|
-
May 15th, 2009, 11:40 AM
#1
Thread Starter
Hyperactive Member
parameterized query update question
As you may have seen in my other post, I have to switch over an all text SQL statement based database interaction program to using parameterized queries instead.
I remember doing it this way in college but I don't seem to be able to recall one part of it. The program I wrote back then and some code samples here both point to doing the code as I did so far:
Code:
m_strSQL = "UPDATE [OWNER DATA] SET [FIRST NAME] = @strFName"
m_strSQL &= ",[LAST NAME] = @strLName"
...etc
Dim upCMD As New OleDb.OleDbCommand(m_strSQL, m_Connection)
upCMD.Parameters.Add("@strFName", OleDb.OleDbType.Char, 30, "[First Name]")
...etc
m_DataAdapter.UpdateCommand = upCMD
m_DataAdapter.Update()
So by the second to last line there it has the SQL statement build and loaded into the command object and all the data for the fields is there so I just need it to actually do the update but that m_DataAdapter.Update() command is asking for a dataset to use to update it. My program is not set up to read in a dataset from the database, modify it, and send it back using that command so that whole model doesn't work for me in this case. Why can't it just take the SQL statement and run it without asking for a dataset to use? Am I missing something really obvious here?
My old version with just strings used:
Dim upCMD As New OleDb.OleDbCommand(m_strSQL, m_Connection)
intCount = upCMD.ExecuteNonQuery()
and tada, it ran the SQL statement and that's that. Can I just do that with a parameterized query too without using the adapter.update()? And for bonus points, why the heck did I use that command in my old college program cuz I sure don't know? lol.
I tried to end process on Visual Studio 2005
but PETA stopped me saying it's smart enough
to be a living creature 
-
May 15th, 2009, 12:09 PM
#2
Re: parameterized query update question
Yep, you got it right. As long as the command object is hooked up to a connection object you just execute the parameterized query using the command object. I don't know why you would have used a data adapter in college - leave it to the ivory tower folks to... well, I don't need to get started on that soapbox.
If a process is a living creature, does that mean it tastes good grilled?
 I always add to the reputation of those whose posts are helpful, and even occasionally to those whose posts aren't helpful but who obviously put forth a valiant effort. That is, when the system will allow it.
My war with a browser-redirect trojan
-
May 15th, 2009, 12:17 PM
#3
Thread Starter
Hyperactive Member
Re: parameterized query update question
lol well my hard drive got heavily corrupted when I tried to merge two partitions on my hard drive with Partition Magic and VS2005 was on it and it get pretty well "grilled" but it mostly just tasted like I was really pissed off lol.
Btw ivory tower? You mean the cheating modders in Halo 2 on the Ivory Towers map? lol. Oh wait, no, you must mean that little guy from the Wizard of Oz who says "nobody gets in the see the data adapter, not nobody not no how"...unless that I was the emerald tower :P I must be thinking of Neverending story.
I looked back at the code and I filled in all the parameters but didn't give them and actual data and actually did do m_DataAdapter.Update(NewRentalTable) which apparently is some table I made. By the way, speaking of that I just noticed one big flaw. I didn't assign any values to the parameters, oops! I saw in a same you use the AddWithValue parameter method.
Do I have to do:
upCMD.Parameters.Add("@strFName", OleDb.OleDbType.Char, 30, "[First Name]")
then
upCMD.Parameters.AddWithValue("@strFName", strFName)
or can I just use the addwithvalue in the first place? And if so, why doesn't add with value ask for a column name, length, or datatype?
Last edited by Desolator144; May 15th, 2009 at 12:23 PM.
I tried to end process on Visual Studio 2005
but PETA stopped me saying it's smart enough
to be a living creature 
-
May 15th, 2009, 12:40 PM
#4
Re: parameterized query update question
AddWithValue only needs the parameter placeholder - @strFName in this case - and the value to replace it with when the query runs. Why the standard 'Add' method would ask for the column name is beyond me. I suspect I don't know all there is to know about parameterized queries. Maybe one of the guru's will notice this thread and chime in on that topic.
 I always add to the reputation of those whose posts are helpful, and even occasionally to those whose posts aren't helpful but who obviously put forth a valiant effort. That is, when the system will allow it.
My war with a browser-redirect trojan
-
May 15th, 2009, 12:51 PM
#5
Thread Starter
Hyperactive Member
Re: parameterized query update question
yeah, I think I'll dump the target column part cuz it's optional and shouldn't necessary and I wasn't sure if it needed square brackets for table names with spaces anyway.
I'm not big on parameterized queries cuz none of my programs are hackworthy with SQL injections. Like why would you hack your own program that's importing data into your own database? So I just did it the easy way. Plus, I don't use objects and methods I didn't write whenever possible cuz then I have to guess exactly how they work and what they do or worse, look it up in the MSDN library lol.
So I kinda get what the purpose of the method is but if I already added a parameter, would using addwithvalue add it again? If so, how do I give it a value otherwise?
I tried to end process on Visual Studio 2005
but PETA stopped me saying it's smart enough
to be a living creature 
-
May 15th, 2009, 12:57 PM
#6
Re: parameterized query update question
I don't know what it would do if you added it twice. I suspect it would throw an error. You'd have to test it to be sure. Personally I would just remove the 'Add' line and just go with 'AddWithValue'
And like you, I don't generally use parameterized queries unless there's a reasonable risk of a SQL injection attack - i.e. a textbox that is used to get user input for a database field.
 I always add to the reputation of those whose posts are helpful, and even occasionally to those whose posts aren't helpful but who obviously put forth a valiant effort. That is, when the system will allow it.
My war with a browser-redirect trojan
-
May 15th, 2009, 01:10 PM
#7
Thread Starter
Hyperactive Member
-
May 15th, 2009, 01:25 PM
#8
Re: parameterized query update question
My recommendation is build a test app and see what it does. Either that or look in the documentation.
 I always add to the reputation of those whose posts are helpful, and even occasionally to those whose posts aren't helpful but who obviously put forth a valiant effort. That is, when the system will allow it.
My war with a browser-redirect trojan
-
May 15th, 2009, 01:30 PM
#9
Re: parameterized query update question
If your query parameter count <> your command parameter count you will get an exception saying that you have a count mismatch basically. Parameters is just a collection, so each time you call .Add() it will add a parameter at the end of the collection regardless if the same one was added.
-
May 15th, 2009, 01:34 PM
#10
Re: parameterized query update question
Ah. That makes sense. Good answer.
 I always add to the reputation of those whose posts are helpful, and even occasionally to those whose posts aren't helpful but who obviously put forth a valiant effort. That is, when the system will allow it.
My war with a browser-redirect trojan
-
May 15th, 2009, 02:59 PM
#11
Fanatic Member
Re: parameterized query update question
FYI, the major difference with Parameter.Add and Parameter.AddWithValue is that the .Add allows you to explicitly declare the datatype you are sending the parameter in as, .AddWithValue does not.
D
Platforms of choice: Visual Studio 2005/2008 Professional : Visual Studio 2010 Enterprise : PHP - Notepad++/WAMP
Please Rate If I helped you. 
Please remember to mark threads as closed if your issue has been resolved.
Reserved Words in Access | Connection Strings
-
May 15th, 2009, 03:03 PM
#12
Re: parameterized query update question
 Originally Posted by dminder
FYI, the major difference with Parameter.Add and Parameter.AddWithValue is that the .Add allows you to explicitly declare the datatype you are sending the parameter in as, .AddWithValue does not.
D
Or to put it a slightly different way, it assumes that you know what datatype you need to put into that parameter.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|