Home/ Questions/Q 557195
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T12:00:01+00:00

How can I change the following code to write to the database null instead

  • 0

How can I change the following code to write to the database null instead of empty strings? 

Public Sub SetChangeRequest(ByVal referenceLeaseID As Integer, _
                                  ByVal referenceCustomerID As Integer, _
                                  Optional ByVal custUnitNum As Object = Nothing, _
                                  Optional ByVal driverFirstName As Object = Nothing, _
                                  Optional ByVal driverLastName As Object = Nothing, _
                                  Optional ByVal driverEmail As Object = Nothing, _
                                  Optional ByVal plateNumber As Object = Nothing, _
                                  Optional ByVal plateProvince As Object = Nothing, _
                                  Optional ByVal usageProvince As Object = Nothing, _
                                  Optional ByVal invoiceGroups As Object = Nothing)
    mcmd = New SqlCommand
    mcmd.CommandType = CommandType.Text
    mcmd.Connection = mcn
    mcmd.CommandText = "IF EXISTS (SELECT * FROM ChangeRequest WHERE ReferenceLeaseID = " & referenceLeaseID & ")" & vbNewLine & _
                        "DELETE FROM ChangeRequest WHERE ReferenceLeaseID = " & referenceLeaseID & vbNewLine & _
                        "INSERT INTO ChangeRequest (ReferenceLeaseID, ReferenceCustomerID, CustomerUnitNum, DriverFirstName, DriverLastName, DriverEmail, PlateNumber, PlateProvince, UsageProvince, InvGroupID)" & vbNewLine & _
                        "VALUES ('" & referenceLeaseID & "', '" & referenceCustomerID & "', '" & custUnitNum & "', '" & driverFirstName & "', '" & driverLastName & "', '" & driverEmail & "', '" & plateNumber & "', '" & plateProvince & "', '" & usageProvince & "', '" & invoiceGroups & "')"
    mcn.Open()
    mcmd.ExecuteScalar()
    mcn.Close()
End Sub

Cheers,

Mike

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    They way you’re constructing your query is inefficient, hard to read, error prone, and worst of all open to SQL injection attacks. You should use SQL parameters:

    mcmd.CommandText = "IF EXISTS (SELECT * FROM ChangeRequest WHERE ReferenceLeaseID = @referenceLeaseID") " _
                   "DELETE FROM ChangeRequest WHERE ReferenceLeaseID = @referenceLeaseID " & _
                   "INSERT INTO ChangeRequest (ReferenceLeaseID, ReferenceCustomerID, CustomerUnitNum, DriverFirstName, DriverLastName, DriverEmail, PlateNumber, PlateProvince, UsageProvince, InvGroupID) " & _
                   "VALUES (@referenceLeaseID, @referenceCustomerID, @custUnitNum, @driverFirstName, @driverLastName, @driverEmail, @plateNumber, @plateProvince, @usageProvince, @invoiceGroups)"

    You can specify values for parameters like:

    mcmd.Parameters.Add("@parameterName", If(ParameterValue Is Nothing, DBNull.Value, ParameterValue))
    • 0