-1

I am trying to insert 3 textbox values into my database using a visual basic form, I have previously done this on another form and it worked correctly so I copied the code and changed the names to suit but I am getting the falling error: 'Addcustomer' not a member of 'sql'.

Any help will be appreciated.

Here is my code used on the form, this is where the error is underlined in blue:

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

    Try
        Sql.Addcustomer(addcustomerfname.Text, addcustomersname.Text, addcustomeremail.Text)
        MsgBox("Customer Added")

        addeditmembership.Show()
        Me.Hide()




    Catch ex As Exception
        MsgBox(ex.Message)
    End Try



End Sub

Okay I am very new to VB and am only doing it for a uni assignment so have just been following lecturer instructions. Here is my full code for the control file (this includes the working insert and the faulty one), I know its probably some stupid error but it's got me stumped.

Public Class SQLControl
    Public SQLCon As New SqlConnection With {.ConnectionString = "Data Source=WADE\SQL2012;Initial Catalog=master;Integrated Security=True;"}
    Public SQLCmd As SqlCommand
    Public SQLDA As SqlDataAdapter
    Public SQLDS As DataSet

Public Function HasConnection() As Boolean
    Try
        SQLCon.Open()
        SQLCon.Close()
        Return True

    Catch ex As Exception
        MsgBox(ex.Message)

    End Try
    Return False


End Function

Public Sub RunQuery(Query As String)
    Try
        SQLCon.Open()

        ' CREATE COMMAND
        SQLCmd = New SqlCommand(Query, SQLCon)

        'Fill Dataset
        SQLDA = New SqlDataAdapter(SQLCmd)
        SQLDS = New DataSet
        SQLDA.Fill(SQLDS)


        SQLCon.Close()
    Catch ex As Exception
        MsgBox(ex.Message )

        'Close connection
        If SQLCon.State = ConnectionState.Open Then

            SQLCon.Close()

        End If
    End Try
End Sub

Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String,
                      member_address As String, member_postcode As String, member_email As String, member_contact_number As String,
                      member_registration As String, member_discount_rate As Integer)
    Try
        Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _
                                   ")VALUES(" & _
                                   "'" & member_fname & "'," & _
                                   "'" & member_sname & "'," & _
                                   "'" & member_gender & "'," & _
                                   "'" & member_dob & "'," & _
                                   "'" & member_address & "'," & _
                                   "'" & member_postcode & "'," & _
                                   "'" & member_email & "'," & _
                                   "'" & member_contact_number & "'," & _
                                   "'" & member_registration & "'," & _
                                   "'" & member_discount_rate & "')"





        SQLCon.Open()

        SQLCmd = New SqlCommand(strinsert, SQLCon)

        SQLCmd.ExecuteNonQuery()

        SQLCon.Close()

    Catch ex As Exception

        MsgBox(ex.Message)

    End Try

End Sub

Public Sub Addcustomer(addcustomerfname As String, addcustomersname As String, addcustomeremail As String)
    Try
        Dim customerinsert As String = "INSERT INTO customers (customer_fname,customer_sname,customer_email " & _
                                   ")VALUES(" & _
                                   "'" & addcustomerfname & "'," & _
                                   "'" & addcustomersname & "'," & _
                                   "'" & addcustomeremail & "')"





        SQLCon.Open()

        SQLCmd = New SqlCommand(customerinsert, SQLCon)

        SQLCmd.ExecuteNonQuery()

        SQLCon.Close()

    Catch ex As Exception

        MsgBox(ex.Message)

    End Try
End Sub



End Class
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
phpdrivesmemad
  • 29
  • 1
  • 7
  • Where do you declare the variable Sql? Could you show the code that's working? By the way your sql command is doomed. Just try to pass a string with a single quote inside (like name = O'Hara) and sql injection is just a disaster waiting to happen here – Steve Apr 30 '15 at 16:52
  • I have edited the question, hopefully that helps. I have just started VB in the last week so i'm pretty useless at it. It's for a uni assignment and the lecturer said not worry about SQL injection as we are only showing it for a simple demonstration. Thanks for your response guys – phpdrivesmemad Apr 30 '15 at 17:00
  • 2
    _the lecturer said not worry about SQL injection_ - that's easy for him to say, he's not the one that has to worry about it in the real world. I'd ask him for a refund, he's not much of a 'teacher'. – The Blue Dog Apr 30 '15 at 17:07
  • 1
    I ask it again: Where do you declare the variable Sql? What type is it? Given the error message the compiler thinks that Sql is a different kind of variable (not an SqlControl) – Steve Apr 30 '15 at 17:11
  • Well in fairness he did say that it was a big problem but as we are only going to demonstrate it just one time, he not to worry to much. But i will have a look into it. – phpdrivesmemad Apr 30 '15 at 17:15
  • Sorry @Steve thought I had replied earlier, didn't mean to keep you waiting. The problem was that I didn't declare the sql in the form I was calling it from, hence I was getting the error. Thanks for responding, this site is great everyone is so helpful (even towards newbies) – phpdrivesmemad Apr 30 '15 at 17:17

1 Answers1

1

Your code contains several issues, the worst being proneness to SQL injection attacks, but solving this is a different story. (One easy thing to do is to parameterize your query. See this StackOverflow question for an example of how to do this.)

Regarding your immediate issue: Addcustomer is declared inside a class SQLControl. You're calling Sql.Addcustomer, which implies that the form class containing Button1_Click should have a field or property called Sql having type SQLControl. If that is not the case, then you must declare and initialize a field / property Sql As SQLControl.

Community
  • 1
  • 1
stakx - no longer contributing
  • 83,039
  • 20
  • 168
  • 268
  • Thank you, you were right I didn't declare sql in form. New it would be something stupid. I'll have a look into SQL injection attacks as I know they are a serious problem. Thank you again. – phpdrivesmemad Apr 30 '15 at 17:13