Specifying psqlODBC parameters in VB.NET

Question

Just began using PostgresQL for a vb application (using visual studio 2005 pro) and connect via ODBC (there's a reason for using the ODBC connection and not the native PostgresQL connector) .

I'm used to using the @something and cmd.Parameters.Add("@something", data) format with MSSQL. I have 9 values i want to get from a form and use them in an insert statement but can't seem to figure the syntax for PostgresQL out.

Ideas? I've searched for two days trying to find an answer to this btw.

Edit: Sorry, I already deleted the code I was trying, but I kept getting "the column does not exist" error on column "name" which is my first paramater.

I know it's not a connection error or a naming convention issue or something like that because the following code does work. Here's how I'm doing it now for testing:

strSQL = "INSERT INTO tableb (name, extension, length,creationtime,lastaccesstime,lastwritetime,directoryname) VALUES ('Name','Extension','Length','CreationTime','LastAccessTime','LastWriteTime','DirectoryName')"

objConn.ConnectionString = strConnString
        objConn.Open()
        With objCmd

            .Connection = objConn
            .CommandText = strSQL
            .CommandType = CommandType.Text
            .ExecuteNonQuery()
        End With

Oh, and the ODBC version I'm using is 8.03.02.00

More info: The code causing the error:

strSQL = "INSERT INTO TABLEB (name) VALUES (@name)"

    objConn.ConnectionString = strConnString
    objConn.Open()
    'Try
    With objCmd
        .Parameters.Add("@name", SqlDbType.Int)
        .Parameters("@name").Value = "SomeText"

        .Connection = objConn
        .CommandText = strSQL
        .CommandType = CommandType.Text
        .ExecuteNonQuery()
    End With

Code with parameters:

The exact error: ODBC Exception:

"ERROR [42703] ERROR: column "name" does not exist;
Error while executing the query"

The error occurs on the .ExecuteNonQuery

Thanks again!

Answer 1

problem is with below code

.Parameters.Add("@name", SqlDbType.Int)
.Parameters("@name").Value = "SomeText"

you set name as SqlDbType.Int but you set text value to it

give correct column type when declare the parameters and assign correct value which match with given data type.

And also give parameters as ? in sql statement and then add the command parameters in the same sequence given in the sql. ODBC do not support named parameters.

sample code :

strSQL = "INSERT INTO TABLEB (name) VALUES (?)"
objConn.ConnectionString = strConnString
objConn.Open()
With objCmd
    .Parameters.AddWithValue("name", "SomeText")
    .Connection = objConn
    .CommandText = strSQL
    .CommandType = CommandType.Text
    .ExecuteNonQuery()
End With

Answer 2

As written that query is fine. Given the stated error, likely issues are:

• Capitalization problems with quoting. If your column is defined as "Name" you need to refer to it as "Name" everywhere, not Name or name . See lexical structure .

• Accessing the wrong database or an older version of the same database you set up and forgot, one that contains a tableb without a name column

• In "anonymizing" the query you've hidden the real problem, or the error you quote doesn't match the code you're running. For example, quoting issues.

Are you sure the code you show is what you're getting the error from? You talk about @parameter etc in the text, but there's nothing like that in the code...

You should certainly be using parameterized queries instead of this approach to prevent SQL injection attacks, since I'm sure your real code doesn't hard code the values. Parameter use should be no different between psqlODBC and MS SQL Server's ODBC driver, that's half the point of query parameters. I don't speak Visual Basic (or ODBC if I can avoid it) and the SQL injection rosetta stone doesn't have details for VB.NET. Try doing what you do with MS SQL Server and if you have issues, follow up with a new question that includes the exact code and errors.