Dave
Dave

Reputation: 41

How to prevent certain data from being inserted into the database with If Else statements?

I have two comboboxes, a messagebox and a Send button. When the app startups and I click on the Send button with the comboboxes and messagebox empty, a pop-up box comes up and says "Select a client" After doing this, I go back to the database and see that it has added a new record to that table, even though I didn't put in any data after clicking on the "Send" button. Same applies for when one of the three controls I have has data in it, but the other two don't, and the program asks me to enter that data before it succeeds. But it still adds the record despite having those If Statements. What am I doing wrong?

My code:

Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("conStr").ConnectionString)

    con.Open()

    Using cmd As New SqlCommand
        cmd.Connection = con
        cmd.CommandText = "insert into tblMyTable(Client, UserName, Message) values('" & cboClient.Text & "', '" & cboUser.Text & "', '" & rtfMessage.Text & "')"
        cmd.ExecuteNonQuery()
    End Using
    If cboClient.Text = "" Then
        MsgBox("Select a client")
    ElseIf cboUser.Text = "" Then
        MsgBox("Select a user")
    ElseIf rtfMessage.Text = "" Then
        MsgBox("Enter a message")
    Else
        MsgBox("Message Sent")
    End If
    con.Close()

End Using

Upvotes: 0

Views: 71

Answers (2)

Andrew Mortimer
Andrew Mortimer

Reputation: 2370

Similar solution to @OldProgrammer, with an attempt at parameterized insert.

    Private Sub SendButton_Click(sender As System.Object, e As System.EventArgs) Handles SendButton.Click
        Try
            If writeMessage() Then
                MessageBox.Show("Message sent.", "Success")
            End If
        Catch ex As Exception
            MessageBox.Show(String.Concat("An error occurred sending this message:", ex.Message))
        End Try
    End Sub    

    Private Function writeMessage() As Boolean

        If isValidMessage() Then
            writeMessageInfo()
            Return True
        End If

        Return False

    End Function

    Private Sub writeMessageInfo()

        Using con As New SqlConnection(yourConnectionString)

            con.Open()

            Using cmd As New SqlCommand
                cmd.Connection = con
                cmd.Parameters.Add(New SqlParameter("clientValue", cboClient.Text))
                cmd.Parameters.Add(New SqlParameter("userValue", cboUser.Text))
                cmd.Parameters.Add(New SqlParameter("messageText", rtfMessage.Text))
                cmd.CommandText = "insert into tblMyTable(Client, UserName, Message) values(@clientValuem, @userValue, @messageText)"
                cmd.ExecuteNonQuery()
            End Using

            con.Close()

        End Using
    End Sub


    Private Function isValidMessage() As Boolean

        If cboClient.SelectedIndex = -1 Then
            MessageBox.Show("Please select a client.", "Missing info")
            cboClient.Focus()
            Return False
        End If

        If cboUser.SelectedIndex = -1 Then
            MessageBox.Show("Please select a user.", "Missing info")
            cboUser.Focus()
            Return False
        End If

        If rtfMessage.Text = String.Empty Then
            MessageBox.Show("Please enter a message.", "Missing info")
            rtfMessage.Focus()
            Return False
        End If

        Return True

    End Function

Upvotes: 0

OldProgrammer
OldProgrammer

Reputation: 12169

I think you want something like this (note this does not address parameterization concerns):

Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("conStr").ConnectionString)


    If cboClient.Text = "" Then
        MsgBox("Select a client")
    ElseIf cboUser.Text = "" Then
        MsgBox("Select a user")
    ElseIf rtfMessage.Text = "" Then
        MsgBox("Enter a message")
    Else
        con.Open()
        Using cmd As New SqlCommand
          cmd.Connection = con
          cmd.CommandText = "insert into tblMyTable(Client, UserName, Message) values('" & cboClient.Text & "', '" & cboUser.Text & "', '" & rtfMessage.Text & "')"
          cmd.ExecuteNonQuery()
        End Using

        MsgBox("Message Sent")
    End If
    con.Close()

End Using

Upvotes: 1

Related Questions