Hi all,

As you will be able to tell i am very new at VB.net. i have the following code that
adds three text fields to my sql table.

it works if i input numbers i.e the number 1 in all three feilds but as soon as i
in input text i get the error

Error while inserting record on table... the name "Mike" is not permitted in this context. valid expressions are constants, contact expressions, and(in come contexts variables. column names are not permitted.

This has nothing to do with the way that the sql table is setup and has soemthing todo with my code.

Please if someone could help that would be great. thanks

Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click
        Dim StockcodeV As String
        Dim stockdescV As String
        Dim SellPricev As String

        StockcodeV = Me.TextBox3.Text
        stockdescV = Me.TextBox4.Text
        SellPricev = Me.TextBox5.Text

        Dim con As New SqlConnection
        Dim cmd As New SqlCommand
        Try
            con.ConnectionString = "Data Source=localhost;Initial Catalog=invsystem;Persist Security Info=True;User ID=mbish;Password=mbish"
            con.Open()
            cmd.Connection = con
            cmd.CommandText = "INSERT INTO stock(Stockcode, StockDescription,sellprice) VALUES(" & StockcodeV & "," & stockdescV & "," & SellPricev & ")"
            cmd.ExecuteNonQuery()

        Catch ex As Exception
            MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
        Finally
            con.Close()
        End Try




    End Sub

Enclosed single quote for non-numeric value.

cmd.CommandText = "INSERT INTO stock(Stockcode, StockDescription,sellprice) VALUES('" & StockcodeV & "','" & stockdescV & "','" & SellPricev & "')"

Or, use parameterized query

...
cmd.Connection = con
cmd.CommandText = "INSERT INTO stock(Stockcode, StockDescription,sellprice) VALUES(@p1,@p2,@p3)"
cmd.Parameters.AddWithValue("@p1",StockcodeV)
cmd.Parameters.AddWithValue("@p2",stockdescV)
cmd.Parameters.AddWithValue("@p3",SellPricev)
cmd.ExecuteNonQuery()
....

thanks adatapost the parameterized query is excatly what i was looking for

sorry for the newbie question.

You're welcome. Please mark this thread as solved if you have found an answer to your question and good luck!

This article has been dead for over six months. Start a new discussion instead.