Hi,
I have an ASP.net application with a connection to a sql database. I am
writing a SQL statement to update some fields in a table but it won't run
because it gives me an error that says
Error near #
How do I fix this problem the Code is below
"UPDATE DefendantInformation SET [First Name] = '" & txtDefFName.Text & "'" _
& ", [Last Name] = '" & txtDefLName.Text & "', [Address] = '" &
txtDefAddress.Text & "'" _
& ", [City] = '" & txtDefCity.Text & "', [DOB] = #" &
txtDefDOB.Text & "#" _
& "WHERE ID = " & valueSelected
Regards
Brian
4  1185 
You shouldn't be concatenating your sql strings -- your code will be vulnreable
to a sql injection attack which is a very serious security hole. Instead
use parameterized queries:
SqlCommand cmd;
cmd.CommandText = "update authors set au_fname = @fname where au_id = @ID";
cmd.Parameters.Add("@fname", "Brock");
cmd.Parameters.Add("@ID", "444-55-6666");
and so on....
For your datetime column, you might have better luck by passing a DateTime
as the 2nd parameter to Add().
-Brock
DevelopMentor http://staff.develop.com/ballen Hi,
I have an ASP.net application with a connection to a sql database. I
am writing a SQL statement to update some fields in a table but it
won't run because it gives me an error that says
Error near #
How do I fix this problem the Code is below
"UPDATE DefendantInformation SET [First Name] = '" & txtDefFName.Text
& "'" _
& ", [Last Name] = '" & txtDefLName.Text & "', [Address] =
'" &
txtDefAddress.Text & "'" _
& ", [City] = '" & txtDefCity.Text & "', [DOB] = #" &
txtDefDOB.Text & "#" _
& "WHERE ID = " & valueSelected
Regards Brian
so what your saying is that for every table column I need to update I should
do them individually.
"Brock Allen" wrote: You shouldn't be concatenating your sql strings -- your code will be vulnreable
to a sql injection attack which is a very serious security hole. Instead
use parameterized queries:
SqlCommand cmd;
cmd.CommandText = "update authors set au_fname = @fname where au_id = @ID";
cmd.Parameters.Add("@fname", "Brock");
cmd.Parameters.Add("@ID", "444-55-6666");
and so on....
For your datetime column, you might have better luck by passing a DateTime
as the 2nd parameter to Add().
-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi,
I have an ASP.net application with a connection to a sql database. I
am writing a SQL statement to update some fields in a table but it
won't run because it gives me an error that says
Error near #
How do I fix this problem the Code is below
"UPDATE DefendantInformation SET [First Name] = '" & txtDefFName.Text
& "'" _
& ", [Last Name] = '" & txtDefLName.Text & "', [Address] =
'" &
txtDefAddress.Text & "'" _
& ", [City] = '" & txtDefCity.Text & "', [DOB] = #" &
txtDefDOB.Text & "#" _
& "WHERE ID = " & valueSelected
Regards Brian
No, he is saying you should use a parameterized query.
"bbdobuddy" <bb*******@discussions.microsoft.com> wrote in message
news:32**********************************@microsof t.com... so what your saying is that for every table column I need to update I
should
do them individually.
"Brock Allen" wrote:
You shouldn't be concatenating your sql strings -- your code will be
vulnreable
to a sql injection attack which is a very serious security hole. Instead
use parameterized queries:
SqlCommand cmd;
cmd.CommandText = "update authors set au_fname = @fname where au_id =
@ID";
cmd.Parameters.Add("@fname", "Brock");
cmd.Parameters.Add("@ID", "444-55-6666");
and so on....
For your datetime column, you might have better luck by passing a
DateTime
as the 2nd parameter to Add().
-Brock
DevelopMentor
http://staff.develop.com/ballen
> Hi,
>
> I have an ASP.net application with a connection to a sql database. I
> am writing a SQL statement to update some fields in a table but it
> won't run because it gives me an error that says
>
> Error near #
>
> How do I fix this problem the Code is below
>
> "UPDATE DefendantInformation SET [First Name] = '" & txtDefFName.Text
> & "'" _
> & ", [Last Name] = '" & txtDefLName.Text & "', [Address] =
> '" &
> txtDefAddress.Text & "'" _
> & ", [City] = '" & txtDefCity.Text & "', [DOB] = #" &
> txtDefDOB.Text & "#" _
> & "WHERE ID = " & valueSelected
> Regards Brian
>
I guess I lfet out the call to cmd.ExecuteNonQuery() at the end. A parameterized
SQL statement can update many columns. Calling Add is simply preparing the
parameters that will be sent. The SQL isn't sent until you make the call
to ExecuteNonQuery().
-Brock
DevelopMentor http://staff.develop.com/ballen so what your saying is that for every table column I need to update I
should do them individually.
"Brock Allen" wrote:
You shouldn't be concatenating your sql strings -- your code will be
vulnreable to a sql injection attack which is a very serious security
hole. Instead use parameterized queries:
SqlCommand cmd;
cmd.CommandText = "update authors set au_fname = @fname where au_id =
@ID";
cmd.Parameters.Add("@fname", "Brock");
cmd.Parameters.Add("@ID", "444-55-6666");
and so on....
For your datetime column, you might have better luck by passing a
DateTime as the 2nd parameter to Add().
-Brock
DevelopMentor
http://staff.develop.com/ballen Hi,
I have an ASP.net application with a connection to a sql database.
I am writing a SQL statement to update some fields in a table but it
won't run because it gives me an error that says
Error near #
How do I fix this problem the Code is below
"UPDATE DefendantInformation SET [First Name] = '" &
txtDefFName.Text
& "'" _
& ", [Last Name] = '" & txtDefLName.Text & "', [Address] =
'" &
txtDefAddress.Text & "'" _
& ", [City] = '" & txtDefCity.Text & "', [DOB] = #" &
txtDefDOB.Text & "#" _
& "WHERE ID = " & valueSelected
Regards Brian This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Jill |
last post by:
I am trying to store the current date to an ms access database on my server.
I set it up with a dsnless connection.
Here is the statement:
Insert Into employees(timestamp) Values ('" & date() &...
|
by: Steve |
last post by:
Hello, I've been a PHP programmer for a number of years and have just
started to learn JS. My Employer (a water analysis lab) wants what
should be a very simple .js written that basically takes...
|
by: Polly |
last post by:
I had a macro that ran a parameter query and created and opened an
Excel file with the system date as part of the file name, but I had to
change the file name by hand. So I converted the macro to...
|
by: Thierry Loiseau |
last post by:
Hello all,
and Happy end year 2005 !
Well, I would like to obtain a list of all JavaScript var statement,
With "for...in" perharps ?
That is bellow my recent test here, but the problem is...
|
by: Steven Bethard |
last post by:
The PEP below should be mostly self explanatory. I'll try to keep the
most updated versions available at:
http://ucsu.colorado.edu/~bethard/py/pep_create_statement.txt...
|
by: Steven Bethard |
last post by:
I've updated the PEP based on a number of comments on comp.lang.python.
The most updated versions are still at:
http://ucsu.colorado.edu/~bethard/py/pep_create_statement.txt...
|
by: Steven Bethard |
last post by:
Ok, I finally have a PEP number. Here's the most updated version of the
"make" statement PEP. I'll be posting it shortly to python-dev.
Thanks again for the previous discussion and suggestions!...
|
by: Steven Bethard |
last post by:
I've updated PEP 359 with a bunch of the recent suggestions. The
patch is available at:
http://bugs.python.org/1472459
and I've pasted the full text below.
I've tried to be more explicit about...
|
by: Jim Florence |
last post by:
Hello,
I've just started in ASP and I'm having a few teething problems. Initially I
tried to write out dates from the database using
<asp:Label runat="server" ID="Label6" Text='<%#...
|
by: Joshepmichel |
last post by:
Please to help me to following problem
I want to do this
1. create Table Name MEMBER on the Database Name "mytestdb",
2. Add the Values to the Table through the Key board Inputs during running...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
