"variable" is not declared error

Question

I am new to Vb.net programing and I need a little help here, I pretend to send info to my database, the first query gives me the id I need and I declare it as "postoid", when I later try to call it (in the insert into part) it says it is not declared, I have googled the problem a hundred times but I couldn't find the answer.

Ps: this code is all in the same private sub

Try
    mysqlconn.Open()
    queryrow = "Select * from postos where postos_nome ='" & TextBox1.Text & "'"
    COMMANDuser1 = New MySqlCommand(queryrow, mysqlconn)
    READERuser = COMMANDuser1.ExecuteReader

    While READERuser.Read
        Dim postoid = READERuser.GetString("postos_id")
    End While

    mysqlconn.Close()

Catch ex As Exception
End Try

Dim sqlquery As String = "INSERT INTO computadores VALUES (0,'" & pcname.ToUpper & "','" & ip & "','" & so & "','" & cpu & "','" & ram & "','" & gc & "','" & wserial & "','" & mnome & "','" & mserial & "','" & "--- ,,'Inativo','" & empresaid & "','" & postoid & "','" & userid & "')"
Dim sqlcommand As New MySqlCommand

With sqlcommand

    .CommandText = sqlquery
    .Connection = mysqlconn
    .ExecuteNonQuery()

End With
MsgBox("Computador Adicionado")
Dispose()
Close()

Not related to your problem, but please read up on using parameters for your SQL. String concatenation easily leads to SQL Injection. — Damien_The_Unbeliever, Jan 26 '16 at 09:07
You appear to have forgotten to open and close the connection for the insert query, and you need to `Dim postoid As String` *outside* the Try..Catch structure. Incidentally, you should not have an empty Catch clause as that prevents you from seeing any errors raised in the Try block. — Andrew Morton, Jan 26 '16 at 09:08
seems the problem is this one `pcname` ? , i cannot see the declaration of that variable. — japzdivino, Jan 26 '16 at 09:09
What can i do to improve my code to prevent SQL injection ? @Damien_The_Unbeliever — Reuter00, Jan 26 '16 at 09:13
@etalon11 Posting screenshots of errors is something that tends to be discouraged. — Andrew Morton, Jan 26 '16 at 09:14
the pcname is declared in the biggining of the sub @Japongskie — Reuter00, Jan 26 '16 at 09:15
@Reuter00 , oh.. and it's not visible so i assume that is the problem because of the error message.. you should include all code from beginning to end when you are asking.. :) so that we can help you quickly and to avoid confusion when reading the code. — japzdivino, Jan 26 '16 at 09:17

score 2 · Accepted Answer · edited May 23 '17 at 12:31

2

Your variable postoid is out-of-scope outside the block it is declared in.

All you need to do is declare it outside the Try structure:

Dim postoid As String = ""

queryrow = "Select postos_id from postos where postos_nome = @PostosNome"

Using COMMANDuser1 As New MySqlCommand(queryrow, mysqlconn)
    COMMANDuser1.Parameters.Add("@PostosNome", TextBox1.Text)

    mysqlconn.Open()
    READERuser = COMMANDuser1.ExecuteReader()

    While READERuser.Read
        postoid = READERuser.GetString("postos_id")
    End While

    mysqlconn.Close()

End Using

If postoid <> "" Then
    ' perform the insert...

I did not actually use Try in that, as you have no code in your Catch block - having no code in the Catch block has the effect of hiding errors. You want to see the errors.

For using SQL parameters, see, e.g., Inserting data into a MySQL table using VB.NET but please use .Add instead of .AddWithValue - the latter will not always work as intended.

edited May 23 '17 at 12:31

Community

1
1

answered Jan 26 '16 at 09:40

Andrew Morton

24,203
9
60
84

Also `ExecuteScalar` would be nicer! – shadow Jan 26 '16 at 11:56
@shadow Yes, but there is the messy potential problem of no results being returned: [Execute Scalar to trap error in case of no records returned](http://stackoverflow.com/a/13253718/1115360). – Andrew Morton Jan 26 '16 at 12:04
From MSDN `Return Value Type: System.Object The first column of the first row in the result set, or a null reference (Nothing in Visual Basic) if the result set is empty. Returns a maximum of 2033 characters.` So I don't believe there is a problem. – shadow Jan 26 '16 at 12:11

"variable" is not declared error

1 Answers1