Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

AddWithValue issue - Update the current field content ASP.Net/SQL Expand / Collapse
Author
Message
Posted Thursday, June 20, 2013 12:56 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, April 04, 2014 5:37 AM
Points: 4, Visits: 12
I have an ASP.Net VB shopping cart app where when an item is "Removed" from a shopping cart, and the corresponding Database field "NewTotal" is updated with the amount removed. So, that for example, if NewTotal is currently (5) and the amount being returned to inventory is QtyToAddBack (3), then the NEW "NewTotal" amount should be (8)

I am using the following code. If I use SQL Server Management Studio to run the query, it performs as expected; but in the code page it does not... what am I doing wrong.. I suspect the issue is with the "AddWithValue" definition?

Thank you in advance!

Dim strSQL02 As String = "Update [ClinicTest2].[dbo].[ICDbS_Products] SET "& _
"NewTotal = (NewTotal +'" & QtyToAddBack & "') " & _
"WHERE ProductNoID = '" & ItemNumber & "'"

Dim myCommand02 As New SqlCommand(strSQL02, objConn02)

myCommand02.Parameters.AddWithValue("@NewTotal", "@NewTotal"+ QtyToAddBack)

Post #1465902
Posted Monday, July 08, 2013 8:38 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, April 02, 2014 1:24 PM
Points: 62, Visits: 723
You are mixing up the SQL with the VB and confusing yourself. Not to mention, introducing a massive SQL-injection hole, by building up the string in that fashion.

Instead, define @variables within the SQL string and use AddWithValue to populate them.
For example:

Dim strSQL02 As String = "Update [ClinicTest2].[dbo].[ICDbS_Products] SET " & _
"NewTotal = (NewTotal + @qty_to_add) " & _
"WHERE ProductNoID = @prod_id"

Dim myCommand02 As New SqlCommand(strSQL02, objConn02)
myCommand02.Parameters.AddWithValue("@qty_to_add", QtyToAddBack)
myCommand02.Parameters.AddWithValue("@prod_id", ItemNumber)

You should also look into separating your SQL code from your VB code, preferably in the form of stored procedures but possibly with a separate class of SQL strings. For best results, the SQL strings should be constants.
Post #1471221
Posted Monday, July 08, 2013 9:00 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 3:31 PM
Points: 11,949, Visits: 10,982
Honestly I think you are doing this the hard way. You should not store the total of your cart, you should instead calculate it based on the items in your cart. Then all you need to store is a CartID, ItemNumber, Quantity, Price. The total is the sum of Quantity * Price. Your code becomes a lot simpler and so does your data. Now all you have to do is add/remove items from the cart and rebind your display.

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Moden's splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
Post #1471242
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse