Let me rephrase my previous post

[sibadoba]

Trying to add a record to access database. Im using textboxes to save the information. What do i do in the button click event to add a record?

VB Code:

Private Sub btnAddNewRecord_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAddNewRecord.Click
 
'What do i do here?
 
    End Sub]

[sevenhalo]

1. Declare your connection/data types
2. Create a command using String.Format, paramaterized queries or a sproc.
3. Open your connection
4. ExecuteNonQuery
5. In the Finally, Dispose of anything that can be, set everything else = Nothing

[Shaggy Hiker]

First, I would suggest that you get the data out of the text boxes and into strings. This may not be absolutely necessary, but it allows you to ensure that the contents of the textboxes are good. There is a nasty thing people can do to your database if you simply accept whatever string they enter.

Second, do you have a connection to the database yet? If not, get one. I'll assume you do, but if that is part of your question, it can be taken care of easily enough.

Third, you put the data into the table. This can be done in a couple of different ways. All of them suck to some degree in my opinion. If you only have a few fields to add, you might write the SQL string directly.

1) Get a command object from the connection.
2) Something like this:

VB Code:

cmd.CommandText = "INSERT INTO KnownDispositions (DispositionName,DispositionString,DispositionType) VALUES (?,?,?)"
                cmd.Parameters.Add("DispositionName", st1)
                cmd.Parameters.Add("DispositionString", st2)
                cmd.Parameters.Add("DispositionType", typ)
                cmd.ExecuteNonQuery()

Alternatively, you can do the same thing without the parameters, but it would get really tedious for more than a few fields.

The problem with it all is that any errors will arise only when you execute the query. This makes debugging a bit odd, since you know that there is a problem, but you don't know which line you screwed up. A simple typo, as long as it is sifficiently subtle, could take a good long time to see. Annoying thing, that.

[Shaggy Hiker]

1. Declare your connection/data types
2. Create a command using String.Format, paramaterized queries or a sproc.
3. Open your connection
4. ExecuteNonQuery
5. In the Finally, Dispose of anything that can be, set everything else = Nothing

A couple of comments here:

1) This pre-supposes that the whole thing be done in a Try...Catch block. This is essential for database work. You can never be certain that the database will be available, so your program needs to be able to handle the exceptional case where the database is not available.

2) Setting everything to Nothing is not nearly as valuable in .NET as it was in VB, and it wasn't essential there. In .NET, all variables are pointers (memory addresses) as far as I can tell. Setting the variable to Nothing should do no more than clear the pointer. It shouldn't free the memory pointed to by the pointer, that will be handled by the garbage collector once the reference count of the memory address drops to 0. If that is not a correct understanding of how the system works under the hood, I'd be happy to hear it.

[sevenhalo]

From what I've gathered, anything that can't be disposed, can't be instantiated. Therefore, it exists soley on the stack. If I have a structure I used for the durration of one method, but it contained alot of data I was handling (for example, if I queried a database and placed it into an intermediary object); I feel more comfortable handling it myself then just waiting for it to go out of scope.

Personal preference.

[sibadoba]

Still, how would i pass the value of the textboxes into the VALUE (1,2,3,etc...)
would VALUE (txtTextBox1.text, txtTExtBox2.text, etc...) work?

[sevenhalo]

It will work, but not advised. That'll leave you open to the nasty things Shaggy was talking about. IE:

'; DROP tblTable---

Using String.Format, paramaterized queries or a sproc can defend you against alot of the injections.