hi
i make web application by c#,asp.net
i want to make page that regist in DB
but when i run the project tell me
Incorrect syntax near 'value' i want to now what is the problem
thanks
12 1994
could u plaese send the code u r using ?
-
-
protected void Button1_Click(object sender, EventArgs e)
-
{
-
SqlConnection dbCon = new SqlConnection();
-
dbCon.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\db.mdf;Integrated Security=True;User Instance=True";
-
dbCon.Open();
-
SqlCommand sqlcom = new SqlCommand();
-
sqlcom.Connection = dbCon;
-
sqlcom.CommandType = CommandType.Text;
-
sqlcom.CommandText = sqlcom.CommandText = "insert into client (Name,SSN,Salary)" + "value(@NameTextBox.Text ,@SSNTextBox.Text ,@SalaryTextBox.Text )";
-
//sqlcom.CommandText = "insert into client (Name,SSN,Salary) value ('" + NameTextBox.Text + "','" + SSNTextBox.Text + "','" + SalaryTextBox.Text + "')";
-
SqlDataReader rdrData;
-
rdrData = sqlcom.ExecuteReader();
-
GridView1.DataSource = rdrData;
-
GridView1.DataBind();
-
}
-
its not correct
sqlcom.CommandText = sqlcom.CommandText = "insert into client (Name,SSN,Salary)" + "value(@NameTextBox.Text ,@SSNTextBox.Text ,@SalaryTextBox.Text )";
it should be
sqlcom.CommandText = "insert into client (Name,SSN,Salary) value ('" + NameTextBox.Text + "','" + SSNTextBox.Text + "','" + SalaryTextBox.Text + "')";
the same error appear,no exchange
Hi,
don't forget @ to the frist of your string, or could use \ as a scape char.
Oh i forgot, how did you declare your flieds SSN and Salary in your DB, it may not be suitable with your users inputs.
Consider ControlParameter, is the most suitable to collect data form users without having to worry about many.... .
Have attention to this !
Kind Regards,
Bassem
I think the words is VALUES not VALUE
when i write values make another error
and when i remove it the same error appear again
Yes, it is VALUES and make your correction on that.
The string: -
"insert into client (Name,SSN,Salary) values ('" + NameTextBox.Text + "', '" + SSNTextBox.Text + "', '" + SalaryTextBox.Text + "' )";
-
Should be of correct format.
Assuming you have a table called "client", that table contains the columns Name - SSN - Salary, they all expect a string type of some sort as a value and that there are no other required columns in the table you are leaving out
@amirghaffarie1362
You should not be dynamically creating your SQL command as suggested by amirghaffarie.
You should use parameters instead: -
sqlcom.CommandText = "INSERT INTO CLIENT(Name, SSN, Salary)" +
-
"VALUES(@clientName, @clientSSN, @clientSalary)";
-
-
sqlCom.Parameters.Add("@clientName", SqlDbType.VarChar).Value = NameTextBox.Text ;
-
sqlCom.Parmaeters.Add("@clientSSN", SqlDbType.VarChar).Value = SSNTextBox.Text;
-
sqlCom.Parameters.Add("@clientSalary",SqlDbType.VarChar).Value = SalaryTextBox.Text;
The reason for using parameters is because the information entered by the user will not be compiled with your SQL command.
If you create your SQL statement without parameters, anything entered by the user will be compiled with your sql command. This could leave you vulnerable to an SQL insertion attack.
When you encounter a new error, please post what the error message says so that we can continue to help you :)
-Frinny
Hi,
thanks for all one ,the page run without error,if i face any error ,i will send again
regards
orked
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Fang |
last post by:
I want to open a file and write some string between the the 3rd line and the
4th line. my code (as follows) can insert after the 3rd line but somehow it
owerwrites the 4th line. So i lost its...
|
by: help |
last post by:
I want to open a file and write some string between the the 3rd line and the
4th line. my code (as follows) can insert after the 3rd line but somehow it
owerwrites the 4th line. So i lost its...
|
by: jonhanks |
last post by:
Can anyone see anything wrong with this SQL string? REF is a long
integer field and DATE is a text field.
strSQL = "INSERT INTO PHOTOSAccess (REF, DATE)" _
& " VALUES (" & txtRef & ", '" &...
|
by: c_kubie |
last post by:
I have an update string getting a list of names that are list1 but not
in list2. (Sorry for the lame example)
list1
----
Bill
Bill
mike
tom
jim
|
by: Kevin Lawrence |
last post by:
Hi
I need to store binary data into SQL Server but is there anyway it can be
done in a constructed INSERT rather than using the @parameters?
ie
INSERT INTO Table (BLOB)...
|
by: nospam |
last post by:
From the book
"There is an important difference between these definitions:
char amessage="now is the time";
char *pmessage ="now is the time";
snip
On the other hand, pmessage is a...
|
by: =?Utf-8?B?TW9uaWNh?= |
last post by:
hi
SQL queries does not recognize *$()!.,?/\{};:'"&^+=<>|.
if I have a variable alike this:
Date = "Thursday, March 01, 2007 - 9:53 PM";
how can I inset in my database?
strCommand =...
|
by: David |
last post by:
Hi,
I have an asp page with a form, which has a lot of fields ........ 30
to 40 !
Is there an easier way to loop through all the fields submitted to the
insert page or is the only way to do...
|
by: nrworld |
last post by:
Hi,
I am facing a problem while using pepared statement for inserting data in MS-Access db.
private const String CONN_STR = "Provider=Microsoft.Jet.OLEDB.4.0;Data...
|
by: Abandoned |
last post by:
Hi..
I want to insert some data to postgresql..
My insert code:
yer="019"
cursor.execute("INSERT INTO ids_%s (id) VALUES (%s)", (yer, id))
I don't want to use % when the insert operation.
in...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |