We Keep Coding

How to delete selected current row in datagrid from SQL (c#)

I want to delete selected current row in datagrid from Microsoft SQL Server Management Studio but it gives syntax error whatever I did. (I will click the row and will delete data in SQL)Here is the codes and errors that I received:
Can you dear friends help me? thanks.
First: ERROR : 'Incorrect syntax near '='.'
private void VeriSİL()
{
baglan.Open();
string bgn = cwGrid.CurrentRow.Cells[0].Value.ToString();
string m1 = cwGrid.CurrentRow.Cells[1].Value.ToString();
string m2 = cwGrid.CurrentRow.Cells[2].Value.ToString();
string m3 = cwGrid.CurrentRow.Cells[3].Value.ToString();
string kturu = cwGrid.CurrentRow.Cells[4].Value.ToString();
string m1m = cwGrid.CurrentRow.Cells[5].Value.ToString();
string m2m = cwGrid.CurrentRow.Cells[6].Value.ToString();
string m3m = cwGrid.CurrentRow.Cells[7].Value.ToString();
string urunno = cwGrid.CurrentRow.Cells[8].Value.ToString();
string guc = cwGrid.CurrentRow.Cells[9].Value.ToString();
string hiz = cwGrid.CurrentRow.Cells[10].Value.ToString();
string odk = cwGrid.CurrentRow.Cells[11].Value.ToString();
string gaz = cwGrid.CurrentRow.Cells[12].Value.ToString();
string aci = cwGrid.CurrentRow.Cells[13].Value.ToString();
string noz = cwGrid.CurrentRow.Cells[14].Value.ToString();
string sur = cwGrid.CurrentRow.Cells[15].Value.ToString();
string foto = cwGrid.CurrentRow.Cells[16].Value.ToString();
string not = cwGrid.CurrentRow.Cells[17].Value.ToString();
SqlCommand komut = new SqlCommand("delete from CW where Beğeni = '" + bgn + "' AND [1.Malz] = '" + m1 + "' AND [2.Malz] = '" + m2 + "' AND [3.Malz] = '" + m3 + "' AND Kaynaktürü = '" + kturu + "' AND [1/mm] = '" + m1m + "' AND [2/mm] = '" + m2m + "' AND [3/mm] = '" + m3m + "' AND ÜrünNo = '" + urunno + "'AND Güç = '" + guc + "' AND Hız = '" + hiz + "' AND Gaz = = '" + gaz + "' AND Açı = '" + aci + "' AND Nozzle = '" + noz + "' AND Süre = '" + sur + "' AND Foto= '" + foto + "' AND [Not]= '" + noz + "'", baglan);
komut.ExecuteNonQuery();
baglan.Close();
}
private void silButton_Click(object sender, EventArgs e)
{
VeriSİL();
}
My Second try and the error : 'Incorrect syntax near ','.'
private void VeriSİL()
{
baglan.Open();
SqlCommand komut = new SqlCommand("Delete CW WHERE Beğeni=#bgn,[1.Malz]=#m1,[2.Malz]=#m2,[3.Malz]=#m3,KaynakTürü=#kturu,[1/mm]=#m1m,[2/mm]=#m2m,[3/mm]=#m3m,Güç=#guc,Hız=#hiz,Odak=#odk,Gaz=#gaz,Açı=#aci,Nozzle=#noz,Süre=#sur,Foto=#foto,[Not]=#not,ÜrünNo=#urunno", baglan);
komut.Parameters.AddWithValue("#bgn", cwGrid.CurrentRow.Cells[0].Value.ToString());
komut.Parameters.AddWithValue("#m1", cwGrid.CurrentRow.Cells[1].Value.ToString());
komut.Parameters.AddWithValue("#m2", cwGrid.CurrentRow.Cells[2].Value.ToString());
komut.Parameters.AddWithValue("#m3", cwGrid.CurrentRow.Cells[3].Value.ToString());
komut.Parameters.AddWithValue("#kturu", cwGrid.CurrentRow.Cells[4].Value.ToString());
komut.Parameters.AddWithValue("#m1m", cwGrid.CurrentRow.Cells[5].Value.ToString());
komut.Parameters.AddWithValue("#m2m", cwGrid.CurrentRow.Cells[6].Value.ToString());
komut.Parameters.AddWithValue("#m3m", cwGrid.CurrentRow.Cells[7].Value.ToString());
komut.Parameters.AddWithValue("#urunno", cwGrid.CurrentRow.Cells[8].Value.ToString());
komut.Parameters.AddWithValue("#guc", cwGrid.CurrentRow.Cells[9].Value.ToString());
komut.Parameters.AddWithValue("#hiz", cwGrid.CurrentRow.Cells[10].Value.ToString());
komut.Parameters.AddWithValue("#odk", cwGrid.CurrentRow.Cells[11].Value.ToString());
komut.Parameters.AddWithValue("#gaz", cwGrid.CurrentRow.Cells[12].Value.ToString());
komut.Parameters.AddWithValue("#aci", cwGrid.CurrentRow.Cells[13].Value.ToString());
komut.Parameters.AddWithValue("#noz", cwGrid.CurrentRow.Cells[14].Value.ToString());
komut.Parameters.AddWithValue("#sur", cwGrid.CurrentRow.Cells[15].Value.ToString());
komut.Parameters.AddWithValue("#foto", cwGrid.CurrentRow.Cells[16].Value.ToString());
komut.Parameters.AddWithValue("#not", cwGrid.CurrentRow.Cells[17].Value.ToString());
komut.ExecuteNonQuery();
MessageBox.Show("Silme İşlemi Başarılı.");
baglan.Close();
}
private void silButton_Click(object sender, EventArgs e)
{
VeriSİL();
}
My last try and error : 'An expression of non-boolean type specified in a context where a condition is expected, near ','.'
private void VeriSİL()
{
baglan.Open();
SqlCommand komut = new SqlCommand("Delete from CW where Beğeni,[1.Malz],[2.Malz],[3.Malz],KaynakTürü,[1/mm],[2/mm],[3/mm],ÜrünNo,Güç,Hız,Gaz,Odak,Açı,Nozzle,Süre,Foto,[Not] like '" +
cwGrid.CurrentRow.Cells[0].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[1].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[2].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[3].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[4].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[5].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[6].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[7].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[8].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[9].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[10].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[11].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[12].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[13].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[14].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[15].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[16].Value.ToString() + "' , '" +
cwGrid.CurrentRow.Cells[17].Value.ToString() + "'", baglan);
komut.ExecuteNonQuery();
MessageBox.Show("Silme İşlemi Başarılı.");
baglan.Close();
}
private void silButton_Click(object sender, EventArgs e)
{
VeriSİL();
}

OleDB insert query error [duplicate]

This question already has answers here:
What are good ways to prevent SQL injection? [duplicate]
(4 answers)
How can I add user-supplied input to an SQL statement?
(2 answers)
Closed 5 years ago.
Here is my code and I am getting insert error.
Kindly help
OleDbConnection cnn = new OleDbConnection(dbConnection);
cnn.Open();
OleDbCommand cmd = cnn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [Emp Data] (" +
"EmpID, Active, EmpName, DOJ, DOL, [Next Manager], DOB, Department, Section, Designation, [Father Name], Address, Town, CNIC, Education, [Habib Metro], [Salary PM], EmailID, [JS Bank Account], [Salary on joining], [Last inc Rs], [Last inc Date], [Next of Kin Name], Relation, [Contact No], Comments, [Reason of Leaving], DOC, [Shift Timings], [Off Day 1], [Off Day 2]"
+ ") VALUES (" +
id + ", 'A' , '" + name + "', '" + doj + "', null '" + manager + "', '" + dob + "', '" + dept + "', '" + section + "', '" + desg + "', '" + father + "', '" + add + "', '" + town + "', '" + cnic + "', '" + education + "', '" + metroBank + "', " + salaryPM + ", '" + email + "', '" + jsBank + "', " + salary + ", 0, 0, null, '" + kinName + "', '" + kinRelation + "', '" + kinContact + "', '" + comments + "', null '" + doc + "', '" + shift + "', '" + offDay1 + "', '" + offDay2
+ "');";
cmd.ExecuteNonQuery();
cnn.Close();

I suspect:
null '"
should be:
null, '"
You are missing a comma in a couple of places.

Syntax Error in UPDATE statement VS 2015

I get the Syntax Error in UPDATE statement whenever I try to update information in my Access database. I have tried moving things around and adding commas or taking away commas. I am stuck, any suggestions as to what I could do? The error is attached to the second cmd.ExecuteNonQuery(); at the bottom.
if (txtdateId.Text != "")
{
if (txtdateId.IsEnabled == true)
{
cmd.CommandText =
"insert into tbEmp(DateofService, AssociateName, DeviceType, DeviceModel, Serial, Issue, Part1, Part2, Part3, RepairedBy, Campus) Values('" +
txtdateId.Text + "','" + txtEmpName.Text + "','" + txtContact.Text + "','" + txttype.Text +
"','" + txtserial.Text + "','" + txtAddress.Text + "','" + txtpart1.Text + "','" + txtpart2.Text +
"','" + txtpart3.Text + "','" + txtrepaired.Text + "','" + txtcampus.Text + "')";
cmd.ExecuteNonQuery();
BindGrid();
MessageBox.Show("Device Added Successfully");
ClearAll();
}
else
{
cmd.CommandText = "update tbEmp set DateofService = ,'" + txtdateId.Text + ",AssociateName = '" + txtEmpName.Text + ",DeviceType = '" + txtContact.Text + ",DeviceModel = '" + txttype.Text + ",Serial = '" + txtserial.Text + ",Issue = '" + txtAddress.Text + ",Part1 = '" + txtpart1.Text + ",Part2 = '" + txtpart2.Text + ",Part3 = '" + txtpart3.Text + ",RepairedBy = '" + txtrepaired.Text + "where Campus = '" + txtcampus.Text;
cmd.ExecuteNonQuery();
BindGrid();
MessageBox.Show("Device updated");
ClearAll();
}
}

You missed several ' in you statement also you have one extra ' after DateofService. Your statement should be like this:
cmd.CommandText = "update tbEmp set DateofService = '" + txtdateId.Text + "',AssociateName = '" + txtEmpName.Text + "' , ...
Also I strongly recommend you to use parameterized queries to avoid SQL Injection like this:
In SQL:
cmd.CommandText = "update tbEmp set DateofService = #txtdateId ,...";
cmd.Parameters.AddWithValue("txtdateId",txtdateId.Text);
And for Access and OleDB:
cmd.CommandText = "update tbEmp set DateofService = ? , ....";
cmd.Parameters.AddWithValue("DateofService ",txtdateId.Text);
Although specify the type directly and use the Value property is more better than AddWithValue. Check this: Can we stop using AddWithValue() already?

This is solution of your problem, but I'll prefer you do some add validation for SQL injection. First take the textbox value validate it then pass it query.
cmd.CommandText = "update tbEmp set DateofService = '" + txtdateId.Text + "' ,AssociateName = '" + txtEmpName.Text + "' ,DeviceType = '" + txtContact.Text + "',DeviceModel = '" + txttype.Text + "',Serial = '" + txtserial.Text + "',Issue = '" + txtAddress.Text + "',Part1 = '" + txtpart1.Text + "',Part2 = '" + txtpart2.Text + "' ,Part3 = '" + txtpart3.Text + "' ,RepairedBy = '" + txtrepaired.Text + "' where Campus = '" + txtcampus.Text + "'";

C# Update MS Acess data from code, my method doesn't work

Hi first here is my code:
OleDbConnection conexao = new OleDbConnection();
try
{
OleDbCommand comando = new OleDbCommand();
comando.Connection = conexao;
string query2 = "update Utilizador set Nome='" + nomeTextBox.Text + "' , DiaNascimento='" + diaNascimentoComboBox.Text + "' ,MesNascimento='" + mesNascimentoComboBox.Text + "' ,AnoNascimento='" + anoNascimentoComboBox.Text + "' , Altura='" + alturaTextBox.Text + "' , Sexo='" + sexoComboBox.Text + "' , Peso='" + pesoTextBox.Text + "' , CodGenetica='" + codGeneticaTextBox1.Text + "', Login='" + loginTextBox.Text + "' , Password='" + passwordTextBox.Text + "' where CodUtilizador= " + codutilizaor.Text + "";
string id = codutilizaor.Text;
string command = "update Utilizador set Nome= '" + nomeTextBox.Text + "' , Login= " + loginTextBox.Text + " where CodUtilizador= '" + id + "' ";
conexao.Open();
conexao.Close();
this.Close();
}
catch (Exception ex)
{
MessageBox.Show("Ya" + ex);
}
I want to update all the fields but it doesn´t work, i saw many solutions here and in youtube but none solved my problem, and I tried very hard from myself to do it but it still doesn ´t work , please may you help mesolving this problem?

you missing a quote on query2:
...where CodUtilizador= '" + codutilizaor.Text + "";
you also have to execute the query with ExecuteNonQuery(); :
...
comando.Text=command;
comando.ExecuteNonQuery();
Last but not least consider using parameters, because you are exposed to SQL injection.
e.g:
string command = "update Utilizador set Nome= #None , Login=#Login where CodUtilizador=#ID";
comando.Parameters.AddWithValue("#Nome", nomeTextBox.Text);
comando.Parameters.AddWithValue("#Login", loginTextBox.Text);
comando.Parameters.AddWithValue("#ID", id);

Looks like you forgot to add the query to the command. You also forgot to actually execute it.
OleDbConnection conexao = new OleDbConnection("Add your connection string here");
try
{
string query = "update Utilizador set Nome='" + nomeTextBox.Text + "' , DiaNascimento='" + diaNascimentoComboBox.Text + "' ,MesNascimento='" + mesNascimentoComboBox.Text + "' ,AnoNascimento='" + anoNascimentoComboBox.Text + "' , Altura='" + alturaTextBox.Text + "' , Sexo='" + sexoComboBox.Text + "' , Peso='" + pesoTextBox.Text + "' , CodGenetica='" + codGeneticaTextBox1.Text + "', Login='" + loginTextBox.Text + "' , Password='" + passwordTextBox.Text + "' where CodUtilizador='" + codutilizaor.Text + "'";
conexao.Open();
var commandOne = new OleDbCommand(query, conexao);
commandOne.ExecuteNonQuery()
conexao.Close();
this.Close();
}
catch (Exception ex)
{
MessageBox.Show("Ya" + ex);
}

System.Data.SqlClient.SqlDataReader does not contain a definition for 'open'

How can I open a data reader after closing it? I'm using Visual Studio 2010.
Here is my code.
bool result = Directory.EnumerateFiles(#"C:\Users\Moon\Documents\Visual Studio 2010\Projects\cdrInsertion\cdrInsertion\TempFiles").Any();
if (!result)
{
Response.Write("Folder is empty");
}
else
{
DirectoryInfo info = new DirectoryInfo(#"C:\Users\Moon\Documents\Visual Studio 2010\Projects\cdrInsertion\cdrInsertion\TempFiles");
FileInfo[] files = info.GetFiles();
SqlConnection con = new SqlConnection("Data Source = MOON-PC\\SQLEXPRESS; Initial Catalog = Call_Detail_Record; Integrated Security = true; Persist Security Info=False;");
con.Open();
SqlCommand cmd = new SqlCommand();
SqlDataReader readr = null;
foreach (FileInfo file in files)
{
string path = #"C:\Users\Moon\Documents\Visual Studio 2010\Projects\cdrInsertion\cdrInsertion\TempFiles\"+ file;
string queryfile = "select * from file_log";
cmd = new SqlCommand(queryfile,con);
readr = cmd.ExecuteReader();
while (readr.Read())
{
(readr.Open();)<----here i want to open it.
string filnames = readr["file-name"].ToString();
string filestring = file.ToString();
if (filnames.Equals(filestring))
{
Response.Write("file already inserted");
readr.Close();
}
else
{
string text = System.IO.File.ReadAllText(path);
string[] lines = text.Split('\n');
//transctionscop
// DataTable dt = new DataTable();
// cmd = new SqlCommand();
string[] Values;
foreach (string line1 in lines)
{
if (line1 == "")
{
Response.Write("end file");
}
else
{
Values = line1.Split(';');
DateTime zero = Convert.ToDateTime(Values[0]);
// DateTime onezerofive = Convert.ToDateTime(Values[105]);
// DateTime onezerosix = Convert.ToDateTime(Values[106]);
// Timer two = Convert.Tot(Values[2]);
// string query = "INSERT INTO cdr_info VALUES ('" + Values[0] + "'," + Values[1] + ",'" + Values[2] + "','" + Values[3] + "'," +
string query = "INSERT INTO cdr_info VALUES( '" + zero + "', '" + Values[1] + "', '" + Values[2] + "', '" + Values[3] + "', '" + Values[4] + "', '" + Values[5] + "', '" + Values[6] + "', '" + Values[7] + "', '" + Values[8] + "', '" + Values[9] + "'," +
" '" + Values[10] + "', '" + Values[11] + "', '" + Values[12] + "', '" + Values[13] + "', '" + Values[14] + "','" + Values[15] + "', '" + Values[16] + "', '" + Values[17] + "', '" + Values[18] + "','" + Values[19] + "'," +
"'" + Values[20] + "','" + Values[21] + "', '" + Values[22] + "', '" + Values[23] + "', '" + Values[24] + "', '" + Values[25] + "','" + Values[26] + "', '" + Values[27] + "', '" + Values[28] + "', '" + Values[29] + "', " +
" '" + Values[30] + "', '" + Values[31] + "', '" + Values[32] + "', '" + Values[33] + "', '" + Values[34] + "'," +
"'" + Values[35] + "', '" + Values[36] + "', '" + Values[37] + "', '" + Values[38] + "','" + Values[39] + "', '" + Values[40] + "', '" + Values[41] + "', '" + Values[42] + "'," +
"'" + Values[43] + "', '" + Values[44] + "', '" + Values[45] + "', '" + Values[46] + "', '" + Values[47] + "', '" + Values[48] + "', '" + Values[49] + "','" + Values[50] + "', '" + Values[51] + "'," +
" '" + Values[52] + "', '" + Values[53] + "', '" + Values[54] + "', '" + Values[55] + "', '" + Values[56] + "','" + Values[57] + "', '" + Values[58] + "', '" + Values[59] + "', '" + Values[60] + "', '" + Values[61] + "'," +
"'" + Values[62] + "', '" + Values[63] + "', '" + Values[64] + "', '" + Values[65] + "', '" + Values[66] + "','" + Values[67] + "','" + Values[68] + "','" + Values[69] + "', '" + Values[70] + "'," +
"'" + Values[71] + "', '" + Values[72] + "','" + Values[73] + "','" + Values[74] + "', '" + Values[75] + "', '" + Values[76] + "', '" + Values[77] + "', '" + Values[78] + "', '" + Values[79] + "', '" + Values[80] + "'," +
" '" + Values[81] + "', '" + Values[82] + "', '" + Values[83] + "', '" + Values[84] + "', '" + Values[85] + "','" + Values[86] + "', '" + Values[87] + "','" + Values[88] + "', '" + Values[89] + "', '" + Values[90] + "'," +
" '" + Values[91] + "', '" + Values[92] + "', '" + Values[93] + "', '" + Values[94] + "', '" + Values[95] + "', '" + Values[96] + "', '" + Values[97] + "', '" + Values[98] + "', '" + Values[99] + "', '" + Values[100] + "'," +
" '" + Values[101] + "', '" + Values[102] + "', '" + Values[103] + "'," +
" '" + Values[104] + "', '" + Values[105] + "', '" + Values[106] + "', '" + Values[107] + "', '" + Values[108] + "')";
// string query = "INSERT INTO demooo VALUES ('" + Values[0] + "','" + Values[1] + "','" + Values[2] + "')";
cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
}
}
}
}
readr.Close();
}

The reader is already open. When you call ExecuteReader on the command, it returns an open data reader.
Why are you closing the data reader inside the loop though? You've got a Close call after the loop anyway so why close it twice? What you should do is create it with a using statement and then it will be implicitly closed at the end of the block.