How to save when richtextbox1 typing content into my accessa database VB.NET

Question

0.00/5 (No votes)

See more:

HI,

i have successfully connected ms access database it working fine but

1. when edit & save something in richtextbox1 it's says Update done but when i go to Ms access database which is not saved (what i am edit or typed)

What I have tried:

Provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="
        dataFile = "F:\Praise\Praise\bin\Debug\Database.accdb"
        connString = Provider & dataFile
        myConnection.ConnectionString = connString
        myConnection.Open()
        Dim str As String
        str = "Update [SONGS] set [SONG_ETITLE] = '" & TextBox2.Text & "',[SONG_TTITLE] = '" & TextBox3.Text & "',[SONG_SONGS1] ='" & RichTextBox1.Text & "',[SONG_SONGL2]='" & RichTextBox1.Text & "' Where [CODE]=" & TextBox1.Text & ""
        Dim cmd As OleDbCommand = New OleDbCommand(str, myConnection)


        Try

            cmd.ExecuteNonQuery()
            cmd.Dispose()
            myConnection.Close()
            MessageBox.Show("Update Done")
            TextBox1.Enabled = False
            TextBox2.Enabled = False
            TextBox3.Enabled = False
            RichTextBox1.Enabled = False

        Catch ex As Exception


        End Try
    End Sub

Posted 27-Dec-19 5:54am

Member 14621280

Updated 8-Jan-20 3:10am

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2019-12-27T06:01:00

Solution 1

Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

SQL

DROP TABLE MyTable;

A perfectly valid "delete the table" command

SQL

--'

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And don't "swallow" exceptions - you throw away not only any sign that something went wrong, but all the information that you need to fix it. Display it, log it, whatever - but just swallowing it as if it didn't matter is a very poor idea.

Once you've fixed all that throughout your whole application - and miss one and somebody will find it and delete your DB - and you may find your problem is gone as well.

Posted 27-Dec-19 6:01am

OriginalGriff

Comments

Member 14621280 27-Dec-19 12:26pm

I am very new to Vb.net can u suggest me along with code?

Member 14621280 27-Dec-19 12:26pm

Because i can't understand what you are said

OriginalGriff 27-Dec-19 12:36pm

"Concatenating strings" is the "proper" term for "adding strings together to make a bigger string" and it's very, very dangerous when you start talking to databases because you hand complete control of your DB to the user. He can do anything he likes just by typing into your text boxes because the string concatenation you use lets him. And everybody who knows anything about databases knows that - to the point where the first UK census that you could submit online got complaints because it was written properly and wasn't susceptible to SQL Injection, and it was felt that government programmers shouldn't know about that stuff! Parameterised queries prevent that:

                Using con As New SqlConnection(strConnect)
                	con.Open()
                	Using com As New SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES (@C1, @C2)", con)
                		com.Parameters.AddWithValue("@C1", myValueForColumn1)
                		com.Parameters.AddWithValue("@C2", myValueForColumn2)
                		com.ExecuteNonQuery()
                	End Using
                End Using

Member 14621280 7-Jan-20 1:27am

Using con As New SqlConnection(strConnect)
con.Open()
Using com As New SqlCommand("INSERT INTO SONGS (SONG_ETITLE, SONG_TITLE) VALUES (@SONG_SONGS1, @SONG_SONGS2)", con)
com.Parameters.AddWithValue("@SONG_SONGS1", RichTextBox1.Text)
com.Parameters.AddWithValue("@SONG_SONGS2", RicTextBox1.Text)
com.ExecuteNonQuery()
End Using

Is this correct?

OriginalGriff 7-Jan-20 2:20am

Two things:
1) Why are you inserting the same text twice? (Assuming "RicTextBox1.Text" is a mistype of "RichTextBox1.Text".)
2) Stop using all uppercase: use CamelCase for your fields and tables, and don;t prefix your fields with the table name (you may need to do that for real later, and then you end up with SONGS.SONG_TITLE which starts to get silly and very redundant).

INSERT INTO Songs (ETitle, Title) VALUES (@ETITLE, @TITLE)

Member 14621280 7-Jan-20 2:31am

Actually i have two different column like Title1 and Title2 (SONGS_ETITLE and SONGS_TTITLE in Ms access database column) and i have in SONG_SONGS1 and SONG_SONGS2 which is longtext ....

1. Already i have a text in Richtextbox1 so i want edit some misspelling or correction...like Titles and Long text...
2. so i try to update this but i am unable to do.

OriginalGriff 7-Jan-20 2:40am

Why are you saving the same data twice? Never store redundant info - if the ETITLE and TITLE fields are fed data from the same source, you are duplicating info and that always a bad idea!

Member 14621280 7-Jan-20 2:35am

Using con As New SqlConnection(strConnect)
con.Open()
Using com As New SqlCommand("INSERT INTO SONGS (SONG_ETITLE, SONG_TITLE) VALUES (@ETITLE, @TTITLE)", con)
com.Parameters.AddWithValue("@SONG_SONGS1", RichTextBox1.Text)
com.ExecuteNonQuery()
End Using

Hope this is coreect

OriginalGriff 7-Jan-20 2:55am

Stop guessing, and start thinking!
Come on, this isn't difficult ... but you are just throwing stuff together and hoping it will work, and that isn't a viable development strategy.

Member 14621280 7-Jan-20 9:26am

Imports System.Data.OleDb

Public Class SongsList
Dim Provider As String
Dim dataFile As String
Dim ds As New DataSet
Dim da As New OleDb.OleDbDataAdapter
Dim Sql As String
Dim Path As String
Dim connString As String
Dim con As New OleDbConnection

Dim myConnection As OleDbConnection = New OleDbConnection

Private Property cmd As OleDbCommand

Private Sub SongsList_Load(sender As Object, e As EventArgs) Handles MyBase.Load
con.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=F:\Praise\Praise\bin\Debug\Database.accdb"
'TODO: This line of code loads data into the 'DatabaseDataSet.SONGS' table. You can move, or remove it, as needed.

Me.SONGSTableAdapter.Fill(Me.DatabaseDataSet.SONGS)
Me.KeyPreview = True
Me.DataGridView1.Refresh()

End Sub

Private Sub TextBox4_TextChanged(sender As Object, e As EventArgs) Handles TextBox4.TextChanged
con.Open()
Dim dt As New DataTable
Dim ds As New DataSet
ds.Tables.Add(dt)
Dim da As New OleDbDataAdapter
da = New OleDbDataAdapter("Select * from SONGS where CODE like ?", con)
da.SelectCommand.Parameters.AddWithValue("Code", "%" & TextBox4.Text & "%")
da.Fill(dt)

DataGridView1.DataSource = dt.DefaultView

con.Close()
End Sub

Private Sub TextBox5_TextChanged(sender As Object, e As EventArgs) Handles TextBox5.TextChanged
con.Open()
Dim dt As New DataTable
Dim ds As New DataSet
ds.Tables.Add(dt)
Dim da As New OleDbDataAdapter
da = New OleDbDataAdapter("Select * from SONGS where SONG_ETITLE like ?", con)
da.SelectCommand.Parameters.AddWithValue("Code", "%" & TextBox5.Text & "%")
da.Fill(dt)

DataGridView1.DataSource = dt.DefaultView

con.Close()
End Sub

Private Sub TextBox6_TextChanged(sender As Object, e As EventArgs) Handles TextBox6.TextChanged
con.Open()
Dim dt As New DataTable
Dim ds As New DataSet
ds.Tables.Add(dt)
Dim da As New OleDbDataAdapter
da = New OleDbDataAdapter("Select * from SONGS where SONG_TTITLE like ?", con)
da.SelectCommand.Parameters.AddWithValue("Code", "%" & TextBox6.Text & "%")
da.Fill(dt)

DataGridView1.DataSource = dt.DefaultView

con.Close()
End Sub

Private Sub Button10_Click(sender As Object, e As EventArgs) Handles Button10.Click
SONGSBindingSource.MovePrevious()

End Sub

Private Sub Button12_Click(sender As Object, e As EventArgs) Handles Button12.Click
SONGSBindingSource.MoveNext()

End Sub

Private Sub Button11_Click(sender As Object, e As EventArgs) Handles Button11.Click
SONGSBindingSource.MoveFirst()
End Sub

Private Sub Button13_Click(sender As Object, e As EventArgs) Handles Button13.Click
SONGSBindingSource.MoveLast()

End Sub

Private Sub DataGridView1_CellContentDoubleClick(sender As Object, e As DataGridViewCellEventArgs) Handles DataGridView1.CellContentDoubleClick
Dim form As New SongsShow
Form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(0).Value.ToString()
form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(1).Value.ToString()
form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(2).Value.ToString()
form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(3).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(0).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(1).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(2).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(3).Value.ToString()
form.RichTextBox3.Text = DataGridView1.CurrentRow.Cells(4).Value.ToString()

Me.Update()
Refresh()
form.Sh

OriginalGriff 7-Jan-20 9:55am

:sigh:
Look at that code. Please, look at it.
What do you think this does?
Form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(0).Value.ToString()
form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(1).Value.ToString()
form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(2).Value.ToString()
form.RichTextBox1.Text = DataGridView1.CurrentRow.Cells(3).Value.ToString()
Or this?
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(0).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(1).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(2).Value.ToString()
form.RichTextBox2.Text = DataGridView1.CurrentRow.Cells(3).Value.ToString()

And that's ignoring what the rest of it does ... You do know that you can filter a view instead of going back to the database each time? And that it's a whole load quicker?

Seriously, you need to stop guessing what you are doing - and stop using VS default names for everything! You may remember that "TextBox8" is the mobile number today, but when you have to modify it in three weeks time, will you then? Use descriptive names - "tbMobileNo" for example - and your code becomes easier to read, more self documenting, easier to maintain - and surprisingly quicker to code because Intellisense can get to to "tbMobile" in three keystrokes, where "TextBox8" takes thinking about and 8 keystrokes...

And your UI ... at least 12 Buttons? 6 text boxes? Your UI - and remember I can't see it - sounds like a total mess already. When did you see a UI like that on a "real app"?

Member 14621280 7-Jan-20 10:12am

Actually this is church songs software... and Richtextbox1 will show one lanugange ie Tamil and Richtextbox2 will show one language ie English

and Especially everything it was perfect but when re-edit or update i am unable to.... and in future ill not use VS default names.. thanks

Member 14621280 7-Jan-20 14:24pm

Private Sub btnUpdate_Click(sender As Object, e As EventArgs) Handles btnUpdate.Click
pro = Provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=F:\Praise\Praise\bin\Debug\Database.accdb"
connString = pro
myConnection.ConnectionString = connString
myConnection.Open()
command = "Update SONGS set [SONG_ETITLE]='" & TextBox2.Text & "',[SONG_TTITLE]='" & TextBox2.Text & "',[SONG_SONGS1]='" & RichTextBox1.Text & "' where [CODE]=" & TextBox1.Text & ""
Dim cmd As OleDbCommand = New OleDbCommand(command, myConnection)
MsgBox("Update Success")
Try
cmd.ExecuteNonQuery()
cmd.Dispose()
myConnection.Close()
TextBox1.Enabled = False
TextBox2.Enabled = False
TextBox3.Enabled = False
RichTextBox1.Enabled = False

Catch ex As Exception
MsgBox(ex.Message)

End Try
End Sub

I have try this but no use....

Additional Error says: The connectionstring property has not been initialized

Patrice T · Answer 2 · 2019-12-27T07:07:00

VB

str = "Update [SONGS] set [SONG_ETITLE] = '" & TextBox2.Text & "',[SONG_TTITLE] = '" & TextBox3.Text & "',[SONG_SONGS1] ='" & RichTextBox1.Text & "',[SONG_SONGL2]='" & RichTextBox1.Text & "' Where [CODE]=" & TextBox1.Text & ""

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]