0

I would like to know if i am doing the rights steps to insert a row in the table using oledbcommand. here is my code:

        strSQL2 = " SELECT * FROM GESTHANDNET2015v1.dbo.TabLoc "
        Dim insere1 As New OleDbCommand(strSQL2, connOracle)
        Dim drinsere As OleDbDataReader = insere1.ExecuteReader()
        drinsere.Read()
        lertabela7 = New OleDbCommand(strSQL2, connOracle)
        mysetinsere = lertabela7.ExecuteReader
        If mysetinsere.HasRows Then

            strSQL = " Insert into GESTHANDNET2015v1.dbo.Tabloc where GESTHANDNET2015v1.dbo.Tabloc.Codprov=" & mysetinsere!codprov
            strSQL = strSQL & "; and GESTHANDNET2015v1.dbo.Tabloc.codmun=" & mysetinsere!codmun
            strSQL = strSQL & "; and GESTHANDNET2015v1.dbo.Tabloc.codloc=" & mysetinsere!codloc
            strSQL = strSQL & "; and GESTHANDNET2015v1.dbo.Tabloc.descrloc= " & mysetinsere!descrloc
            vValues = ""
            vValues = 1
            vValues = vValues & "1"
            vValues = vValues & "999"
            vValues = vValues & "Alocação Temporária"

        End If
Edson Nascimento
  • 11
  • 1
  • 2
  • Anytime you have values for a where condition please consider using parameters e.g. insere1.Parameters.AddWithValue or insere1.Parameters.Add which properly formats values e.g. without parameters a string containing apostrophes you are responsible for escaping them, similarly with dates etc. Lastly, in some cases this assist against sql injection. In regards to SELECT *, you should always place field names in for what you want rather than *.l – Karen Payne Jan 19 '16 at 16:36
  • It wouldbe difficult to find any db related post here that doest advise SQ: params and disposing of db provider objects [for example](http://stackoverflow.com/q/29186317/1070452) – Ňɏssa Pøngjǣrdenlarp Jan 19 '16 at 17:40

0 Answers0