Im working on a project. Our system is Hotel Reservation. In VB it says that it added in my database
but then when I check my database there is none.
What is the problem
btw Here's the code:
Public Class RegistrationForm
Private Sub btnNext_Click(sender As Object, e As EventArgs) Handles btnNext.Click
qry = "INSERT INTO tblGuest(GuestName, Gender, Address)VALUES('" &
txtName.Text & "','" &
txtGender.Text & "','" &
txtAddress.Text & "');"
cmd = New OleDb.OleDbCommand(qry, con)
dr = cmd.ExecuteReader()
MsgBox("Succesfully added in database")
RoomInfoForm.Show()
End Sub
Private Sub RegistrationForm_Load(sender As Object, e As EventArgs) Handles MyBase.Load
koneksyon()
End Sub
End Class
Just because your MsgBox fires doesn't mean the query did what you expect.
This is more like what you want to do:
Private Sub btnNext_Click(sender As Object, e As EventArgs) Handles btnNext.Click
'parameterize the query to avoid SQL injection attacks which is the #1 code vulnerability on OWASP Top 10
Dim qry As String = "INSERT INTO tblGuest(GuestName, Gender, Address)VALUES(?, ?, ?);"
'Put disposable resources within Using blocks
Using con As New OleDb.OleDbConnection()
Using cmd As New OleDb.OleDbCommand(qry, con)
'Create the parameters.
Dim paramName As New OleDb.OleDbParameter("@p1", OleDb.OleDbType.VarChar)
paramName.Value = txtName.Text 'you should null check and validate all these textbox values
Dim paramGender As New OleDb.OleDbParameter("@p2", OleDb.OleDbType.VarChar)
paramGender.Value = txtGender.Text
Dim paramAddress As New OleDb.OleDbParameter("@p3", OleDb.OleDbType.VarChar)
paramAddress.Value = txtAddress.Text
'Assign the parameters to the command
cmd.Parameters.Add(paramName)
cmd.Parameters.Add(paramGender)
cmd.Parameters.Add(paramAddress)
'you are not returning a result set from the command, so ExecuteNonQuery
cmd.ExecuteNonQuery()
End Using
End Using
MsgBox("Succesfully added in database")
RoomInfoForm.Show()
End Sub
