|
|
Posted by David Portas on 08/20/06 08:49
Dot Net Daddy wrote:
> Hello,
>
> I cannot get the following Insert Command work. I get the error:
>
>
> Error converting data type varchar to numeric.
> Description: An unhandled exception occurred during the execution of
> the current web request. Please review the stack trace for more
> information about the error and where it originated in the code.
>
> Exception Details: System.Data.SqlClient.SqlException: Error converting
> data type varchar to numeric.
>
> However 'rate' and 'maximum' variables are declared as Decimal
>
> Dim rate As Decimal
> Dim maximumAs Decimal
>
> SqlDataSource1.InsertCommand = "INSERT INTO Example(userName, rate,
> maximum, ticket) VALUES('blabla','" & rate & "','" & maximum & "','" &
> RadioButtonList1.SelectedValue & "')"
>
> SqlDataSource1.Insert()
>
>
>
> CREATE TABLE Example(
> userName nvarchar(50),
> rate decimal(2, 2),
> maximum decimal(6, 2),
> ticket nchar(1)
> )
Constructing dynamic SQL strings using parameters is a careless and
inefficient practice. If the parameters are based on user-supplied
input then your code is also potentially unreliable and dangerous.
If you really must put SQL INSERT statements in your application then
use the InsertParameters collection to pass the values. That way you
can avoid any unexpected type conversions. Better still, if your data
source is SQL Server only then use a stored procedure and use a
parameters collection to pass your values into the proc rather than the
INSERT statement. Your code will be much easier to manage and maintain
if you use procs.
--
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
--
Navigation:
[Reply to this message]
|