Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Database & SysAdmin
  3. Database
  4. Problem with sql query in vb.net

Problem with sql query in vb.net

Scheduled Pinned Locked Moved Database
databasehelpcsharpquestion
8 Posts 2 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    G Offline
    gundamhamtaro
    wrote on last edited by
    #1

    i'm just trying to insert some values into a table, but i got this error which says: Operator & not defined for types System.Data.SqlTypes.SqlMoney This is the line which gives the error: cmd = New SqlCeCommand("INSERT INTO stock (name,price,desp) VALUES ('" & name & "', '" & newprice & "' ,'" & desp & "'')", connectionstring) all other parts of the code work fine, which is why i'm only posting this small bit. price in my database is defined as type money, and newprice is of type SqlMoney too. Can someone help? thanks!

    C 1 Reply Last reply
    0
    • G gundamhamtaro

      i'm just trying to insert some values into a table, but i got this error which says: Operator & not defined for types System.Data.SqlTypes.SqlMoney This is the line which gives the error: cmd = New SqlCeCommand("INSERT INTO stock (name,price,desp) VALUES ('" & name & "', '" & newprice & "' ,'" & desp & "'')", connectionstring) all other parts of the code work fine, which is why i'm only posting this small bit. price in my database is defined as type money, and newprice is of type SqlMoney too. Can someone help? thanks!

      C Offline
      C Offline
      Colin Angus Mackay
      wrote on last edited by
      #2

      You should not create SQL Statements like this if at all possible because it is vulnerable to a SQL Injection Attack. SQL Injection Attacks and Some Tips on How to Prevent Them[^] Some Microsoft documentation that might help: SqlCeCommand.Parameters[^] I've left the explanantion for your error until the end of this message as I wanted to get across the point about security your applications against attack. The reason for your error is that SqlMoney is not a string and the & operator is used for concatenating strings together. This is an inefficient way to concatenate strings, you should consider using String.Concat() or String.Format(), the latter being more likly to understand how to insert a SqlMoney object into the string without you having to write any code to convert it yourself. Does this help?

      My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

      G 1 Reply Last reply
      0
      • C Colin Angus Mackay

        You should not create SQL Statements like this if at all possible because it is vulnerable to a SQL Injection Attack. SQL Injection Attacks and Some Tips on How to Prevent Them[^] Some Microsoft documentation that might help: SqlCeCommand.Parameters[^] I've left the explanantion for your error until the end of this message as I wanted to get across the point about security your applications against attack. The reason for your error is that SqlMoney is not a string and the & operator is used for concatenating strings together. This is an inefficient way to concatenate strings, you should consider using String.Concat() or String.Format(), the latter being more likly to understand how to insert a SqlMoney object into the string without you having to write any code to convert it yourself. Does this help?

        My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

        G Offline
        G Offline
        gundamhamtaro
        wrote on last edited by
        #3

        i know that SqlMoney is not of a string type, but then again i'm not trying to insert a string into the query. The data type i specified in my database is of type Money, which is why i'm using SqlMoney in my code. Right now i'm thinking of ways on how to insert the value in, but its giving me errors so far.......thanks for the reply anyway.

        C 1 Reply Last reply
        0
        • G gundamhamtaro

          i know that SqlMoney is not of a string type, but then again i'm not trying to insert a string into the query. The data type i specified in my database is of type Money, which is why i'm using SqlMoney in my code. Right now i'm thinking of ways on how to insert the value in, but its giving me errors so far.......thanks for the reply anyway.

          C Offline
          C Offline
          Colin Angus Mackay
          wrote on last edited by
          #4

          gundamhamtaro wrote: i know that SqlMoney is not of a string type, but then again i'm not trying to insert a string into the query You are trying to concatenate the SqlString object into a string. The SQL query is a string, therefore anything in the query must be converted to a string so it can be submitted to the database. gundamhamtaro wrote: Right now i'm thinking of ways on how to insert the value in, but its giving me errors so far Did you read my post? Have you tried parameterised queries like I suggested? It isn't just for the security considerations. It makes converting data types to SQL much easier also.

          My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

          G 1 Reply Last reply
          0
          • C Colin Angus Mackay

            gundamhamtaro wrote: i know that SqlMoney is not of a string type, but then again i'm not trying to insert a string into the query You are trying to concatenate the SqlString object into a string. The SQL query is a string, therefore anything in the query must be converted to a string so it can be submitted to the database. gundamhamtaro wrote: Right now i'm thinking of ways on how to insert the value in, but its giving me errors so far Did you read my post? Have you tried parameterised queries like I suggested? It isn't just for the security considerations. It makes converting data types to SQL much easier also.

            My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

            G Offline
            G Offline
            gundamhamtaro
            wrote on last edited by
            #5

            i tried String.format and String.Concat, and when i use String.format, i get this error: System.ArgumentNullException; and if i use Concat i get an error when trying to insert the data: the specified data type is not valid. maybe i'm doing it wrongly, so i'll just post my code: dim price as string price = String.Concat(newprice)

            C 1 Reply Last reply
            0
            • G gundamhamtaro

              i tried String.format and String.Concat, and when i use String.format, i get this error: System.ArgumentNullException; and if i use Concat i get an error when trying to insert the data: the specified data type is not valid. maybe i'm doing it wrongly, so i'll just post my code: dim price as string price = String.Concat(newprice)

              C Offline
              C Offline
              Colin Angus Mackay
              wrote on last edited by
              #6

              Okay - I give up. You obviously don't want to take my advice and use parameterised queries. String.Concat() is used with 2 or more strings. You cannot put anything in there that is not a string. SqlMoney is not a string. That is why you get an error message saying "data type is not valid". String.Format() is used with a format string and some parameters. For example String.Format("{0}", newPrice) The value newPrice is formatted into a string. You can also do a lot more powerful things with format, but you can read that in the documentation. Once again, I would suggest you use parameterise queries (the links I gave in past posts show examples of how to use them) because then you do not have to worry about converting data into a string in order to format them to fit in a SQL statement.

              My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

              G 1 Reply Last reply
              0
              • C Colin Angus Mackay

                Okay - I give up. You obviously don't want to take my advice and use parameterised queries. String.Concat() is used with 2 or more strings. You cannot put anything in there that is not a string. SqlMoney is not a string. That is why you get an error message saying "data type is not valid". String.Format() is used with a format string and some parameters. For example String.Format("{0}", newPrice) The value newPrice is formatted into a string. You can also do a lot more powerful things with format, but you can read that in the documentation. Once again, I would suggest you use parameterise queries (the links I gave in past posts show examples of how to use them) because then you do not have to worry about converting data into a string in order to format them to fit in a SQL statement.

                My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

                G Offline
                G Offline
                gundamhamtaro
                wrote on last edited by
                #7

                huh??? i didnt say that i dont want to use parameterised queries did i? there was a misunderstanding, i thought that parameterised queries was something thats similar to what i had typed out. now that i've checked it, i know i was wrong and now i that i've changed it, everything works fine. thanks for everything =)

                C 1 Reply Last reply
                0
                • G gundamhamtaro

                  huh??? i didnt say that i dont want to use parameterised queries did i? there was a misunderstanding, i thought that parameterised queries was something thats similar to what i had typed out. now that i've checked it, i know i was wrong and now i that i've changed it, everything works fine. thanks for everything =)

                  C Offline
                  C Offline
                  Colin Angus Mackay
                  wrote on last edited by
                  #8

                  gundamhamtaro wrote: huh??? i didnt say that i dont want to use parameterised queries did i? No, but you did seem to be ignoring my advice for a bit. gundamhamtaro wrote: everything works fine I'm glad it worked out. gundamhamtaro wrote: thanks for everything Your welcome.

                  My: Blog | Photos | Next SQL Presentation WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More

                  1 Reply Last reply
                  0
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes

                  • Login
                  • Don't have an account? Register
                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • World
                  • Users
                  • Groups