Radio Button insert option
-
hello all, Am creating employees master data using vb.net and sql server. in my screen i have lot of radio button for male /female selection and some yes/no selection. my problem is how to insert this radiobutton values to the database.according to the user selection(yes/no). Here i have Attached My coding Please help me........... INSERT OPTION CODE
Private Sub btnins_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnins.Click con.Open() str = "Insert into EmployeeMaster values('" & txtname.Text & "','" & txtfname.Text & "','" & dtdob.Text & "','" & gencom.Text & "','" & txtqual.Text & " ','" & txtbg.Text & " ','" & martcom.Text & "','" & txtadd.Text & "',' " & txtcadd.Text & " ','" & txtpho.Text & "','" & txtmob.Text & "',' " & txtemail.Text & " ','" & txtpp.Text & " ','" & txtpv.Text & " ',' " & txteno.Text & " ',' " & depcom.Text & " ', ' " & descom.Text & " ',' " & dtdoj.Text & " ','" & catcom.Text & "','" & mopcom.Text & "','" & txtac.Text & "','" & byes.Text & "',' " & txtbv.Text & "',' " & txtcdue.Text & "','" & txtcdate.Text & "','" & txtesino.Text & "','" & txtpfno.Text & "','" & expyes.Text & "',' " & detcom.Text & "','" & txtpc.Text & "','" & txtnc.Text & "' )" cmd = New OdbcCommand(str, con) cmd.ExecuteNonQuery() 'check() MsgBox("Inserted") clear() con.Close() End SubVIEW OPTION CODE
con.Open() str = "select * from EmployeeMaster where Name='" & namecom.Text & "'" cmd = New OdbcCommand(str, con) dr = cmd.ExecuteReader If dr.Read Then txtname.Text = dr.GetValue(0) txtfname.Text = dr.GetValue(1) dtdob.Text = dr.GetValue(2) gencom.Text = dr.GetValue(3) txtqual.Text = dr.GetValue(4) txtbg.Text = dr.GetValue(5) martcom.Text = dr.GetValue(6) txtadd.Text = dr.GetValue(7) txtcadd.Text = dr.GetValue(8) txtpho.Text = dr.GetValue(9) txtmob.Text = dr.GetValue(10) txtemail.Text = dr.GetValue(11) txtpp.Text = dr.GetValue(12) txtpv.Text = dr.GetValue(13) enocom.Text = dr.GetValue(14) depcom.Text = dr.GetValue(15) descom.Text = dr.GetValue(16) dtdoj.Text = dr.GetValue(17) catcom.Text = dr.GetValue(18) mopcom.Text = dr.GetValue(19) txtac.Text = dr.GetValue(20) -
hello all, Am creating employees master data using vb.net and sql server. in my screen i have lot of radio button for male /female selection and some yes/no selection. my problem is how to insert this radiobutton values to the database.according to the user selection(yes/no). Here i have Attached My coding Please help me........... INSERT OPTION CODE
Private Sub btnins_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnins.Click con.Open() str = "Insert into EmployeeMaster values('" & txtname.Text & "','" & txtfname.Text & "','" & dtdob.Text & "','" & gencom.Text & "','" & txtqual.Text & " ','" & txtbg.Text & " ','" & martcom.Text & "','" & txtadd.Text & "',' " & txtcadd.Text & " ','" & txtpho.Text & "','" & txtmob.Text & "',' " & txtemail.Text & " ','" & txtpp.Text & " ','" & txtpv.Text & " ',' " & txteno.Text & " ',' " & depcom.Text & " ', ' " & descom.Text & " ',' " & dtdoj.Text & " ','" & catcom.Text & "','" & mopcom.Text & "','" & txtac.Text & "','" & byes.Text & "',' " & txtbv.Text & "',' " & txtcdue.Text & "','" & txtcdate.Text & "','" & txtesino.Text & "','" & txtpfno.Text & "','" & expyes.Text & "',' " & detcom.Text & "','" & txtpc.Text & "','" & txtnc.Text & "' )" cmd = New OdbcCommand(str, con) cmd.ExecuteNonQuery() 'check() MsgBox("Inserted") clear() con.Close() End SubVIEW OPTION CODE
con.Open() str = "select * from EmployeeMaster where Name='" & namecom.Text & "'" cmd = New OdbcCommand(str, con) dr = cmd.ExecuteReader If dr.Read Then txtname.Text = dr.GetValue(0) txtfname.Text = dr.GetValue(1) dtdob.Text = dr.GetValue(2) gencom.Text = dr.GetValue(3) txtqual.Text = dr.GetValue(4) txtbg.Text = dr.GetValue(5) martcom.Text = dr.GetValue(6) txtadd.Text = dr.GetValue(7) txtcadd.Text = dr.GetValue(8) txtpho.Text = dr.GetValue(9) txtmob.Text = dr.GetValue(10) txtemail.Text = dr.GetValue(11) txtpp.Text = dr.GetValue(12) txtpv.Text = dr.GetValue(13) enocom.Text = dr.GetValue(14) depcom.Text = dr.GetValue(15) descom.Text = dr.GetValue(16) dtdoj.Text = dr.GetValue(17) catcom.Text = dr.GetValue(18) mopcom.Text = dr.GetValue(19) txtac.Text = dr.GetValue(20)rrrriiizz wrote:
str = "Insert into EmployeeMaster values('" & txtname.Text & "','" & txtfname.Text & "','" & dtdob.Text & "','" & gencom.Text & "','" & txtqual.Text & " ','" & txtbg.Text & " ','" & martcom.Text & "','" & txtadd.Text & "',' " & txtcadd.Text & " ','" & txtpho.Text & "','" & txtmob.Text & "',' " & txtemail.Text & " ','" & txtpp.Text & " ','" & txtpv.Text & " ',' " & txteno.Text & " ',' " & depcom.Text & " ', ' " & descom.Text & " ',' " & dtdoj.Text & " ','" & catcom.Text & "','" & mopcom.Text & "','" & txtac.Text & "','" & byes.Text & "',' " & txtbv.Text & "',' " & txtcdue.Text & "','" & txtcdate.Text & "','" & txtesino.Text & "','" & txtpfno.Text & "','" & expyes.Text & "',' " & detcom.Text & "','" & txtpc.Text & "','" & txtnc.Text & "' )"
This is begging for a SQL attack, you should use parameterised queries, or, better yet, stored procs. Colin has an excellent article on SQL injection, you should read it. In C#, you can do this: string sex = (rdoMale.Checked) ? "Male" : "Female"; Does VB do something like that ? Basically, it depends on how your data is stored, if it's a bool use the check result of the appropriate button. Otherwise, you need to build your paramater based on radio button state.
Christian Graus - Microsoft MVP - C++ Metal Musings - Rex and my new metal blog "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )