The Parameter '@AAA" must be defined error?
Hi!
I just learnt to use the "Parameters.AddWithValue" to prevent harm of sql injections.However, I have only been able to do this with the INSERT, but I have trouble using that with SELECT and UPDATE. Please Look at my code with UPDATE
Try
ConnectionSettings()
con.Open()
Dim SqlUpdate As String
SqlUpdate = "UPDATE tblStudents SET Surname = @Surname"
cmd.Parameters.AddWithValue("@Surname", txtSurname.Text)
cmd = New MySqlCommand(SqlUpdate, con)
cmd.ExecuteNonQuery()
MsgBox("Updated")
con.Close()
Catch ex As MySqlException
MsgBox("Error " & ex.Message)
End Try
The cmd.ExecuteNonQuery() was highlighted and I can also see the error msg "The Parameter '@Surname' must be defined", I thought I had defined it by cmd.Parameters.AddWithValue("@Surname", txtSurname.Text)? I get the same with SELECT statement.I've tried a Google search to no avail.
Any help please?
Thanks.
Related Article: VB webform Bitmap.FromStream error
is a VB.NET discussion thread by thiemebr that has 2 replies, was last updated 10 months ago and has been tagged with the keywords: vb, bitmap, fromstream.
savedlema
Junior Poster in Training
73 posts since Sep 2012
Reputation Points: 0
Solved Threads: 1
Skill Endorsements: 0
Update:
I have been able to solve this by adding:
cmd = New MySqlCommand("", con)
cmd.CommandText = "UPDATE tblStudents SET Surname = @Surname
But I would love some explanation please (I'm new to VB+Mysql)
savedlema
Junior Poster in Training
73 posts since Sep 2012
Reputation Points: 0
Solved Threads: 1
Skill Endorsements: 0
The cmd.Parameters can only be used if the cmd has a query (CommandText) set which defines that parameter. In your OP you used a string for your query, instead of the CommandText.
pritaeas
Posting Prodigy
9,265 posts since Jul 2006
Reputation Points: 1,173
Solved Threads: 1,456
Skill Endorsements: 86
Reverend Jim
Carpe per diem
3,590 posts since Aug 2010
Reputation Points: 561
Solved Threads: 445
Skill Endorsements: 32
Thanks all..Then, why wouldn't this work? I want to fill the SELECT results to the dataset, and then fetch them from the dataset to textboxes..but this piece of code...
ConnectionSettings()
con.Open()
Dim sql As String
Dim ds As DataSet = New DataSet
Dim da As MySqlDataAdapter
Dim RowsNo As Integer
cmd = New MySqlCommand("", con)
sql = "SELECT * FROM tblStudents WHERE StudentID = @studentid"
cmd.CommandText = sql
cmd.Parameters.AddWithValue("@studentid", txtStudentID.Text)
cmd.ExecuteNonQuery()
da = New MySqlDataAdapter(sql, con)
da.Fill(ds, "Students")
Does not work. With this, I get the error "The parameter @StudentID must be defined"
If I comment out:
'da = New MySqlDataAdapter(sql, con)
'da.Fill(ds, "Students")
I get no error msg (I assume no problem up to that code), even when I add Msgbox ("Success") after the 'cmd.ExecuteNonQuery() 'Sucess' will be displayed, meaning there is no problem to that line. I think I need a little help on how to put the results of the above SELECT to a dataset (MySQL)
Thanks all.
savedlema
Junior Poster in Training
73 posts since Sep 2012
Reputation Points: 0
Solved Threads: 1
Skill Endorsements: 0
If you are using an oledb interface then you have to use "?" when adding values as in
'OLEDB is more generic (can be used for different data sources) and supports
'parameters but they are unnamed and positional
ListView1.Items.Clear()
Dim con As New OleDbConnection("Provider=SQLNCLI10;Server=.\SQLEXPRESS;Database=PUBS;Trusted_Connection=Yes;")
Dim cmd As New OleDbCommand("", con)
cmd.CommandText = "SELECT au_lname,au_fname,zip FROM authors WHERE au_lname like ?"
cmd.Parameters.Add("@pan", OleDbType.VarChar).Value = "D%"
con.Open()
Dim rdr As OleDbDataReader = cmd.ExecuteReader()
Do While rdr.Read
ListView1.Items.Add(New ListViewItem({rdr.GetString(0), rdr.GetString(1), rdr.GetString(2)}))
Loop
rdr.Close()
con.Close()
OleDb does not support named parameters. You can see the difference between SqlClient and OleDb here. That's the same sample code I posted a link to just above.
Reverend Jim
Carpe per diem
3,590 posts since Aug 2010
Reputation Points: 561
Solved Threads: 445
Skill Endorsements: 32
You have mixed together various statements that are not necessarily related.
ConnectionSettings() ' this does what?
' I assume that con is a MySqlConnection defined elsewhere
' don't need to open connect, the dataadapter will handle open/close
'con.Open()
Dim sql As String
' you do realize that this dataset will only exist in the context of this code block?
Dim ds As New DataSet
Dim da As MySqlDataAdapter
Dim RowsNo As Integer ' purpose for this ?
Dim cmd as New MySqlCommand()
cmd.Connection = con
sql = "SELECT * FROM tblStudents WHERE StudentID = @studentid"
cmd.CommandText = sql
cmd.Parameters.AddWithValue("@studentid", txtStudentID.Text)
' why this is here I have no clue
'cmd.ExecuteNonQuery()
' feed the dataadapter the command
dim da as New MySqlDataAdapter(cmd)
' use the adapter to create and fill the table Students
da.Fill(ds, "Students")
msgbox(ds("Students").Rows.count.ToString)
TnTinMN
Practically a Master Poster
640 posts since Jun 2012
Reputation Points: 418
Solved Threads: 148
Skill Endorsements: 13
There is a success. Thank you all. SOLVED.
savedlema
Junior Poster in Training
73 posts since Sep 2012
Reputation Points: 0
Solved Threads: 1
Skill Endorsements: 0
Question Answered as of 2 Months Ago by
Reverend Jim,
pritaeas
and
TnTinMN 
RSS Feed