As String
Dim cmd As SqlCommand
Dim sb As StringBuilder
Dim Values As ArrayList

Dim fNewsDate As String
Dim fNewsSubBy As String
Dim fNewsHdr As String
Dim fNewsDesc As String
Dim NewID
fNewsDate = "'" & txtNewsDate.Text & "',"
fNewsSubBy = "'" & txtNewsSubBy.Text & "',"
fNewsHdr = "'" & txtNewsHdr.Text & "',"
fNewsDesc = "'" & txtNewsDesc.Text & "'"

sql = "SET NOCOUNT ON; Insert INTO [News]
(NewsDate,NewsSubBy,NewsHdr,NewsDesc) Values " & "(" &
fNewsDate & fNewsSubBy & fNewsHdr & fNewsDesc & ");SELECT
@@IDENTITY AS myID FROM News;"

cmd = New SqlCommand(sql, conSCGC)
conSCGC.Open()

Try
cmd.ExecuteScalar()

NewID = cmd.ExecuteScalar("myID")
Response.Write(NewID)
Catch
Response.Write(sql)
Finally
conSCGC.Close()
End Try

End Sub
******
-----Original Message-----
Have you added an output parameter and assigned @@IDENTITY to it? I thinkthat should do it. Alternatively, you could use ExecuteScalar and get theonly SELECTed row, @@IDENTITY.
-mike
MVP

<an*******@discussions.microsoft.com> wrote in message
news:04****************************@phx.gbl...
Thanks but I still have a question..I already had the sql part that wasn't the issue but when I click on the button to submit the link how do I assign the newly added record id to a variable so I can then display a confirm page
with a link to the users newly added record page? I
right now am using the executeNonQuery but it just adds
the record and doesn't return any value.

Thanks
>-----Original Message-----
>In the command that inserts, after the insert, you can

do SELECT @@IDENTITY
>and that will give you the ID of the last row inserted. >
>-mike
>MVP
>
>"Tony Stoker" <an*******@discussions.microsoft.com>

wrote in message
>news:0e****************************@phx.gbl...
>> I have a .Net web app that adds a record to a SQL
>> database. After the user adds their record I want to >> have a link that will link them to their new record!

The
>> recordID is a AutoNumber in the SQL server...
>>
>> How do I return the recordID after I have added the
>> record?
>
>
>.
>

.

..

Jul 21 '05 #1
1 1251
"Tony" <an*******@discussions.microsoft.com> wrote in
news:04****************************@phx.gbl:
Thanks for writing back and don't laugh at what I am
about to post I am new to this type of stuff....this is
what I have tried and it isn't working(please note in the
try section I was just trying to see if it was grabbing
my variable or not any suggestions or hints would be
greatly appreciated:

********
Private Sub AddArticle()

Dim sql As String
Dim cmd As SqlCommand
Dim sb As StringBuilder
Dim Values As ArrayList

Dim fNewsDate As String
Dim fNewsSubBy As String
Dim fNewsHdr As String
Dim fNewsDesc As String
Dim NewID
fNewsDate = "'" & txtNewsDate.Text & "',"
fNewsSubBy = "'" & txtNewsSubBy.Text & "',"
fNewsHdr = "'" & txtNewsHdr.Text & "',"
fNewsDesc = "'" & txtNewsDesc.Text & "'"

sql = "SET NOCOUNT ON; Insert INTO [News]
(NewsDate,NewsSubBy,NewsHdr,NewsDesc) Values " & "(" &
fNewsDate & fNewsSubBy & fNewsHdr & fNewsDesc & ");SELECT
@@IDENTITY AS myID FROM News;"

cmd = New SqlCommand(sql, conSCGC)
conSCGC.Open()

Try
cmd.ExecuteScalar()
NewID = cmd.ExecuteScalar("myID")
Response.Write(NewID)
Catch
Response.Write(sql)
Finally
conSCGC.Close()
End Try

End Sub
******


Tony,

Executing multiple SQL statements at one time is something that's
best done in a stored procedure. It will be easier to get the
@@IDENTITY value back this way.

Another potential problem is an SQL Injection Attack. This is due to
using string concatenation to build the INSERT statement. The use of
SQLParameter objects can prevent that kind of attack.
Retrieving Identity or Autonumber Values:

http://msdn.microsoft.com/library/en-
us/cpguide/html/cpconretrievingidentityorautonumbervalues.asp

or

http://tinyurl.com/w5z5

Advanced SQL Injection:

http://www.nextgenss.com/papers/adva..._injection.pdf

Hope this helps.

Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/
Jul 21 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by C Learner | last post: by
3 posts views Thread by Eric_Dexter | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.