-3

I try to insert data to my table but the problem is that give me an error in the clause Return Cmd.ExecuteReader:

Open the quotes after the character string ')'

here the code I have in My file MyModule.VB . Public Module MyModule1

Public ServerName As String = "MIRA"
Public dataBaseName As String = "BaseDB"




Public Cn As New SqlConnection("server=" & ServerName & "; initial catalog=" & dataBaseName & " ; integrated security= true")
Public Cmd As New SqlCommand
Public Dr As SqlDataReader


Public Sub OpenCn()
    If Cn.State <> ConnectionState.Open Then
        Cn.Open()

    End If
End Sub


Public Sub CloseCn()
    If Cn.State = ConnectionState.Open Then
        Cn.Close()

    End If
End Sub
'Type r = select w insert updaate delete
Public Function ExecSQL(ByVal sql As String, Optional ByVal type As String = "r")
    OpenCn()
    Cmd.CommandType = CommandType.Text
    Cmd.CommandText = sql
    Cmd.Connection = Cn
    If type = "r" Then
        Return Cmd.ExecuteReader

    Else
        Return Cmd.ExecuteNonQuery

    End If
    CloseCn()

End Function
Public Function AddDB(ByVal natureD As String, ByVal codeP As String, ByVal exigence As String, ByVal nomE As String, ByVal Dt As String, ByVal equipe As String, ByVal Dat1 As String, ByVal Suivi As String)
 Return ExecSQL("insert into DossierB values('" & natureD & "', '" & codeP & "', '" & exigence & "', '" & nomE & "', '" & Dt & "', '" & equipe & "', '" & Dat1 & "', '" & Suivi & "' )")

End Function
End Sub

HERE THE CODE OF AjoutDB.aspx.vb

Public Class AjoutDB
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

End Sub

Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

    Dim natureD = Request.Form("DropDownList1")


    Dim codeP = Request.Form("TextBox2")
    Dim exigence = Request.Form("TextBox5")
    Dim nomE = Request.Form("TextBox4")
     Dim dt = Request.Form("TextBox8")
    Dim equipe = Request.Form("TextBox6")
    Dim Dat1 = Request.Form("TextBox9")
    Dim Suivi = Request.Form("TextBox7")
    AddDB(natureD, codeP, exigence, nomE, dt, equipe, Dat1, Suivi)
    MsgBox("données inserees")
End Sub

End Class THANKS A LOT

Pரதீப்
  • 91,748
  • 19
  • 131
  • 172
mira
  • 3
  • 2
  • 1
    No! No! No! Do _not_ build your query with string concatenation (and don't build your connection string that way either)! – JLRishe Jan 22 '15 at 15:45
  • This code has a huge security vulnerability. An attacker would have full reign on your system. – woz Jan 22 '15 at 15:46
  • Try to post the error in **English** here after – Pரதீப் Jan 22 '15 at 15:46
  • possible duplicate of [incorrect syntax near '' unclosed quotation mark after the character string ')'](http://stackoverflow.com/questions/28084206/incorrect-syntax-near-unclosed-quotation-mark-after-the-character-string) – JLRishe Jan 22 '15 at 15:46
  • @woz It's not just a security vulnerability. It's also most definitely the cause of this error. – JLRishe Jan 22 '15 at 15:48
  • how can I resolve this problem I'm a biginner and I can't understand your answers thank you another time – mira Jan 22 '15 at 15:54
  • @mira Please read this: http://stackoverflow.com/questions/542510/how-do-i-create-a-parameterized-sql-query-why-should-i – JLRishe Jan 22 '15 at 19:54
  • Thank u very much men it was very helpful for me thank u very much I learned a lot thank u thank u – mira Jan 23 '15 at 15:48

1 Answers1

0

You need to parameterize your query. That doesn't directly answer your question, but until you paramterize your queries, there's no end to the errors you might see.

As it is, your database is easily manipulated by an attacker. In fact, the security of your entire machine could be in jeopardy.

Here's a basic explanation and an example of parameterization: https://stackoverflow.com/a/7505842/1415038

Community
  • 1
  • 1
woz
  • 10,888
  • 3
  • 34
  • 64
  • Please mark this question as a duplicate. It has been asked thousands of times on SO and doesn't need a new answer every time. – JLRishe Jan 22 '15 at 15:52
  • first of all thank u very much for your answer but Icant understand how to resolve thiis problem any help please – mira Jan 22 '15 at 15:56