SQL = "Insert into order_item(Sales_Order_No," & _
"number," & _
"pattern," & _
"repair," & _
"quotaction_no)values('" & Me.txtorderno.Text & "','" & tyresize & "' , '" & rate & "' , '" & pattern & "', '" & Me.txtqutno.Text & "')"
Above sql statement means that you want to to add string data. I suspect that
Sales_Order_No
and
number
fields are numeric fields. Remove single quotes around these data and try again.
As Dave mentioned, your sql code is
sql injection[
^] vulnerable. So you have to change your code to use parametrized queries.
SQL = "Insert into order_item(Sales_Order_No, [number], pattern, repair, quotaction_no)" & _
"values(?, ?, ?, ?, ?)"
Do not use
number
as a field name! It's
reserved word[
^]. To workaround this, i added
[]
brackets.
Now, you have to create
OleDbCommand[
^] with
parameters[
^].
Dim command As New OleDbCommand(queryString, connection)
command.CommandText = SQL;
command.Parameters.Add("@p1", OleDbType.Integer).Value = CInt(Me.txtorderno.Text)
command.Parameters.Add("@p2", OleDbType.Integer).Value = tyresize
command.Parameters.Add("@p3", OleDbType.Char).Value = rate
Note: the order in which you add parameters is very important!
See:
OleDbParameter Constructor (String, OleDbType)[
^]