Search code examples
mysqlvb.netexcelimport-from-excel

Problem with importing certain strings from excel sheet into mysql

I am working on part of a application that needs to import data from a excel sheet into a mysql database table. The code works fine until it gets to a record in the excel sheet where one of the string values gets assigned "ABCDE All'John D Doe 999 West Lame Blvd Cullman, AL 35055". I am not certain but I believe that it has to do completely with the "'" that appears there. Which that can not change and other records from the excelsheet could contain the " ' " as well... When it gets to this record it throws this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'John D Doe','ABCDE','All'John','D','Doe','256-555-5555',' ','256-555-5555' at line 1

the code that i have around this problems is as follows:

        Private Function PerFormUpdate(ByVal customer As String, ByVal bill_to As String, ByVal Contact As String, ByVal Company As String, ByVal firstName As String, ByVal mi As String, ByVal lastname As String, ByVal phone As String, ByVal altPhone As String, ByVal fax As String)
        Dim _db As New schoolEntities

        Dim command As MySqlCommand = _dbconn.CreateCommand()
        command.CommandText = "SELECT * FROM quickbooks_imports WHERE Customer= "" &  _customer& "" & Bill_to= "" & _bill_to& "" & Contact= "" & _Company& ""& First_Name= "" & _firstName& "" & M_I= "" & _mi& "" & Last_Name= "" & _lastname& "" & Phone= "" & _phone& "" & Alt_Phone= "" & _altPhone& "" & Fax= "" & _Fax& """
        _dbconn.Open()

        Dim _mysqlReader As MySqlDataReader = command.ExecuteReader()
        _dbconn.Close()

        If Not _mysqlReader.HasRows Then
            Dim _UpdateItem As New quickbooks_imports
            Dim updateCommand As MySqlCommand = _dbconn.CreateCommand()

            _UpdateItem.Customer = customer
            _UpdateItem.Bill_to = bill_to
            _UpdateItem.Contact = Contact
            _UpdateItem.Company = Company
            _UpdateItem.First_Name = firstName
            _UpdateItem.M_I = mi
            _UpdateItem.Last_Name = lastname
            _UpdateItem.Phone = phone
            _UpdateItem.Alt_Phone = altPhone
            _UpdateItem.Fax = fax

            updateCommand.CommandText = "INSERT INTO quickbooks_imports(Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') "
            _dbconn.Open()
            updateCommand.ExecuteNonQuery()

            _db.SaveChanges()

The Error shows up on the ExecuteNonQuery to perform the update..

Any help would be greatly appreciated...

As per your response I switched to the params and this is the new code:

            updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ? )"
            updateCommand.Parameters.AddWithValue("Customer", _UpdateItem.Customer)
            updateCommand.Parameters.AddWithValue("Bill_to", _UpdateItem.Bill_to)
            updateCommand.Parameters.AddWithValue("Contact", _UpdateItem.Contact)
            updateCommand.Parameters.AddWithValue("Company", _UpdateItem.Company)
            updateCommand.Parameters.AddWithValue("First_Name", _UpdateItem.First_Name)
            updateCommand.Parameters.AddWithValue("M_I", _UpdateItem.M_I)
            updateCommand.Parameters.AddWithValue("Last_Name", _UpdateItem.Last_Name)
            updateCommand.Parameters.AddWithValue("Phone", _UpdateItem.Phone)
            updateCommand.Parameters.AddWithValue("Alt_Phone", _UpdateItem.Alt_Phone)
            updateCommand.Parameters.AddWithValue("Fax", _UpdateItem.Fax)

how ever its throwing a fatal exception now...

I just tried using name parameters as you mentioned in your reply and the code is as follows:

            Private Function PerFormUpdate(ByVal customer As String, ByVal bill_to As String, ByVal Contact As String, ByVal Company As String, ByVal firstName As String, ByVal mi As String, ByVal lastname As String, ByVal phone As String, ByVal altPhone As String, ByVal fax As String)
        Dim _db As New schoolEntities

        Dim command As MySqlCommand = _dbconn.CreateCommand()
        command.CommandText = "SELECT * FROM quickbooks_imports WHERE Customer= "" & _customer& "" & Bill_to= "" & _bill_to& "" & Contact= "" & _Company& ""& First_Name= "" & _firstName& "" & M_I= "" & _mi& "" & Last_Name= "" & _lastname& "" & Phone= "" & _phone& "" & Alt_Phone= "" & _altPhone& "" & Fax= "" & _Fax& """
        _dbconn.Open()

        Dim _mysqlReader As MySqlDataReader = command.ExecuteReader()
        _dbconn.Close()

        If Not _mysqlReader.HasRows Then
            Dim _UpdateItem As New quickbooks_imports
            Dim updateCommand As MySqlCommand = _dbconn.CreateCommand()

            _UpdateItem.Customer = customer
            _UpdateItem.Bill_to = bill_to
            _UpdateItem.Contact = Contact
            _UpdateItem.Company = Company
            _UpdateItem.First_Name = firstName
            _UpdateItem.M_I = mi
            _UpdateItem.Last_Name = lastname
            _UpdateItem.Phone = phone
            _UpdateItem.Alt_Phone = altPhone
            _UpdateItem.Fax = fax

            updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
            updateCommand.Parameters.AddWithValue("@Customer", _UpdateItem.Customer)
            updateCommand.Parameters.AddWithValue("@Bill_to", _UpdateItem.Bill_to)
            updateCommand.Parameters.AddWithValue("@Contact", _UpdateItem.Contact)
            updateCommand.Parameters.AddWithValue("@Company", _UpdateItem.Company)
            updateCommand.Parameters.AddWithValue("@First_Name", _UpdateItem.First_Name)
            updateCommand.Parameters.AddWithValue("@M_I", _UpdateItem.M_I)
            updateCommand.Parameters.AddWithValue("@Last_Name", _UpdateItem.Last_Name)
            updateCommand.Parameters.AddWithValue("@Phone", _UpdateItem.Phone)
            updateCommand.Parameters.AddWithValue("@Alt_Phone", _UpdateItem.Alt_Phone)
            updateCommand.Parameters.AddWithValue("@Fax", _UpdateItem.Fax)



            'updateCommand.CommandText = "INSERT INTO EXCEL (id,Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.id & "','" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') ON DUPLICATE KEY UPDATE Customer= '" & _UpdateItem.Customer & "' Bill_to= '" & _UpdateItem.Bill_to & "' Contact= '" & _UpdateItem.Contact & "' Company= '" & _UpdateItem.Company & "' First_Name= '" & _UpdateItem.First_Name & "' M_I= '" & _UpdateItem.M_I & "' Last_Name= '" & _UpdateItem.Last_Name & "' Phone= '" & _UpdateItem.Phone & "' Alt_Phone= '" & _UpdateItem.Alt_Phone & "' Fax= '" & _UpdateItem.Fax & "'"
            'updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') "
            _dbconn.Open()
            updateCommand.ExecuteNonQuery()

            _db.SaveChanges()

and I am still getting the fatal exception on the updateCommand.ExecuteNonQuery()

Fatal error encountered during command execution.

InnerException Message: "Parameter '?' must be defined."

Solution

  • You need to use parameters which will properly escape your strings for database execution.

    Refer to this link. http://www.devart.com/dotconnect/mysql/docs/Parameters.html

    Edit: Try using named parameters instead:

    updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ("@Customer", "@Bill_to", "@Contact", "@Company", "@First_Name", "@M_I", "@Last_Name", "@Phone", "@Alt_Phone", "@Fax")"
updateCommand.Parameters.AddWithValue("@Customer", _UpdateItem.Customer)
updateCommand.Parameters.AddWithValue("@Bill_to", _UpdateItem.Bill_to)
updateCommand.Parameters.AddWithValue("@Contact", _UpdateItem.Contact)
updateCommand.Parameters.AddWithValue("@Company", _UpdateItem.Company)
updateCommand.Parameters.AddWithValue("@First_Name", _UpdateItem.First_Name)
updateCommand.Parameters.AddWithValue("@M_I", _UpdateItem.M_I)
updateCommand.Parameters.AddWithValue("@Last_Name", _UpdateItem.Last_Name)
updateCommand.Parameters.AddWithValue("@Phone", _UpdateItem.Phone)
updateCommand.Parameters.AddWithValue("@Alt_Phone", _UpdateItem.Alt_Phone)
updateCommand.Parameters.AddWithValue("@Fax", _UpdateItem.Fax)