Execute an INSERT statement.

[GerardMcL]

cmd = New OleDbCommand("INSERT INTO Tools (ToolID, Description) VALUES ('" & varToolID & "', '" & varDesc & "')", cn)
cmd.ExecuteNonQuery()


cmd is an OleDbCommand

I have tried this an it doesnt work. What is the correct method of executing an INSERT statement ( and UPDATE and DELETE statements for that matter)?

Thank You for all the Help.

 

[misterstick]

1. parameterise your command. what happens if the user enter the following for varDesc (no quotes): "'; DELETE FROM Tools WHERE '1' = '1"? you get sacked, that's what.
2. is ToolID a number?
3. can Description be null/zero-length?

find out the value of the SQL string passed to the constructor and see if you can run it in your favourite SQL tool (TOAD?).

ExecuteNonQuery returns a number of rows affected. it also has Error properties. if the return value is zero you'll probably get something meaningful as an error message.

what error are you getting?


mr s. <