Friday, March 23, 2012

Incorrect syntax near 0. Where is the 0 at??

I am not sure how to fix this??

Imports

System.Data

Imports

System.Web.UI.WebControls.FormView

Imports

System.Data.SqlClient

Partial

Class AssignmentInherits System.Web.UI.PageProtectedSub UpdateButton_Click(ByVal senderAsObject,ByVal eAs System.EventArgs)Handles UpdateButton.ClickDim empIDAsIntegerDim nbrIDAsIntegerDim equidAsIntegerDim UpdateQueryDim empequipidAs SqlCommandDim mySQLConnectionAsString = System.Configuration.ConfigurationManager.ConnectionStrings("DBConnectionString").ToStringDim myConnectionAsNew SqlConnection(mySQLConnection)

myConnection.Open()

empID = (Session(

"UserEmployeeID"))

equid = (Session(

"UserEquipID"))IfCType(empID,Integer) =NothingThen

empID = (DropDownList1.SelectedValue)

'Response.Write("Insert: " & empID)'Response.End()Me.SqlDataSource1.InsertCommand ="INSERT INTO [EMPLOYEES_EQUIP] ([EquipID], [EmployeeID]) VALUES " & equid &" " & empID &""Me.SqlDataSource1.InsertCommand = SqlDataSourceCommandType.TextMe.SqlDataSource1.Insert()Else

empequipid =

New SqlCommand("Select EmpEquipID From EMPLOYEES_EQUIP Where EmployeeID = " & empID &" AND EquipID = " & equid &" ", myConnection)

empequipid.CommandType = CommandType.Text

nbrID = empequipid.ExecuteScalar

'Response.Write("Select EmpEquipID: " & nbrID)'Response.End()

empID = (DropDownList1.SelectedValue)

'Response.Write("<br>Update EmployeeID: " & empID)'Response.End()Me.SqlDataSource1.UpdateCommand ="UPDATE EMPLOYEES_EQUIP SET EmployeeID = " & empID &" WHERE EmpEquipID = " & nbrID &" "Me.SqlDataSource1.UpdateCommand = SqlDataSourceCommandType.TextMe.SqlDataSource1.Update() <--Right here is displaying "Incorrect syntax near '0'."

'Added to output the Update Query

UpdateQuery =

"UPDATE EMPLOYEES_EQUIP SET EmployeeID = " & empID &" WHERE EmpEquipID = " & nbrID &" "'Response.Write(UpdateQuery)'Response.End()EndIf'Updating the session to new EmployeeID

Session(

"UserEployeeID") = (DropDownList1.SelectedValue)'Response.Write("<br>UserEmployeeID Session: " & Session("UserEmployeeID"))'Response.End()'-- Turn On Employee Information Table

EmpInfo.Visible =

True'-- Hides the Employee Name's Drop Down List table.

maintable.Visible =

FalseEndSub

End

Class

This will not generate a valid SQL statement. Missing parenthesis, values are separated by commas not spaces, and containts a possible security hole:

Me.SqlDataSource1.InsertCommand ="INSERT INTO [EMPLOYEES_EQUIP] ([EquipID], [EmployeeID]) VALUES " & equid &" " & empID &""

This is setting the wrong property:

Me.SqlDataSource1.InsertCommand = SqlDataSourceCommandType.Text

The & " " at the end of this is unneccessary, as well as contains a possible secutiy hole:

Me.SqlDataSource1.UpdateCommand ="UPDATE EMPLOYEES_EQUIP SET EmployeeID = " & empID &" WHERE EmpEquipID = " & nbrID &" "

This sets the wrong property, and the cause of your error message:

Me.SqlDataSource1.UpdateCommand = SqlDataSourceCommandType.Text

The following is redundant code (Exists in both IF paths and should be moved outside of the if):

empID = (DropDownList1.SelectedValue)

The following is useless code and isn't referenced anywhere. Should comment it out, or remove:

UpdateQuery =

"UPDATE EMPLOYEES_EQUIP SET EmployeeID = " & empID &" WHERE EmpEquipID = " & nbrID &" "

Useless & " " at end, and possible security hole:

empequipid =

New SqlCommand("Select EmpEquipID From EMPLOYEES_EQUIP Where EmployeeID = " & empID &" AND EquipID = " & equid &" ", myConnection)

The following wasn't assigned a type (String?) and becomes unneeded once the above changes have been made:

Dim UpdateQuery

|||ahh I got it to work now! Thank you!
Posted by abundantxcvr at 4:42 AM
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)