Thank you a ton,
I am a newbie to this .Net stuff, as if you couldn't tell. You pointed
me in the right direction and now I have it working. Thank You!! Changed
Code:
Dim Projname, ProjSpon As String
Dim AppName, AppType, AppSup, AppDesc As String
Dim VendName, VendPhone As String
Dim ReqName, ReqPurp As String
Dim BudgItem, BudgNum As String
Dim BudgetOnly As Integer
If chkBudg.Checked = True Then BudgetOnly = 1 Else BudgetOnly = 0
Projname = Convert.ToString(txtProjName.Text)
ProjSpon = Convert.ToString(txtProjSpon.Text)
AppName = Convert.ToString(txtAppName.Text)
VendName = Convert.ToString(txtVendName.Text)
VendPhone = Convert.ToString(txtVendPhone.Text)
AppType = Convert.ToString(cmbAppType.SelectedItem)
AppSup = Convert.ToString(cmbAppSupp.SelectedItem)
AppDesc = Convert.ToString(txtAppDes.Text)
ReqName = Convert.ToString(txtReqName.Text)
ReqPurp = Convert.ToString(cmbReqPurp.SelectedItem)
BudgItem = Convert.ToString(cmbBudgetItem.SelectedItem)
BudgNum = Convert.ToString(txtbudgetNum.Text)
'Create the Database Connection String
Dim MserverConnection As New SqlConnection("Data
Source=patmtest\sqlexpress;Integrated Security=sspi;Initial
Catalog=MasterServer;User ID=Vbuser;Password=Vbuser")
'Create SQL Select query command
Dim SQLcmd As SqlCommand = New SqlCommand("dbo.InsertNewServerRequest",
MserverConnection)
SQLcmd.CommandType = CommandType.StoredProcedure
SQLcmd.Parameters.Add(New SqlParameter("@BudgetOnly", BudgetOnly))
SQLcmd.Parameters.Add(New SqlParameter("@ProjName", Projname))
SQLcmd.Parameters.Add(New SqlParameter("@ProjSpon", ProjSpon))
SQLcmd.Parameters.Add(New SqlParameter("@AppName", AppName))
SQLcmd.Parameters.Add(New SqlParameter("@VendName", VendName))
SQLcmd.Parameters.Add(New SqlParameter("@VendPhone", VendPhone))
SQLcmd.Parameters.Add(New SqlParameter("@AppType", AppType))
SQLcmd.Parameters.Add(New SqlParameter("@AppSup", AppSup))
SQLcmd.Parameters.Add(New SqlParameter("@AppDesc", AppDesc))
SQLcmd.Parameters.Add(New SqlParameter("@ReqName", ReqName))
SQLcmd.Parameters.Add(New SqlParameter("@ReqPurp", ReqPurp))
SQLcmd.Parameters.Add(New SqlParameter("@BudgItem", BudgItem))
SQLcmd.Parameters.Add(New SqlParameter("@BudgNum", BudgNum))
MsgBox("The Command: " & SQLcmd.Parameters.Count)
'Set a Command Timeout Value
SQLcmd.CommandTimeout = 30
'Create SQLdataAdapter
Dim ServerInfoDA As SqlDataAdapter = New SqlDataAdapter(SQLcmd.CommandText,
MserverConnection)
MsgBox("Created Dataadapter")
'Open Database Connection
SQLcmd.Connection.Open()
MsgBox("SQL Connection established")
'Execute the SQL Stored Procedure with Parameters
SQLcmd.ExecuteReader()
MsgBox("SQL Command Executed")
'Close the connection to the database
SQLcmd.Connection.Close()
MsgBox("Connection Closed")
End Sub
"Andrew Morton" <ak*@in-press.co.uk.invalidwrote in message
news:68*************@mid.individual.net...
PGM wrote:
>Private Sub Button1_Click_1(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim Projname, ProjSpon As String
There's your first problem: consider what happens if there's an apostrophe
in one of the names: it will break your SQL string. Or worse, your
database could be the victim of an SQL injection attack.
You will need to use a parameterized query. I can't find a basic
explanation quickly, google has the answer somewhere.
And if you're using SQL Server, you might as well go through
System.Data.SqlClient rather than OleDb.
HTH
Andrew