Good day every one

please I need help in coding this small easy program

it just three text boxes and one button to save them

this is my code

Imports System.Data
Imports System.Data.SqlClient



Public Class Form1

    Dim cmd As SqlCommand
    Dim con As SqlConnection
   
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim ConID As String
        Dim ConAddress As String
        Dim ConPhone As String

        ConID = Me.TextBox1.Text
        ConAddress = Me.TextBox2.Text
        ConPhone = Me.TextBox3.Text
        Try


            con.ConnectionString = "Data Source=DBS;Initial Catalog=Recruitment ;User Id=myuserid;Password=Mypassword"
            con.Open()
            cmd.Connection = con
            cmd.CommandText = "INSERT INTO Contacts(ConID, ConAddress,ConPhone ) VALUES('" & ConID & "' , '" & ConAddress & "' , '" & ConPhone & "') "
        Catch ex As Exception
            MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
        Finally
            con.Close()
        End Try



    End Sub

End Class

Everything seems OK when I looked over it except, of course, you aren't actually inserting the data into the database. After setting the command text you need to include the line:
cmd.ExecuteNonQuery();
This is the command that places the data into the database. Also,you shouldn't enter the text provided by the user directly into the SQL statement. It allows for hacking attacks via SQL injection (read up on it - its useful to know about). Use parametized queries to avoid the problem.

Yes cmd.ExecuteNonQuery(); is missing.
Why cant you write SP for this? and just pass the parameters?

This article has been dead for over six months. Start a new discussion instead.