Results 1 to 2 of 2

Thread: Debug Error

  1. #1
    Join Date
    Jul 2006

    Unanswered: Debug Error

    Hi guys: Can any one please help me out in this error? Thanks
    Error 1 Operator '&' is not defined for types 'String' and 'System.Windows.Forms.TextBox'. C:\Users\kathy\AppData\Local\Temporary Projects\WindowsApplication1\Form1.vb 20 20 WindowsApplication1

    Imports System.Data.OleDb
    Public Class Form1
    Public connection As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\kathy\Desktop\generalledger.accdb"
    Public conn As New OleDbConnection

    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    conn.ConnectionString = connection
    If conn.State = ConnectionState.Closed Then

    End If

    End Sub

    Private Sub BtnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BtnAdd.Click
    Dim sqlQuery As String
    sqlQuery = "insert into voucher(VoucherName, Account_Code, Amount) values ('" & TxtVoucher & "', " & TxtAmount & ", '" & TxtAccount & "')"
    Dim sqlcommand As New OleDbCommand
    With sqlcommand
    .CommandText = sqlQuery
    .Connection = conn
    End With

    End Sub
    End Class

  2. #2
    Join Date
    Feb 2004
    In front of the computer
    Provided Answers: 54
    This code is vulnerable to SQL Injection. You need to fix that before you worry about the syntax errors!

    The Textbox is the whole object. VB can't concatenate a string and an object. You probably want to reference the .text attribute of the Textbox object/control to resolve the concatenation problem after you fix the SQL Injection problems.

    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts