I am working on part of a application that needs to import data from a excel sheet into a mysql database table. The code works fine until it gets to a record in the excel sheet where one of the string values gets assigned “ABCDE All’John D Doe 999 West Lame Blvd Cullman, AL 35055”. I am not certain but I believe that it has to do completely with the “‘” that appears there. Which that can not change and other records from the excelsheet could contain the ” ‘ ” as well… When it gets to this record it throws this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘John D Doe’,’ABCDE’,’All’John’,’D’,’Doe’,’256-555-5555′,’ ‘,’256-555-5555’ at line 1
the code that i have around this problems is as follows:
Private Function PerFormUpdate(ByVal customer As String, ByVal bill_to As String, ByVal Contact As String, ByVal Company As String, ByVal firstName As String, ByVal mi As String, ByVal lastname As String, ByVal phone As String, ByVal altPhone As String, ByVal fax As String)
Dim _db As New schoolEntities
Dim command As MySqlCommand = _dbconn.CreateCommand()
command.CommandText = "SELECT * FROM quickbooks_imports WHERE Customer= "" & _customer& "" & Bill_to= "" & _bill_to& "" & Contact= "" & _Company& ""& First_Name= "" & _firstName& "" & M_I= "" & _mi& "" & Last_Name= "" & _lastname& "" & Phone= "" & _phone& "" & Alt_Phone= "" & _altPhone& "" & Fax= "" & _Fax& """
_dbconn.Open()
Dim _mysqlReader As MySqlDataReader = command.ExecuteReader()
_dbconn.Close()
If Not _mysqlReader.HasRows Then
Dim _UpdateItem As New quickbooks_imports
Dim updateCommand As MySqlCommand = _dbconn.CreateCommand()
_UpdateItem.Customer = customer
_UpdateItem.Bill_to = bill_to
_UpdateItem.Contact = Contact
_UpdateItem.Company = Company
_UpdateItem.First_Name = firstName
_UpdateItem.M_I = mi
_UpdateItem.Last_Name = lastname
_UpdateItem.Phone = phone
_UpdateItem.Alt_Phone = altPhone
_UpdateItem.Fax = fax
updateCommand.CommandText = "INSERT INTO quickbooks_imports(Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') "
_dbconn.Open()
updateCommand.ExecuteNonQuery()
_db.SaveChanges()
The Error shows up on the ExecuteNonQuery to perform the update..
Any help would be greatly appreciated…
As per your response I switched to the params and this is the new code:
updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ? )"
updateCommand.Parameters.AddWithValue("Customer", _UpdateItem.Customer)
updateCommand.Parameters.AddWithValue("Bill_to", _UpdateItem.Bill_to)
updateCommand.Parameters.AddWithValue("Contact", _UpdateItem.Contact)
updateCommand.Parameters.AddWithValue("Company", _UpdateItem.Company)
updateCommand.Parameters.AddWithValue("First_Name", _UpdateItem.First_Name)
updateCommand.Parameters.AddWithValue("M_I", _UpdateItem.M_I)
updateCommand.Parameters.AddWithValue("Last_Name", _UpdateItem.Last_Name)
updateCommand.Parameters.AddWithValue("Phone", _UpdateItem.Phone)
updateCommand.Parameters.AddWithValue("Alt_Phone", _UpdateItem.Alt_Phone)
updateCommand.Parameters.AddWithValue("Fax", _UpdateItem.Fax)
how ever its throwing a fatal exception now…
I just tried using name parameters as you mentioned in your reply and the code is as follows:
Private Function PerFormUpdate(ByVal customer As String, ByVal bill_to As String, ByVal Contact As String, ByVal Company As String, ByVal firstName As String, ByVal mi As String, ByVal lastname As String, ByVal phone As String, ByVal altPhone As String, ByVal fax As String)
Dim _db As New schoolEntities
Dim command As MySqlCommand = _dbconn.CreateCommand()
command.CommandText = "SELECT * FROM quickbooks_imports WHERE Customer= "" & _customer& "" & Bill_to= "" & _bill_to& "" & Contact= "" & _Company& ""& First_Name= "" & _firstName& "" & M_I= "" & _mi& "" & Last_Name= "" & _lastname& "" & Phone= "" & _phone& "" & Alt_Phone= "" & _altPhone& "" & Fax= "" & _Fax& """
_dbconn.Open()
Dim _mysqlReader As MySqlDataReader = command.ExecuteReader()
_dbconn.Close()
If Not _mysqlReader.HasRows Then
Dim _UpdateItem As New quickbooks_imports
Dim updateCommand As MySqlCommand = _dbconn.CreateCommand()
_UpdateItem.Customer = customer
_UpdateItem.Bill_to = bill_to
_UpdateItem.Contact = Contact
_UpdateItem.Company = Company
_UpdateItem.First_Name = firstName
_UpdateItem.M_I = mi
_UpdateItem.Last_Name = lastname
_UpdateItem.Phone = phone
_UpdateItem.Alt_Phone = altPhone
_UpdateItem.Fax = fax
updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
updateCommand.Parameters.AddWithValue("@Customer", _UpdateItem.Customer)
updateCommand.Parameters.AddWithValue("@Bill_to", _UpdateItem.Bill_to)
updateCommand.Parameters.AddWithValue("@Contact", _UpdateItem.Contact)
updateCommand.Parameters.AddWithValue("@Company", _UpdateItem.Company)
updateCommand.Parameters.AddWithValue("@First_Name", _UpdateItem.First_Name)
updateCommand.Parameters.AddWithValue("@M_I", _UpdateItem.M_I)
updateCommand.Parameters.AddWithValue("@Last_Name", _UpdateItem.Last_Name)
updateCommand.Parameters.AddWithValue("@Phone", _UpdateItem.Phone)
updateCommand.Parameters.AddWithValue("@Alt_Phone", _UpdateItem.Alt_Phone)
updateCommand.Parameters.AddWithValue("@Fax", _UpdateItem.Fax)
'updateCommand.CommandText = "INSERT INTO EXCEL (id,Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.id & "','" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') ON DUPLICATE KEY UPDATE Customer= '" & _UpdateItem.Customer & "' Bill_to= '" & _UpdateItem.Bill_to & "' Contact= '" & _UpdateItem.Contact & "' Company= '" & _UpdateItem.Company & "' First_Name= '" & _UpdateItem.First_Name & "' M_I= '" & _UpdateItem.M_I & "' Last_Name= '" & _UpdateItem.Last_Name & "' Phone= '" & _UpdateItem.Phone & "' Alt_Phone= '" & _UpdateItem.Alt_Phone & "' Fax= '" & _UpdateItem.Fax & "'"
'updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') "
_dbconn.Open()
updateCommand.ExecuteNonQuery()
_db.SaveChanges()
and I am still getting the fatal exception on the updateCommand.ExecuteNonQuery()
Fatal error encountered during command execution.
InnerException Message: “Parameter ‘?’ must be defined.”
You need to use
parameterswhich will properly escape your strings for database execution.Refer to this link. http://www.devart.com/dotconnect/mysql/docs/Parameters.html
Edit: Try using named parameters instead: