Problem with ++ string operator in VB.NET
command3 = New Data.SqlClient.SqlCommand("UPDATE Products SET Stock=" + numU + " Where ProductName='" + proName + "'", connection3)
At the code snippet above, numU is integer and when i execute it in insert at sql server as a double so it throws me an error and says me that its a double and you try to put in integer ...
Why this happens? how can avoid this error?
I ahve visual studio 2005 and when i put my cursor on numU says Dim numU as integer and when i put the cursor to + it says me double...
Software/Hardware used:
Software/Hardware used:
ASKED:
June 5, 2009 9:19 AM
UPDATED:
December 15, 2010 11:11 PM
Answer Wiki:
We didn't get an answer to the details request, but for anyone having similar problems, the recommendation would be: "For security reasons DO NOT construct your SQL statements dinamically unless it is strictly necessary".
You should parameterize the statements instead.
Something like this:
<pre>
command3 = New Data.SqlClient.SqlCommand("UPDATE Products SET Stock = :psTock WHERE ProductName = :pProductName", connection3)
command3.Parameters.AddWithValue("psTock",numU)
command3.Parameters.AddWithValue("pProductName",proName)
command3.ExecuteNonQuery()
</pre>
To see all answers submitted to the Answer Wiki: View Answer History.
I would put the constructed update statement in a string variable, and display it before adding it to the sqlCommand, to see how it looks.
Have you tried executing the command with a fixed number ? (for example “UPDATE Products SET Stock= 100 Where ProductName=’” + proName + “‘”)
Could you post the exact error message ?