Stupid Romeo Stupid Romeo - 8 months ago 43 Question

Data from input box not inserting in to database

I made this form to insert information in database. I don't know where the error coming from. It's not inserting information from input fields to database.

Here's my code:

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim id, name, description, code, cat_industry, cat_theme, cat_occasion, cat_budget As String
id = product_id.Text
name = product_name.Text
description = product_description.Text
code = item_code.Text
cat_industry = industry.SelectedValue
cat_theme = theme.SelectedValue
cat_occasion = occasion.SelectedValue
cat_budget = budget.SelectedValue

Dim str1 As String = "insert into product (ID, Product_Name, Product_Description, Item_Code, Industry, Theme, Occasion, Budget) values ('" + id + "', '" + name + "', '" + description + "', '" + code + "', '" + cat_industry + "', '" + cat_theme + "', '" + cat_occasion + "', '" + cat_budget + "')"
Dim cmd As New SqlCommand(str1, con)
Catch ex As Exception
End Try
End Sub


Your column names can't be referenced as Product Name and Product Description with a space - you will need to escape it as [Product Name], [Product Description] etc.

But please refrain from inserting data directly - instead you should be parameterizing your input variables. This has benefits from both a performance and security (Sql Injection) perspective.

 Dim str1 As String = "insert into product (ID, [Product Name], [Product Description], Item_Code, etc) " _
                      " values (@id, @name, @description, @code, etc)"
 Dim cmd As New SqlCommand(str1, con)
 cmd.Parameters.AddWithValue("@id", id )
 cmd.Parameters.AddWithValue("@name", name )
 ... etc