Click here to Skip to main content
15,889,281 members
Search within:


Help, borrowing system
Please Sign up or sign in to vote.
0.00/5 (No votes)
hi guys im a newb in programming pls bear with me
i have a borrowing system, i have a list of items. how do i return the item after borrowing it??

im using vb 2015 with sql 2008 as its database

urgently needs your help. thanks guys

What I have tried:

VB
With cmd
            .Connection = ProjectConnect
            .CommandText = "UPDATE tblItems SET Quantity = @quan + 1  WHERE ItemID = " & txtID.Text
            .Parameters.AddWithValue("@quan", txtQuan.Text)
            .ExecuteNonQuery()
End With

tried doing this but its not enough, i need the whole record to be deleted in the gridview
Posted
Updated 7-Mar-18 1:15am
v2
Add a Solution
Comments
Richard MacCutchan 7-Mar-18 5:54am    
You need to use the DELETE command.
Member 13713259 7-Mar-18 6:03am    
how do i increment the quantity if im gonna use delete??
Richard MacCutchan 7-Mar-18 6:12am    
Well what are you trying to do: UPDATE the record or DELETE it?
Member 13713259 7-Mar-18 6:15am    
i want the record in gridview to be gone after hitting the return item, but instead it stays there. how do i do it?

2 solutions

For starters, not like that. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you? And I know you know what parameters are, because you are using them for the quantity.

But even then, that's odd code.Whey are you setting the quantity (presumably the number in stock) to the number of items plus one? If he borrows one item of the ten you have in stock, and returns it then the instock count will be 2 - what happens to the other items?
Possibly what yo need to do is
SQL
... SET Quantity = Quantity + @quan WHERE ...
 
Share this answer
 
Posted
Comments
Member 13713259 7-Mar-18 7:03am    
i did what u suggested, but it multiplies the quantity. what i wanted to do is increment the quantity everytime i return and decrement everyime i borrow. i also want to know how do i code the borrow and return. i cant seem to do it. thanks
OriginalGriff 7-Mar-18 8:13am    
... SET Quantity = Quantity + 1 WHERE ...
VB
.CommandText = "UPDATE tblItems SET Quantity = @quan + 1 WHERE ItemID = " & txtID.Text

Why are you mixing parameters and concatenation?
It is dangerous.

Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
 
Share this answer
 
Posted
Comments
Member 13713259 7-Mar-18 7:22am    
thank you kind sir
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How do I make the quantity in an allbooks table reduce when a user borrows a book?
Problems in CCTV system
Need help with an outdated code - opensource timing system
Help systems
need help in making correct OOP structure of library system in c#
How do I create an intranet web page that controls booking in and out of borrowed tools
Payroll system - Plz help
Make a working login system for this piece of library management system in Python
C# microsip process access to system micro
Student book loan library system

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Mar 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900