Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 1 year ago.
Improve this question
I am trying to get a string value from parameter and get all names of the companies(YRITYS) where name starts with letter from parameter but I am getting nothing in return. What is the correct syntax to do this?
public IEnumerable<Asiakas> GetByName(string arvo)
{
string sql = "SELECT ASNRO, YRITYS, SUKUNIMI, ETUNIMI, LAHIOSOITE, POSTITP, POSTINRO " +
"FROM dbo.ASIAKAS " +
"WHERE YRITYS LIKE '#KIRJAIN' " +
"ORDER BY ASNRO";
using (var cmd = Context.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.Add(new SqlParameter("#KIRJAIN", arvo));
var tulos = ToList(cmd);
return tulos;
}
}
don't use quotes in the sql, and don't use # in the parameter
public IEnumerable<Asiakas> GetByName(string arvo)
{
string sql = "SELECT ASNRO, YRITYS, SUKUNIMI, ETUNIMI, LAHIOSOITE, POSTITP, POSTINRO " +
"FROM dbo.ASIAKAS " +
"WHERE YRITYS LIKE #KIRJAIN " +
"ORDER BY ASNRO";
using (var cmd = Context.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.Add(new SqlParameter("KIRJAIN", arvo));
var tulos = ToList(cmd);
return tulos;
}
}
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
it returns that I made a syntax error in my SQL statement cant find where, I used this syntax earlier and it worked... could you tell me where it is please ?
public static void addKc(KeyCeremony kc)
{
string ka = kc.ka;
string kc1 = kc.kc1;
string kc3 = kc.kc3;
string family = kc.family;
string so = kc.so;
string it = kc.it;
string desc = kc.desc;
using (OleDbConnection conn = new OleDbConnection(connecString))
{
using (OleDbCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO KC(Family, Kc1, Kc3, Ka, So, It, Desc) VALUES(#Family, #Kc1, #Kc3, #Ka, #So, #It, #Desc)";
cmd.Connection = conn;
conn.Open();
cmd.Parameters.AddWithValue("#Family", family);
cmd.Parameters.AddWithValue("#Kc1", kc1);
cmd.Parameters.AddWithValue("#Kc3", kc3);
cmd.Parameters.AddWithValue("#Ka", ka);
cmd.Parameters.AddWithValue("#So", so);
cmd.Parameters.AddWithValue("#It", it);
cmd.Parameters.AddWithValue("#Desc", desc);
try
{
cmd.ExecuteNonQuery();
MessageBox.Show("Insertion OK");
}
catch (Exception)
{
throw;
}
conn.Close();
}
}
}
hope you will find it faster than me
Desc is a keyword. Change to this: [Desc].
All Keywords in SQL:
https://www.drupal.org/docs/develop/coding-standards/list-of-sql-reserved-words
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
i just want to set a variable based on if qno field row is empty or not i.e any entry has been inserted earlier or not
c# code:
cmd2 = new SqlCommand("Select COUNT(*) FROM " + tname + "WHERE qno = #qno", con99);
cmd2.Parameters.AddWithValue("#qno", qno);
if ((int)cmd2.ExecuteScalar() == 0) //V Studio shows error here
qno_present = 0;
else
qno_present = 1;
Error:
an exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near '='.
cmd2 = new SqlCommand("Select COUNT(*) FROM " + tname + "WHERE qno = #qno", con99);
You need space before the WHERE clause
cmd2 = new SqlCommand("Select COUNT(*) FROM " + tname + " WHERE qno = #qno", con99);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
Why does this code throw an error?
using (MySqlConnection cn = new MySqlConnection(VarribleKeeper.MySQLConnectionString))
{
{
MySqlCommand Command = new MySqlCommand();
Command.Connection = cn;
Command.CommandText = "UPDATE TeleworksStats SET Ja= ('" + JaTak +
"') WHERE Brugernavn = " + VarribleKeeper.Brugernavn + "' AND Dato = " +
DateTime.Today.ToString("yyyy-MM-dd") + "";
cn.Open();
Command.ExecuteNonQuery();
//Ryd op
Command.Dispose();
cn.Close();
}
}
Rather than just forgetting ' for the value of Brugernavn column and both single quotes for Dato column, I think you have more things to keep in mind.
Use using statement to dispose your Command object as you did for your connection instead of calling Close or Dispose methods manually.
Use paramterized queries instead of string concatenation. This kind of codes are open for SQL Injection attacks.
Looks like you try to save your DateTime values with their string representations. Do not do that! If you wanna keep your DateTime values to your database, you need to pass them directly. Change your Dato column to DateTime type. Read: Bad habits to kick : choosing the wrong data type
using(var cn = new MySqlConnection(VarribleKeeper.MySQLConnectionString))
using(var Command = cn.CreateCommand())
{
Command.CommandText = #"UPDATE TeleworksStats SET Ja = #Ja
WHERE Brugernavn = #Brugernavn AND Dato = #Dato";
Command.Parameters.Add("#Ja", MySqlDbType.VarChar).Value = JaTak;
Command.Parameters.Add("#Ja", MySqlDbType.VarChar).Value = VarribleKeeper.Brugernavn;
Command.Parameters.Add("#Ja", MySqlDbType.DateTime).Value = DateTime.Today;
// I assumed your column types. You should write proper column types instead.
cn.Open();
Command.ExecuteNonQuery();
}
You missed one quote ' after Brugernavn = and Dato:
Brugernavn = "... '" + VarribleKeeper.Brugernavn + "' AND Dato = '" +
DateTime.Today.ToString("yyyy-MM-dd") + "'";
Also I strongly recommend that you always use parameterized queries to avoid SQL Injection like this:
Command.CommandText =
"UPDATE TeleworksStats SET Ja = #Ja WHERE Brugernavn = #Brugernavn and ...";
Command.Parameters.AddWithValue("#Ja", JaTak);
Command.Parameters.AddWithValue("#Brugernavn", VarribleKeeper.Brugernavn);
Although specify the type directly and use the Value property is more better than AddWithValue. Check this: Can we stop using AddWithValue() already?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I get an error on sc.ExecuteNonQuery();.. Error: Incorrect syntax near 's'
Code:
con = new SqlConnection("Data Source=DELL-PC;Initial Catalog=sashi;Integrated Security=True");
con.Open();
SqlCommand sc = new SqlCommand("INSERT INTO Login VALUES('" + textBoxUID.Text + "','" + textBoxPWD.Text + "','" + comboBoxQUN.Text + "','" + textBoxANS.Text + "' ) ", con);
sc.ExecuteNonQuery();
MessageBox.Show("Record has been inserted");
con.Close();
What I forgot or where is the error?
Please Use Parameters like this:
using (var con = new SqlConnection("Data Source=DELL-PC;Initial Catalog=sashi;Integrated Security=True"))
{
con.Open();
using(var sc = connection.CreateCommand())
{
sc.CommandText = "INSERT INTO Login VALUES(#uid,#pass,#qun,#ans)";
sc.Parameters.Add(new SqlParameter("#uid", textBoxUID.Text));
sc.Parameters.Add(new SqlParameter("#pass", textBoxPWD.Text));
sc.Parameters.Add(new SqlParameter("#qun", comboBoxQUN.Text));
sc.Parameters.Add(new SqlParameter("#ans", textBoxANS.Text));;
sc.ExecuteNonQuery();
}
}
Sql parameters helps prevent SQL Injection attacks.. and ist easier to read..
Does your login table have only four columns? otherwise you must also specify this in your insert-statement: INSERT INTO (col1, col2 ....
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
The line that beings int temp = Convert... is giving the error:
An expression of non-boolean type specified in a context where a condition is expected, near 'Name'
The surrounding code is:
String checkuser = "select count(*) from [UserRecord] where User Name= " +TextBoxUsername.Text + "";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); //error on this line
if (temp == 1)
Can someone explain what is causing the error?
You need to surround the username with single quotes.
String checkuser = "select count(*) from [UserRecord] where User Name= '" +TextBoxUsername.Text + "'";
Also, User Name shouldn't have a space in it, or needs [] around it.
Or better yet, use a parameterized query.
Please check your query.there is a space between User and Name for username.
"select count(*) from [UserRecord] where User Name= "
You forget '
String checkuser = "select count(*) from [UserRecord] where User Name= '" +TextBoxUsername.Text + "'";