I am successfully connecting to my sql 2008 server hosted on winhost.com. But I am following this tutorial: http://www.codeproject.com/KB/database/sql_in_csharp.aspx which was suggested in an answer from: Connecting to SQL Server Database C#-WinForms and I keep getting the exact same error when I try to:
Insert something into the table.
Retrieve something from the db.
The error is: "Incorrect syntax near the keyword 'table'.".
I don't know what's wrong. The error message is very vague, and everything seems to look fine.
I am using all the examples from the above tutorial, but they all give the same error.
Any suggestions? Does anyone have any other tutorials/articles for me I can have a look at?
Thank you
Where it says INSERT INTO table ... you have to change table to be the actual name of your table as it says in the text just beneath:
Now we will take a look at the values. table is simply the table within the database.
If you chose to call your table table then you can write [table] but it would be better to change the table name to something else.
Where table appears in that tutorial, it's meant to be a 'placeholder' for an actual table name - table by itself is an illegal table name - hence the syntax error. If you need to use this name then [table] would be fine.
TABLE is a reserved word, try surrounding it with brackets, if you have created a table called table.
[table]
Related
I have 4-5 tables in one database (not SQL Server).
In my UI, users can enter some SQL conditions together with column names in a textbox. I need to verify if the SQL is correct and if these columns exist, and show any errors accordingly. I am using C# for server side.
I have a SQL Server database where our UI stores all the UI related information.
One approach is to create all these tables (just the table structure) in my SQL Server as well and then query a simple select on each table and show the errors or success message(s) accordingly.
So basically I would have the where clause as below or more conditions:
where a = b and c in(1,2)
As mentioned above I would execute the above where clause against each table I created in SQL Server which would return error if column does not exist.
Is there a better way to approach this? I was thinking in case there is some other way to work without creating so many tables on my SQL Server.
I don't want to hard code these as the structure might change in near future. So looking for some maintainable solution. May be create a single table and store all this information in it.
Any suggestions are appreciated.
In SQL server you can query the system object :
information_schema.columns.
That contains a list of all columns for all tables and views.
However, I agree with previous comments - the design you describe is bad bad bad.
Ignoring the SQL injection troubles for a second, if the users have control over only the WHERE clause of the query, then you could try and run something like
select top 0 * from <tables> where <user-entered-where-clause>
and then gracefully handle any errors that are returned.
use dmv function in MS sql server to validate the query string.
assign user string to the variable #Str_query
declare #Str_query as nvarchar(max);
set #Str_query ='SELECT [role_code],[role_description] FROM [dbname].[dbo].[Roles]'
SELECT error_message FROM sys.dm_exec_describe_first_result_set(#Str_query, NULL, 0) WHERE column_ordinal = 0
if there is an error message then query string is not valid for execution.
I am trying to insert data into a postgresql table in visual studio windows forms table adapter using this query;
INSERT INTO PUBLIC .cashaccount
VALUES (:cashmemo, :cashcredit, :cashdebit)
I am using the ':' because I am aware the '#' operator does not work in postgresql but I am still getting a syntax error. I have googled this issue and I am yet to find a postgresql insert command with variables. Does anyone have an idea on how to make the above statement work?
I believe the syntax error your are getting is due to the space in your table name as pointed below
INSERT INTO PUBLIC .cashaccount
^----Here
VALUES (:cashmemo, :cashcredit, :cashdebit)
Also, read through Npgsql(.NET Postgresql provider) for more information with lots of examples.
I absolutely do not get this. The column exists in the table, I've ensured that the application is executing the query against the proper table in the proper database, and it still reports that it's an invalid column name.
I'm running NET 4.0, SQL Server 2008 Express Edition. Does anyone have any similar experience?
Executing queries against any other column name in the same table in the same database works extremely excellently. I added this column today and for some reason my application refuses to acknowledge the existence of this column.
Relevant column definition:
Relevant code:
(from x in flightDataContext.FlightDatas
where x.FlightDataId == FlightDataID && x.Departure == true
select new
{
x.ArrivalStationCode,
x.ArrivalStationName,
x.DepartureTime,
x.DepartureGate
}).SingleOrDefault();
I also faced the same problem.You can try the following solutions.
You should update your classes after the database changed(drag and drop your tables to the linq to sql file), so that the column is accessible with object name. if still problem exists then
the value you are saving in the coloumn is greater then the size specified for the coloumn. try varchar(MAX) if your coloumn is of varchar type.
When I encountered this error, I discovered that I had some spurious [Key] attributes on one of my Model objects that wasn't actually part of the unique key definition for that object's table. They had been innocuously sitting there until I refactored another of the object's relationships. Once I removed them, the error about the columns being invalid vanished.
Try this. Before this , delete the table and drag drog the table again on the DBML file and save the DBML.
var flight= flightDataContext.FlightDatas.SingleOrDefault(x=>x.FlightDataId == FlightDataID && x.Departure);
Now you can access:
flight.ArrivalStationCode,
flight.ArrivalStationName,
flight.DepartureTime,
flight.DepartureGate
My question is generally we write the following through code while we are inserting data to a table
insert into tblname values('"+txt.text+"','"+txt1.text+"');
As we pass the data form the text boxes like that is it possible to insert in to table with out using table name directlty
Well you obviously need to know what table to insert into, so there has to be a table name identified to the INSERT statement. The options include:
an INSERT statement with actual table name as per your existing example
an INSERT statement with a synonym as the target (alias for an actual table - see: http://blog.sqlauthority.com/2008/01/07/sql-server-2005-introduction-and-explanation-to-synonym-helpful-t-sql-feature-for-developer/)
an INSERT statement with an updateable view as the target
a sproc call whereby the sproc knows the table to INSERT into (but the calling code does not need to know)
You should also be aware of SQL injection risks with your example - avoid concatenating values directly into a SQL string to execute. Instead, parameterise the SQL.
If you need to dynamically specify the table to insert into at run time, you have to concatenate the table name into the SQL statement you then execute. However, be very wary of SQL injection - make sure you fully validate the tablename to make sure there are no nasties in it. You could even check it is a real table by checking for it in sys.tables.
Not possible without name of table.
But you can make use of Linq To SQL (i.e any ORM) or DataAdapter.Update if you have filled it with the proper table....
You cannot do that without the table name, no. However, the bigger problem is that your code is horribly dangerous and at rick from SQL injection. You should fix this right now, today, immediately. Injection, even for internal apps, is the single biggest risk. Better code would be:
insert into tblname (Foo, Bar) values(#foo, #bar)
adding the parameters #foo and #bar to your command (obviously, replace with sensible names).
Before you ask: no, the table name cannot be parameterised; you cannot use
insert into #tblname -- blah
The table name(s) is(/are) fundamental in any query or operation.
I suppose that if it's possible you have to use parameters.
Here you have a little example.
My SQL query is
string stringSQL = "Insert into table(clientid, contractorid, driverid)
values (1,1,last_insert_rowid() + 1)"
ExecuteNonQuery(stringSQL)
And the error I get is:
Error: abort due to constraint
violation(clientid, contractorid,
driverid are not unique.
Btw those columns are my primary keys!
Is there an issue using SQLite's functions in c# vs 2010?
Thx I advance
From the last_insert_rowid() documentation:
The last_insert_rowid() function returns the ROWID of the last row insert from the database connection which invoked the function.
Note the "from the database connection" part... which means if there's already data in your table before you open this connection, presumably it's going to start from 0 or 1 again, and end up with a conflict. In other words, I don't think you can use this as a general way of incrementing row IDs.
I'd expect this to work if the table was empty before opening your current database connection, and if that connection is the only thing to have inserted data into that table though... you might want to test that part, just to make sure we understand what's going on.
That's assuming the docs are correct, of course - I've never actually used sqlite myself...