Answered Delete from data base & insert array to data base without parameters

Synctor

New member
Joined
Nov 10, 2011
Messages
1
Programming Experience
3-5
Hi everybuddy


i have 2 problem , and nobody can help me , please help me


First Problem : I want Delete a Record From Access Data base with its Record "ID_Per" Field , That Field Type is Number , i Write this Code :
VB.NET:
com.commandtext = "Delete * From Personels Where ID_PER = '"& txt_ID_per.text &"' "
com.ExecuteNonQuery()

ERROR msg : DATA TYPE MISMATCH IN CIRITIA


- When i change that field type to text this problem is OK , but i need Number Type , Please help me!


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Second Problem :
i have :
Dim tt as byte()


tt saved a picture bits in yourself , i want send it to data base Access , i can do it with this code :


VB.NET:
com.commandtext = "Insert into KK VALUES(@pic_bit)"
com.parameters.AddWithValue("pic_bit" , tt)
com.ExecuteNonQuery()

But i want Send with this Way :


VB.NET:
com.commandtext = "Insert into KK (pic_bit) VALUES ('"& tt &"')"
com.ExecuteNonQuery()

i cant Do it , i see SOme Errors , Please Say me whats this code Error OR say me How can i UPDATE and Delete with DATA COMMAND PARAMETERS Way


Thank you Very much


Pleeeeeease Reply :(
 
No, no, no! Do not EVER use string concatenation to insert values into SQL code. Always, always, ALWAYS use parameters. There is no good reason for you to want to use string concatenation. Parameters is the way it is supposed to be done and parameters is the way you should do it. If you don't then you deserve to have a malicious user delete every record in your database via a SQL injection attack.
 
Back
Top