In the following command I get the exception
Incorrect syntax near 'TPA_Approved_Date'
What am I doing wrong?:
SqlCommand sqlComm = new SqlCommand();
sqlComm = myConnection.CreateCommand();
sqlComm.CommandText = #"UPDATE [MRT_MKT_BIDW].[biw].[CNX_TPA_Applied_F]
SET TPA_Approver_Code='#Approver_Code'
TPA_Approved_Date ='#Approved_Date'
TPA_Approved_Flag='Y' WHERE
MDM_Invoice_Date_Dim_Key='20150206'";
sqlComm.Parameters.AddWithValue("#Approver_Code", Approver_Code);
sqlComm.Parameters.AddWithValue("#Approved_Date", "2015-05-06 16:24:47.870");
don't enclose your parameters in quotes - otherwise they will be treated as literals
separate the columns with commas:
sqlComm.CommandText = #"UPDATE [MRT_MKT_BIDW].[biw].[CNX_TPA_Applied_F] SET TPA_Approver_Code=#Approver_Code, TPA_Approved_Date =#Approved_Date, TPA_Approved_Flag='Y' WHERE MDM_Invoice_Date_Dim_Key='20150206'";
Above answer is correct. But just wanted to mention, sometimes its quicker to not to use parameters (if you trust the values in variables). Like for example:
SqlCommand sqlComm = new SqlCommand();
sqlComm = myConnection.CreateCommand();
sqlComm.CommandText = #"UPDATE [MRT_MKT_BIDW].[biw].[CNX_TPA_Applied_F]
SET TPA_Approver_Code='"+Approver_Code+"',
TPA_Approved_Date ='2015-05-06 16:24:47.870',
TPA_Approved_Flag='Y' WHERE
MDM_Invoice_Date_Dim_Key='20150206'";
Related
New to C#. Trying to insert values into a Microsoft Access Database using this code:
string value = "It's a nice day"
con.Open();
OleDbCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into Table1 values('"+ value + "')";
cmd.ExecuteNonQuery();
con.Close();
But I get the error 'Syntax error (missing operator) in query expression' which I'm going to assume, stems from the apostrophe in the string value. Is there any way around this?
Every time you need to pass values to execute an sql query you should ALWAYS use a parameterized query. As you have experienced, apostrophes mess with the syntax when you concatenate strings.
A parameterized query for your case should be
string value = "It's a nice day"
OleDbCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "insert into Table1 values(#value)";
cmd.Parameters.Add("#value", OleDbType.VarWChar).Value = value;
cmd.ExecuteNonQuery();
This will remove the problem with apostrophes, interpretation of the decimal point symbol, date format, but, most important even is not easy to exploit with Access, the Sql Injection ack.
I am trying with oracle database to Insert and select Hebrew letters
and it not working well.
I tried
Insert into mytable values ('היי');
and the result is ??? and not היי
can someone help me with that
Edit:
Now after i ask from DBA for hebrew option i can write in Hebrew from the sqlplus
but now from my project it still write ???
my code is
OleDbConnection conn = Connect();
conn.Open();
OleDbCommand com = new OleDbCommand("Insert into mytable values ('היי')", conn);
com.ExecuteNonQuery();
and still the result is ???
I can't really test this because I don't know anything about your database (not even your column names), but you should do that command with parameters:
var testString = "היי"; // Do be aware that Visual Studio displays Hebrew text right-to-left, so the actual string is reversed from what you see.
using (OleDbConnection conn = Connect())
{
conn.Open();
using (OleDbCommand com = conn.CreateCommand())
{
// OleDbCommand com = new OleDbCommand("Insert into mytable values ('היי')", conn);
com.CommandText = "Insert into mytable values (?)";
com.Parameters.Add(new OleDbParameter { OleDbType = OleDbType.VarWChar }).Value = testString;
com.ExecuteNonQuery();
}
}
Also, don't forget to dispose your disposables via a using statement.
Relatedly, here is a report that using a parameterized query fixed a similar problem with OracleCommand.
im trying to update the values of columns from the same row in my database.
Here is my code:
if (ModelState.IsValid)
{
using (SqlConnection cn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
{
SqlCommand cmd = new SqlCommand();
cmd = cn.CreateCommand();
cmd.CommandText = #"Update Content Set Des='#Des', Sc='#Sc' Where ID_Img=#Id_Img";
cmd.Parameters.Add("#Des", SqlDbType.VarChar);
cmd.Parameters["#Des"].Value = model.Des;
cmd.Parameters.Add("#Sc", SqlDbType.VarChar);
cmd.Parameters["#Sc"].Value = model.Sc;
cmd.Parameters.Add("#Id_Img", SqlDbType.Int);
cmd.Parameters["#Id_Img"].Value = model.Id_Img;
cn.Open();
cmd.ExecuteNonQuery();
cn.Close();
}
}
}
the code works and i get no error, but when i check in my database the values inserted are #Desc and #Sc and not properly the values which comes from form in my view.
I have set a breakpoint and check which values are in the variables all off them have the correct one..
What im doing wrong?
Someone can give me a hand pls?
Don't wrap your parameters in quotes in the actual query. Try this:
cmd.CommandText = #"Update Content Set Des=#Des, Sc=#Sc Where ID_Img=#Id_Img";
The parameters are smart enough to know if they need to be wrapped in quotes or not based on their data types.
When I insert through the OleDbCommand with direct values no problem, it's working fine
OleDbCommand OleCmd1 = new OleDbCommand("Insert into My_Diary (sl_no,reminder) values("+a1+",'CHECK VALUE')", OleCon1);
OleCmd1->ExecuteNonQuery();
But when I like to update through parameter its showing "Syntax Error"....I can't identify my mistake...
string MyConStr = "Provider=VFPOLEDB.1; Data Source='C:\\For_Dbf'; Persist Security Info=False";
InsSavDiaryCmd = "Insert into My_Table1 (sl_no,reminder) values (#sl_no,#reminder) ";
VFPDAp=gcnew OleDbDataAdapter();
VFPDApMy_Table1InsertCommand = gcnew OleDbCommand(InsSavDiaryCmd, OleCon1);
WithInsVar = VFPDAp.InsertCommand.Parameters;
WithInsVar.Add("#sl_no", OleDbType.Integer, 10, "sl_no");
WithInsVar.Add("#reminder", OleDbType.Char, 250, "reminder");
OleCon1.ConnectionString = MyConStr;
OleCon1.Open();
OleDbTransaction Trans=OleCon1.BeginTransaction();
//VFPDAp.DeleteCommand.Transaction = Trans;
//VFPDAp.UpdateCommand.Transaction = Trans;
VFPDAp.InsertCommand.Transaction = Trans;
VFPDAp.Update(MyDataTbl);
Trans.Commit();
OleCon1.Close();
The OleDbCommand doesn't use named parameters. You need to change the insert statement so that it uses questions.
InsSavDiaryCmd = "Insert into My_Table1 (sl_no,reminder) values (?, ?) ";
You need to make sure that you have a parameter for each question mark and make sure that the parameters are inserted in order of their use in the insert statement.
** If you'd like to use name parameters... you can try using VfpClient which is a project that I'm working on to make data access a little nicer from .Net.
OleDbConnection vcon = new OleDbConnection(#"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\SummerJob\DataBase.accdb");
string cmdtxt = "UPDATE Students SET S_Name = ?, S_Surname = ?, S_E-Mail = ? WHERE ID = ?";
OleDbCommand cmd = new OleDbCommand(cmdtxt, vcon);
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("S_Name", EditName.Text);
cmd.Parameters.AddWithValue("S_Surname", editSurname.Text);
cmd.Parameters.AddWithValue("S_E-Mail", editMail.Text);
vcon.Open();
cmd.ExecuteNonQuery();
vcon.Close();
//i use this code but it says syntax error in update statement
Where is the last parameter ???
ID=?
Not sure, but I will bet that without that parameter your query doesn't look right to the parser.
You need to pass ID? via SqlParameter like this cmd.Parameters.AddWithValue("ID", Id.Text);
Also make sure that the parameters are added in the same order they occur