473,325 Members | 2,805 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

Issue executing query

So I have this app I'm building (I'm new to C#) and through countless hours i have managed to come up with the following so far on button click event.

I have a text box, dropdown, and a radio button. I want to insert all these values in to a table. the only catch is that the Dropdown value must be used to first cross reference the users table and pull the users UserId and use that value for the INSERT statement. Now heres the code behind...

protected void btnSubmit_Click(object sender, EventArgs e)
{
SqlConnection ConnectionInfo = new SqlConnection();
ConnectionInfo.ConnectionString = ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString;
SqlCommand cmd = new SqlCommand();


if (rbDisabled.Checked)
rbResults.Text = rbDisabled.Text;
if (rbEnabled.Checked)
rbResults.Text = rbEnabled.Text;

string AccountName = AccountName1.Text;
string OwnerName = AllUsersDropDownList1.SelectedValue;
string Status = rbResults.Text;

cmd.CommandText = "SELECT (UserId) FROM (dbo.aspnet_Users) WHERE UserName = " + AllUsersDropDownList1.SelectedValue + ";";
cmd.CommandType = CommandType.Text;

cmd.Connection = ConnectionInfo;

ConnectionInfo.Open();

SqlDataReader reader = cmd.ExecuteReader();
var con = reader.Read();

SqlCommand cmd1 = new SqlCommand();


cmd1.CommandText = "INSERT INTO (dbo.apt_accounts) (account_owner_id, account_name, account_active) VALUES ('" + con + ", " + AccountName + ", " + Status + "')";
cmd1.CommandType = CommandType.Text;
cmd1.Connection = ConnectionInfo;

cmd1.ExecuteReader();


}


}

Problem is I am getting:
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near ')'.

Line 40: ConnectionInfo.Open();
Line 41:
Line 42: SqlDataReader reader = cmd.ExecuteReader();
Line 43: var con = reader.Read();
Line 44:

Any help to the right direction would be great appreciated. If you need any more info please ask.
Jan 7 '12 #1

✓ answered by Rabbit

Get rid of the parentheses in the SQL string.

7 1897
Rabbit
12,516 Expert Mod 8TB
Get rid of the parentheses in the SQL string.
Jan 7 '12 #2
I am ran in Your code. I am not getting the error.Please Check, you put extra ')' closing parenthese in your Coading.
Jan 7 '12 #3
Brian Connelly
103 100+
Look at the underlined characters...thats where it is resulting in an error. Hope this helps.
cmd1.CommandText = "INSERT INTO (dbo.apt_accounts) (account_owner_id, account_name, account_active) VALUES ('" + con + ", " + AccountName + ", " + Status + "')";
Jan 7 '12 #4
I found the issue was i didn't space out the ):

"INSERT INTO dbo.apt_accounts ( account_owner_id, account_name, account_active ) VALUES ( '" + reader + "', '" + AccountName + "', '" + Status + "' )";

Worked Fine
Jan 7 '12 #5
and got rid of the ) around collum, DB Thanks Rabbit
Jan 7 '12 #6
PsychoCoder
465 Expert Mod 256MB
Try this version of your code

Expand|Select|Wrap|Line Numbers
  1. cmd1.CommandText = "INSERT INTO (dbo.apt_accounts) (account_owner_id, account_name, account_active) VALUES ('" + con + "'", "'" + AccountName + "'", "'" + Status + "')";
Jan 10 '12 #7
PsychoCoder
465 Expert Mod 256MB
You should be using parameterized queries, your current code is just waiting for a SQL Injection attack. Take a look at this:

Parameterized queries: The hows and whys | http://bit.ly/t2hohD
Jan 18 '12 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

3
by: Will Atkinson | last post by:
Hi All, I'm a relative newbie to SQL Server, so please forgive me if this is a daft question... When I set "Show Execution Plan" on in Query Analyzer, and execute a (fairly complex) sproc, I...
1
by: luthriaajay | last post by:
I am using my own namespace called xmlns:i="http://www.ABC/int:i" in my XSL style sheet. The input XML document (which has its own namespace) needs to be mapped with the elements defined in my...
3
by: deepak | last post by:
Hi There, i am facing problems while executing the query using ADO.NET,the problem goes below: i am using ExecuteDataset(sqlTran, CommandType.Text, query) and my query is this SELECT * FROM...
2
by: hussain123 | last post by:
Hi All, I am trying to execute a query from my VB.Net application but it throwing an error as "Syntax error in update statement". The query is:- Dim UpdQuery As String = "Update tblDefectData set...
1
by: hlnet | last post by:
Hi michaelb, Hel me please. 1.I have table "Master" with fields : Id,description,HD8,Hd6,name. How to create FUNCTION for executing query : SELECT Id,description FROM Master ( only 2...
2
by: robertGreen613 | last post by:
Hi All, I am trying to execute a query in my VB Code for this Access application. THe code i have is: Dim dbcon227 As Database Dim qryDeff As QueryDef Dim dbrs2, rs As...
2
by: hawk7890 | last post by:
I have done alot of research on this problem but I am unable to figure it out. I have a table created with the following fields ID UserID (domain account) UserName (full name of person)...
1
by: vstud | last post by:
Hi guys, I have a simple page with a text box for inserting a name and a gridview below it. once the user type the name the gridview displays the matching record that has that name in the...
5
by: lmeeson | last post by:
i want to combine two fields and have used the the following query UPDATE SudentInfo SET image1name = CONCAT(imagepath,UserName,'1'); this works but the thing is when a new record is added the...
1
by: mus24 | last post by:
Hi All, I have an issue where my query results are to be "less sensitive" to various syntax For example: SELECT * FROM Player_Profile WHERE txtname LIKE 'AJ Abrams' But the results are to...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.