SQL String adjustment for Drop Down Lists

Question

I'll try to clarify by using the following example. In here I have two Drop down lists (ddlInsertEmployee + ddlInsertCustomer) which should both be bound to fetch data from tables [Employee.EmployeeID] and [Customer.CustomerID] and insert it into table [Task].

The problem is that it inserts data from Employee.Fullname and Customer.Fullname into resp. Employee.EmployeeID and Customer.CustomerID. If I would change the Drop down lists to textboxes, and manually insert the IDs, it works like a charm, but this is not very efficient, I want to be able to see the entire Fullname.

I don't know how to change my Sqlstring in order to make this work correctly. I hope this makes any sense. Any help much appreciated!

Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.SqlClient
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Web.UI.WebControls.DropDownList


   Protected Sub btnSubmit_Click(sender As Object, e As System.EventArgs) Handles btnSubmit.Click
        Dim MyConn As OleDbConnection
        Dim cmd As OleDbCommand
        Dim Sqlstring, TaskDesc, TaskSolved, Employee, Customer, DateIn, DateOut, TaskHours As String

        TaskDesc = txtTaskDesc.Text
        TaskSolved = txtTaskSolved.Text
        Employee = ddlInsertEmployee.Text
        Customer = ddlInsertCustomer.Text
        DateIn = txtDateReg.Text
        DateOut = txtDateSolved.Text
        TaskHours = txtHours.Text

        MyConn = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\DATABASE.accdb;")

        MyConn.Open()
        Sqlstring = "INSERT INTO Task (TaskDesc, TaskSolved, EmployeeID, CustomerID, DateIn, DateOut, TaskHours) VALUES ('" + TaskDesc + "', '" + TaskSolved + "', '" + Employee + "', '" + Customer + "', '" + DateIn + "', '" + DateOut + "', '" + TaskHours + "')"
        cmd = New OleDbCommand(Sqlstring, MyConn)
        cmd.ExecuteNonQuery()
        MyConn.Close()
        lblMessage.Text = "Task Added Successfully !!!"
    End Sub

End Class


--------

 Employee 
    
    
    
    
       
    

    

    Customer

I receive the error:

Exception Details: System.Data.OleDb.OleDbException: Data type mismatch in criteria expression.

Source Error:

Line 60:         Sqlstring = "INSERT INTO Task (TaskDesc, TaskSolved, EmployeeID, CustomerID, DateIn, DateOut, TaskHours) VALUES ('" + TaskDesc + "', '" + TaskSolved + "', '" + Employee + "', '" + Customer + "', '" + DateIn + "', '" + DateOut + "', '" + TaskHours + "')"
Line 61:         cmd = New OleDbCommand(Sqlstring, MyConn)
[B]Line 62:         cmd.ExecuteNonQuery() Line 63:         MyConn.Close()[/B]
Line 64:         lblMessage.Text = "Task Added Successfully !!!"


Source File: C:\Projekt\NewTask.aspx.vb    Line: 62

geekchic · Accepted Answer

Try setting the DataValueField of your ddlInsertCustomer to CustomerID (and similar for your employee dropdown). Then you can use the ddl.SelectedValue property to save to the database, but a user would still see the name property.

Also plugging text in a textbox into your SQL queries is a really bad idea as it opens you up to SQL injection. Using SQL parameters is a really good idea.

SQL String adjustment for Drop Down Lists

Answers (1)

Related Questions