Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / VB.NET / July 2007

Tip: Looking for answers? Try searching our database.

ExecuteNonQuery

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Tony M - 21 Jul 2007 19:36 GMT
Shouldn't the ExecuteNonQuery be TRUE if it finds a record and FALSE is not?
I get FALSE all the time and I seeded the database with the email address.
I just want to check if record exist before moving on.
If this doesn't work I guess I could load a datatable and check to see if
rows > 0.

Dim cnString As OleDbConnection

cnString = New OleDbConnection("Provider=MicroSoft.Jet.OLEDB.4.0; Data
source = " & Server.MapPath("Someplace.mdb"))

Dim CheckCus As New OleDbCommand("SELECT * from Cus where EMailAddress =" &
QM & Trim(txtEMail.Text) & QM, cnString)

CheckCus.Connection.Open()

If CheckCus.ExecuteNonQuery() Then
   txtFirstName.Text = "Yes"
Else
   txtFirstName.Text = "No " & Now
End If

CheckCus.Connection.Close()

Thanks
Tony
Reply to this Message
Scott M. - 21 Jul 2007 19:59 GMT
A SELECT statement is a query.  You don't use ExecuteNonQuery when you are,
in fact, querying the database.  Since your query *can* return results, you
need to use the ExecuteReader method of your command, which returns a
DataReader object that you then use to look at the query results.

Try this:

Try
   Dim con As New OleDbConnection("Provider=MicroSoft.Jet.OLEDB.4.0; Data
Source = " & Server.MapPath("Someplace.mdb"))
   Dim cmd As New OleDbCommand("SELECT * from Cus where EMailAddress =" &
QM & Trim(txtEMail.Text) & QM, cnString)
   con.Open()

   Dim dr As Oledb.OledbDataReader = cmd.ExecuteReader()

   If dr.HasRows Then
      txtFirstName.Text = "Yes"
   Else
      txtFirstName.Text = "No " & Now
   End If

Catch ex As Oledb.OledbException
   'Database exceptions handled here
Catch ex As Exception
   'All other exceptions handled here
Finally
   dr.Close()
   con.Close()
   con.Dispose()
End Try

> Shouldn't the ExecuteNonQuery be TRUE if it finds a record and FALSE is
> not?
[quoted text clipped - 23 lines]
> Thanks
> Tony
Reply to this Message
Tony M - 25 Jul 2007 05:32 GMT
Thanks to all.
seems like allot of work just to see if a record exist, but it works.

Thanks again

>A SELECT statement is a query.  You don't use ExecuteNonQuery when you are,
>in fact, querying the database.  Since your query *can* return results, you
[quoted text clipped - 56 lines]
>> Thanks
>> Tony
Reply to this Message
Scott M. - 25 Jul 2007 17:03 GMT
Just remember Tony, that connecting to a database and querying it is one of
the most common things programmers do and it's one of the most common things
programmers do incorrectly or incompletely.

Putting your code inside of a Try...Catch and remembering to dispose of the
connection are essential to building robust database applications.

-Scott

> Thanks to all.
> seems like allot of work just to see if a record exist, but it works.
[quoted text clipped - 62 lines]
>>> Thanks
>>> Tony
Reply to this Message
Göran Andersson - 21 Jul 2007 20:11 GMT
> Shouldn't the ExecuteNonQuery be TRUE if it finds a record and FALSE is not?
> I get FALSE all the time and I seeded the database with the email address.
[quoted text clipped - 22 lines]
> Thanks
> Tony

The method doesn't return a boolean at all, it returns an integer. If
you would have use Option Strict the compiler would have told you that.

The return value is the number of affected records. As a select query
never changes any records, your call will always return zero.

Signature

Göran Andersson
_____
http://www.guffa.com

Reply to this Message
Spam Catcher - 25 Jul 2007 07:37 GMT
> Dim CheckCus As New OleDbCommand("SELECT * from Cus where EMailAddress
> =" & QM & Trim(txtEMail.Text) & QM, cnString)

You should always use SQL Parameters for your queries. Otherwise you can be
the victim of a SQL injection attack.
Reply to this Message
Johnny Jörgensen - 25 Jul 2007 08:01 GMT
Gotta ask...

What the heck is a "SQL injection attack"?

Cheers,
Johnny J.

>> Dim CheckCus As New OleDbCommand("SELECT * from Cus where EMailAddress
>> =" & QM & Trim(txtEMail.Text) & QM, cnString)
>
> You should always use SQL Parameters for your queries. Otherwise you can
> be
> the victim of a SQL injection attack.
Reply to this Message
Spam Catcher - 25 Jul 2007 15:27 GMT
> Gotta ask...
>
> What the heck is a "SQL injection attack"?

http://en.wikipedia.org/wiki/SQL_injection

There are .NET examples in the wikipedia article.
Reply to this Message
Scott M. - 25 Jul 2007 17:04 GMT
It's when the user passes data (injects) that would cause SQL to throw an
exception and possibly reveal information about your database, table, fields
away for more detailed attacks.  Simply passing a single quote can do it.

> Gotta ask...
>
[quoted text clipped - 9 lines]
>> be
>> the victim of a SQL injection attack.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.