this how is my table look like, and this is my query
query = "insert into archive.exports (DocumentID, from, to, sendDate, dadbox, sonbox, sendBy) values(" + DocumentNum + ", " + from + ", " + to + ", '" + this.date.Value.ToShortDateString() + "', " + DadBox + ", " + SunBox + ", '" + SendBy + "')";
it gave me this error
can someone tell me where is the error, Sorry for my bad english
from and to are Reserved Keywords and happens to be the name of your column. In order to avoid syntax error, the column name should be escaped using backticks. Ex,
INSERT INTO archive.exports (DocumentID, `from`, `to`,...)
MySQL Reserved Keywords List
If you have the privilege to alter the table, change the column name that is not on the Reserved Keyword List to prevent the same error from getting back again on the future.
Related
Currently I am using this statement:
"SELECT categoryDB, number FROM " + dbName+ " WHERE titleDBColumn ='" + titleInput+ "'";
Which helps me find strings that are similar to titleInput (which is a variable coming from the outside).
However, the values in titleDBColumn are almost always shorter strings than those coming in through titleInput.
Example:
titleDBColumn: Streetcar
titleInput: TheStreetCarIOwn
Now it's obvious that I need to use the LIKE operator in the other direction to get the results I want but I cant get the format right. Any ideas?
Sorry if I'm unclear.
This worked for me:
"SELECT categoryDB, number FROM " + dbName + " WHERE '" +
titleInput + "' like '%' + titleDBColumn + '%'";
The resulting SQL must be
SELECT categoryDB, number
FROM tableName
WHERE 'input' LIKE '%' + titleDBColumn + '%'
The % wildcard means "any number of any characters". I.e, 'input' LIKE '%' + titleDBColumn + '%' means that the input text may contain characters before and after the column text.
Also, you should use command parameters, whenever possible. This is not possible for the table name you called dbName. If this name is defined in the code and is not a user input, then it is safe to concatenate it as you did. But otherwise take measures to prevent SQL-Injection.
string sql = "SELECT categoryDB, number FROM `" + dbName +
"` WHERE #input LIKE '%' + titleDBColumn + '%'";
using (var conn = new MySqlConnection(connStr)) {
var cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("#input", titleInput);
conn.Open();
var reader = cmd.ExecuteReader();
while (reader.Read())
{
...
}
}
I am looking to perform a greater than or less than search on multiple columns from an access database in C#.
So far I am trying to compare a chassis number value that is stored in a access database against a value in a textbox. If that value is greater than the textbox, this would then return the relevant data stored in the database to a gridview.
so far my code is:
var sql = "SELECT * FROM [database] WHERE (Manufacturer ='" + comboBox3.Text +
"' OR Manufacturer='*') AND (Model ='" + comboBox4.Text + "' OR Model='*') AND (Fuel ='" +
textBox9.Text + "' OR Fuel='*') AND (Chassisno='*' OR (Chassisno > '" + textBox2.Text + "'))";
The code above is finding results, but the 'greater than' operator is being ignored.
Does anybody have any ideas why this would be?
This portion:
Chassisno='*'
Causes the query to find anything. Please remove that part of the query if you are truly only interested in finding values that are greater than Chassisno.
you can't use * wild card with "=" , you should use "like" keyword :
.....OR Manufacturer like '*') AND (Model ='" + comboBox4.Text + "' OR Model like '*') AND (Fuel ='" +
textBox9.Text + "' OR Fuel like '*') AND (Chassisno like'*'....
I have 2 tables in an Access database:
tblMachine
fields:
MachineID
MachineDescription
tblProblem
fields
ProblemID
MachineID
ProblemDescription
I am trying to add a new record into tblProblem, using the MachineDescription to find the MachineID from tblMachine
However, my SQL statement throws an error on the sub-select statement
Here is my statement:
string sql = "INSERT INTO tblProblem" +
" ([MachineID], [ProblemDescription], [ProblemOrder])" +
" VALUES (" +
"(SELECT ([MachineID] FROM tblMachine WHERE MachineDescription = #MachineDescription))," +
" #ProblemDescription, #ProblemOrder);";
The problem being highlighted is this part:
"(SELECT ([MachineID] FROM tblMachine WHERE MachineDescription = #MachineDescription)),"
Have I done something wrong? It is telling me there is a syntax error...
Extra set of parentheses, and perhaps unqualified field names:
String sql = "INSERT INTO tblProblem " +
"([MachineID], [ProblemDescription], [ProblemOrder])" +
"SELECT tblMachine.[MachineID], #ProblemDescription, #ProblemOrder " +
"FROM tblMachine " +
"WHERE tblMachine.MachineDescription = #MachineDescription";
I have this problem with a query I have, I am using Oracle Commands and Parameters. I have hundreds of other queries in my code, but just this one is failing to execute. It is a very simple update query and it works in SQL Navigator because I tried it.
Within the code, the execute non query method seems like it freezes and i get "Waiting for http:// localhost:8081/MaintainUserProfile.aspx" in my webpage.
I appreciate your help because I've wasted hours on it and I'm clueless at this stage.
Let me know if I should state more information.
The code below (Please note I work with oracle parameters, but in this case I am just using plain strings to debug the problem, the same happens with oracle parameters, it get stuck on execute non query):
string sqlQuery = #"UPDATE schema_name.table_name
SET
officer_name = '" + fullName +
"', channel_code = " + channelCode +
", male_female_ind = '" + maleFemale +
"', user_status_code = '" + userStatusCode +
"', identity_number = '" + idNumber +
"', extension_number = " + extensionNumber +
" WHERE user_profile_id = " + userProfileID;
OracleCommand oraCommand2 = new OracleCommand(sqlQuery, db);
oraCommand2.ExecuteNonQuery();
You can try with this code - Based on AddWithValue
oraCommand2.CommandText="UPDATE schema_name.table_name SET
officer_name = :fullName , channel_code = :channelCode,
male_female_ind = :male_female_ind, user_status_code = :user_status_code,
identity_number = :idNumber, extension_number = :extensionNumber
WHERE user_profile_id = :userProfileID";
oraCommand2.Parameters.AddWithValue(":fullName", fullName);
oraCommand2.Parameters.AddWithValue(":channelCode", channelCode);
oraCommand2.Parameters.AddWithValue(":male_female_ind", male_female_ind );
oraCommand2 .Parameters.AddWithValue(":user_status_code", user_status_code );
oraCommand2 .Parameters.AddWithValue(":identity_number", identity_number );
oraCommand2 .Parameters.AddWithValue(":extension_number", extension_number );
oraCommand2 .Parameters.AddWithValue(":user_profile_id", user_profile_id );
Link : http://msdn.microsoft.com/fr-fr/library/system.data.oracleclient.oracleparametercollection.addwithvalue.aspx
Kenneth answered it in this Post, it may be due to an uncommitted operation in SQLDeveloper (or any other uncommitted pending database change).
I have web search form, When i submit my search in the search box,
The result are returned but with contains % in the file name.
for example. the original file name is abc.jpeg, so the result returned will be a%bc.
or if a folder is found with, so its the same for the folder name.
if a folder name is jack, in the result it will be ja%ck.
I have the text box (as a search box, and i have set the value of the search text box as) <%search text%>
Thanks for the help and taking time to read it.
I am using Asp.net, C# and Access DB.
code :
iscBuilder.AddSelect("* ");
iscBuilder.AddFrom("[table1] ");
iscBuilder.AddWhereClause("( column_name like('%" + pQuery + "%') or column_name like('%" + pQuery + "%') or column_name like('" + pQuery + "%') or column_name like('" + pQuery + "%') )");
iscBuilder.AddWhereClause("(column_name like( '" + path + "') or column_name like( '" + path + "')) order by column_name");
OleDbConnection sqlconConnection = (OleDbConnection)DatabaseConnection.Instance.GetConnection();
OleDbCommand sqlcmdCommand1 = new OleDbCommand(iscBuilder.ToString(), sqlconConnection);
sqlcmdCommand1.CommandType = CommandType.Text;
This is how i call the function: public XmlDocument GetSearchResults(string pQuery, string path,int from , int to)
{
List <T> ts= T.GetF().Getresult(pQuery, path);
return createXMLThumnails(thmbNails,from , to);
}
Have nice day
Try using a parameterised query or stored procedure to get your data - all this joining strings to make SQL statements is very fiddly and problematic.
Have a look at using Parameterised Queries or Stored Procedures.