Here's the error I get trying to run the code posted below..."Prepared statement '(@.datestamp datetime,@.PrevValue real,@.NewValue real,@.IPaddress r' expects parameter @.datestamp, which was not supplied."
I've tried it without the quotes around the DateTime.Now and also adding the # around them. Without the quotes, I do get a different error because it doesn't like the spaces in the DateTime text. Also, the datestamp data in the database is formatted as a datetime (MS SQL Server 2005).
Here's my code:
PrivateSub UpdateRefresh()
UpdateConnection.Open()
UpdateDataAdapter.InsertCommand.CommandText = "INSERT INTO dbo.tbDeploy(datestamp," & _
"PrevValue, NewValue, IPaddress, HighCapability, LowCapability, Share) VALUES" & _
"('" & DateTime.Now & "', '" & lblCurrent.Text & "', '" & lblCurrent.Text & _
"', '" & lblIP.Text & "', '" & lblHigh.Text & "', '" & lblLow.Text & "', '" & lblShare.Text & "')"
UpdateDataAdapter.InsertCommand.ExecuteNonQuery()
UpdateConnection.Close()
EndSub
Use parameterized queries. Your problem will be solved. You can also prevent SQL Injection attacks.
No comments:
Post a Comment