I'm creating a wpf app that is connected to localhost database, it has 2 tables, now I ran into an error but I'm not sure what is wrong in the code. Can anyone help?
I'm getting this error:
An unhandled exception of type 'MySql.Data.MySqlClient.MySqlException'
occurred in MySql.Data.dll
Additional information: You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near 'left join author on
book.author_id=author.id' at line 1
private void Filter_TextChanged(object sender, TextChangedEventArgs e)
{
connection.Open();
MySqlCommand cmd = connection.CreateCommand();
cmd.CommandText = "SELECT * FROM book where book.name like ('" + Filter.Text + "%') left join author on book.author_id=author.id";
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
MySqlDataAdapter da = new MySqlDataAdapter(cmd);
da.Fill(dt);
_dataView = new System.Data.DataView(dt);
_dataView.Sort = "name ASC,id ASC";
BooksGrid.DataContext = dt;
connection.Close();
}
Change your query to
cmd.CommandText = "SELECT * FROM book left join author on book.author_id=author.id where book.name like ('" + Filter.Text + "%') and book.author_id=author.id";
The additional "book.author_id=author.id" clause at the end is to ensure that you only get records that match on author_id.
Also instead of cmd.ExecuteNonQuery(), you should try and use the cmd.ExecuteReader() since you are retrieving rows.
Related
I am developing a POS system for a stationary. I am currently stuck in the sales page. I want to add to data grid view a product when user inputs barcode, quantity, discount and client id and this is the error I am getting:
System.Data.SqlClient.SqlException: 'Incorrect syntax near the keyword 'transaction'
string query;
string query2;
using (SqlConnection sqlcon2 = new SqlConnection(cons))
{
query = "insert into dbo.transaction set (qte,remise,idclt) values ('" + textBox4.Text + "','" + comboBox1.Text + "','" + textBox6.Text + "')";
SqlDataAdapter sda = new SqlDataAdapter(query, sqlcon2);
}
using (SqlConnection sqlcon = new SqlConnection(cons))
{
sqlcon.Open();
query2 = "select produit.idprod, produit.nom_produit, transaction.qte, transaction.remise, transaction.idclt, transaction.qte*produit.prixV as Total from [dbo].[produit] join [dbo].[transaction] on produit.idprod=transaction.idprod join [dbo].[clients] clt on clt.idclt=transaction.idclt where produit.idprod= '" + textBox4.Text+"' and transaction.qte='"+textBox5.Text+"'";
SqlDataAdapter sda2 = new SqlDataAdapter(query2, sqlcon);
DataTable dt = new DataTable();
sda2.Fill(dt);
dgv.DataSource = dt;
}
Database Schema:
Form Design:
Hello and welcome to Stack Overflow.
It's highly likely that the problem in your code is the table's name being transaction, a keyword in the RDBMS you are using (as evidenced by the exception's message). Try to change it to something else.
In addition, your snippet is vulnerable to an SQL injection attack. Unless your project is well into development, you should consider using an ORM framework like Entity Framework Core.
I'm new in learning C# and MySql using Visual Basic Community 2015, I'm trying to make simple CRUD, but I'm confused when I Run the Program and try to input data to MySql Table because it always shows message
An unhandled exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll
Additional information:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Siswa,Total Biaya SPP,Sisa Bayar SPP,Keterangan) VALUES
is there any solution for this?
public partial class Crud : Form
{
MySqlConnection conn = new MySqlConnection("Server=localhost;User Id=root;Password='';Database=db_csharp1");
MySqlDataAdapter adapter = new MySqlDataAdapter();
MySqlCommand command = new MySqlCommand();
public DataSet ds = new DataSet();
public Crud()
{
InitializeComponent();
}
private void Crud_Load(object sender, EventArgs e)
{
GetRecords();
}
private void btnTambah_Click(object sender, EventArgs e)
{
ds = new DataSet();
adapter = new MySqlDataAdapter ("INSERT INTO siswa (NIS,Nama Siswa,Total Biaya SPP,Sisa Bayar SPP,Keterangan) VALUES ('"+textNIS.Text+"','"+textNamaSiswa.Text+"','"+textBiayaSPP.Text+"','"+textSisaBayar.Text+"','"+textKeterangan+"')", conn);
adapter.Fill(ds,"siswa");
MessageBox.Show("Added!");
textNIS.Clear();
textNamaSiswa.Clear();
textBiayaSPP.Clear();
textSisaBayar.Clear();
textKeterangan.Clear();
GetRecords();
}
private void GetRecords()
{
ds = new DataSet();
adapter = new MySqlDataAdapter("select * from siswa", conn);
adapter.Fill(ds, "siswa");
dataGridView1.DataSource = ds;
dataGridView1.DataMember = "siswa";
}
You have spaces in your column names. Use ` in your column names.
INSERT INTO siswa (`NIS`,`Nama Siswa`,`Total Biaya SPP`,`Sisa Bayar SPP`,`Keterangan`)
In your case, you can use Parametrized query to fill your Dataset. Now since the string used to initialize the SqlDataAdapter becomes the CommandText of the SelectCommand property of the SqlDataAdapter. So you can add your parameters like this:
adapter = new MySqlDataAdapter ("INSERT INTO siswa (`NIS`,`Nama Siswa`,`Total Biaya SPP`,`Sisa Bayar SPP`,`Keterangan`) VALUES (#textNIS,#textNamaSiswa,#textBiayaSPP,#textSisaBayar,#textKeterangan)", conn);
adapter.SelectCommand.Parameters.AddWithValue("#textNIS","%" + textNIS.Text + "%");
adapter.SelectCommand.Parameters.AddWithValue("#textNamaSiswa","%" + textNamaSiswa.Text + "%");
adapter.SelectCommand.Parameters.AddWithValue("#textBiayaSPP","%" + textBiayaSPP.Text + "%");
adapter.SelectCommand.Parameters.AddWithValue("#textSisaBayar","%" + textSisaBayar.Text + "%");
adapter.SelectCommand.Parameters.AddWithValue("#textKeterangan","%" + textKeterangan + "%");
Not sure if your field textKeterangan value should be textKeterangan.Text or textKeterangan. You can take care of this.
I am attempting to create a function that will allow a variable assignment, but i keep getting an error:
private static void DatabaseSelect(string ToBeSelected, string WhichTable, string Equality1, string Equality12)
{
SqlConnection con = new SqlConnection(#"Connection");
var dataSet = new DataSet();
var cmd = new SqlCommand("SELECT Firstname FROM Student WHERE User_ID = '" + "001" + "'", con);
//var cmd = new SqlCommand("SELECT '"+ToBeSelected+"' FROM '"+WhichTable+ "' WHERE '"+Equality1+"' = '"+Equality12+"'", con);
var dataAdapter = new SqlDataAdapter { SelectCommand = cmd };
dataAdapter.Fill(dataSet);
Console.WriteLine( dataSet.Tables[0].Rows[0][ToBeSelected].ToString());
}
When I use the line
var cmd = new SqlCommand("SELECT Firstname FROM Student WHERE User_ID = '" + "001" + "'", con);
It should theoretically, when the variables equal the same string as the line above, be the same as the line
var cmd = new SqlCommand("SELECT '"+ToBeSelected+"' FROM '"+WhichTable+ "' WHERE '"+Equality1+"' = '"+Equality12+"'", con);
But when I try to run the lower line it gives the error message (At the line Filling dataAdapter):
"An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Incorrect syntax near 'Student'."
If I am unclear please say so.Any help would be appreciated, thank you.
I do see some issues with your MySQL syntax
SELECT '"+ToBeSelected+"' FROM '"+WhichTable+ "' WHERE '"+Equality1+"' = '"+Equality12+"'"
Should translate to a MySQL Statement of:
SELECT 'ColumnName' FROM 'TableName' WHERE 'ColumnName2' = 'SomeValue'"
The first issue I'm seeing is all the single quotes.. Column names, tables names should be surrounded by "ticks" (the button to the left of the 1) not Single quotes.
I would start there, I'm reading further into you code now.
This is the code that is used to make the search
private void button1_Click(object sender, EventArgs e)
{
string connectionString = Tyre.Properties.Settings.Default.Database1ConnectionString;
SqlConnection conn = new SqlConnection(connectionString);
DataTable dt = new DataTable();
SqlDataAdapter SDA = new SqlDataAdapter("SELECT * FROM table1 where Nom like " + textBox1.Text, conn);
SDA.Fill(dt);
dataGridView1.DataSource = dt;
}
and im getting this error
An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Invalid column name 'elie'.
thats a exemple of my application :
Click here to see the image
First off, your code is wide open to SQL Injection. You allow the user to insert any data he wants including
; DROP TABLE table1
To fix the immediate issue surround the item to be matched with single quotes and % signs:
"SELECT * FROM table1 where Nom like '%" + textBox1.Text + "%'"
However, you absolutely should look into using a parameterized query.
I get a error when trying to inner join databases from a MySqL server.
I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'lines INNER JOIN snippets ON snippets.id = lines.snippetid_fk WHERE lines.snippe' at line 1
Im Coding in ASP.Net C#.
This is my function that gives the error:
MySqlConnection conn = new MySqlConnection();
string mysql = "Server=***;Database=***;User=***;pwd=***";
conn.ConnectionString = mysql;
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = "SELECT * FROM lines " +
"INNER JOIN snippets ON snippets.id = lines.snippetid_fk " +
"WHERE lines.snippetid_fk = 1";
cmd.Connection = conn;
DataTable dt = new DataTable();
MySqlDataAdapter adapter = new MySqlDataAdapter(cmd);
adapter.Fill(dt);
Repeater_codebank.DataSource = dt;
Repeater_codebank.DataBind();
According to documentation, lines is in the list of MySQL reserved words.
For your query, to work, you must add backticks around the table name:
cmd.CommandText = "SELECT * FROM `lines` " +
"INNER JOIN snippets ON snippets.id = lines.snippetid_fk " +
"WHERE `lines`.snippetid_fk = 1";