asp.net web application

Question

2.33/5 (2 votes)

See more:

Sir,
i am develop one application these application has 7 textbox controls and 2 button control and using backend
database is sqlserver2008 here is on debugging is no problem but i click the save button it given the error message that message is " Incorrect syntax near ')'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near ')'.

what is the problem
and we are send the code

protected void BTNSAVE(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection("Data Source=NSYS1\\SQLEXPRESS;Initial Catalog=agfl;connect timeout=30;Integrated Security=True");
    SqlCommand mycom;
    mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno)Values('" + TextBox1.Text + "','" + TextBox6.Text + "','" + TextBox2.Text + "','" + TextBox7.Text + "','" + TextBox4.Text + "','" + TextBox8.Text + "','" + TextBox5.Text + "','" + TextBox9.Text + "',)", con);
    con.Open();
    mycom.Parameters.AddWithValue("sno", @TextBox1.Text);
    mycom.Parameters.AddWithValue("rdate",@TextBox6.Text);
    mycom.Parameters.AddWithValue("acno", @TextBox2.Text);
    mycom.Parameters.AddWithValue("name", @TextBox7.Text);
    mycom.Parameters.AddWithValue("vno", @TextBox4.Text);
    mycom.Parameters.AddWithValue("amt", @TextBox8.Text);
    mycom.Parameters.AddWithValue("edate",@TextBox5.Text);
    mycom.Parameters.AddWithValue("chno",@TextBox9.Text);
    mycom.ExecuteNonQuery();

    con.Close();

}

Posted 4-Sep-13 4:12am

Raghavendra Guptha

Updated 4-Sep-13 4:19am

Richard C Bishop

v2

Add a Solution

7 solutions

Solution 1

It is because you have a comma right before your closing parenthesis.

However, this is a terrible way to do. Anyone who knows enough SQL could drop tables or otherwise mess up your database. I suggest you research SQL Injections. You are also adding parameters to something that doesn't have parameters.

You should change your sql statement to be:

SQL

... VALUES (@sno, @rdate, @acno,...)

and then when you add parameters using your textbox values the values will get replaced into the sql statement.

Posted 4-Sep-13 4:20am

ZurdoDev

Comments

Raghavendra Guptha 4-Sep-13 10:35am

Must declare the scalar variable "@TextBox1".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Must declare the scalar variable "@TextBox1".

ZurdoDev 4-Sep-13 10:43am

Yes, you need to do mycom.Parameters.AddWithValue("sno", @sno);
or whatever you name them. They need to match.

Raghavendra Guptha 5-Sep-13 3:10am

it's is working on internet explorer but not working mozilla browser . I can't trace the correct problem how is possiable its working one browser

ZurdoDev 5-Sep-13 7:12am

What do you mean it isn't working?

Raghavendra Guptha 4-Sep-13 10:36am

given the errors message is
Must declare the scalar variable "@TextBox1".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Must declare the scalar variable "@TextBox1".

Solution 2

First thing's first, you are not using parameterized queries correctly. You are still susceptible to SQL injection and you are assigning values to the column names of the table are you attempting to insert into.

Your code should look something like this:

protected void BTNSAVE(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("Data Source=NSYS1\\SQLEXPRESS;Initial Catalog=agfl;connect timeout=30;Integrated Security=True");
        SqlCommand mycom;
        mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno) Values(@sno,@rdate,@acno,@name,@vno,@amt,@edate,@chno)", con);
        con.Open();
        mycom.Parameters.AddWithValue("@sno",TextBox1.Text);
        mycom.Parameters.AddWithValue("@rdate",TextBox6.Text);
        mycom.Parameters.AddWithValue("@acno",TextBox2.Text);
        mycom.Parameters.AddWithValue("@name",TextBox7.Text);
        mycom.Parameters.AddWithValue("@vno",TextBox4.Text);
        mycom.Parameters.AddWithValue("@amt",TextBox8.Text);
        mycom.Parameters.AddWithValue("@edate",TextBox5.Text);
        mycom.Parameters.AddWithValue("@chno",TextBox9.Text);
        mycom.ExecuteNonQuery();

        con.Close();

    }

Posted 4-Sep-13 4:25am

Richard C Bishop

Comments

Raghavendra Guptha 4-Sep-13 10:39am

sir , i trying this above code but given the error message is "given the errors message is
Must declare the scalar variable "@TextBox1".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Must declare the scalar variable "@TextBox1".
"

Richard C Bishop 4-Sep-13 10:53am

You are not using the code in my solution then. There is no reference to "@TextBox1" in my solution anywhere.

Solution 3

C#

mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno)Values('" + TextBox1.Text + "','" + TextBox6.Text + "','" + TextBox2.Text + "','" + TextBox7.Text + "','" + TextBox4.Text + "','" + TextBox8.Text + "','" + TextBox5.Text + "','" + TextBox9.Text + "')", con);

Posted 4-Sep-13 18:30pm

Member 10186638

Updated 5-Sep-13 23:51pm

v2

Solution 5

C#

protected void BTNSAVE(object sender, EventArgs e)
       {
           SqlConnection con = new SqlConnection("Data Source=NSYS1\\SQLEXPRESS;Initial Catalog=agfl;connect timeout=30;Integrated Security=True");
           SqlCommand mycom;
           mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno)Values('" + TextBox1.Text + "','" + TextBox6.Text + "','" + TextBox2.Text + "','" + TextBox7.Text + "','" + TextBox4.Text + "','" + TextBox8.Text + "','" + TextBox5.Text + "','" + TextBox9.Text + "',">remove this comma,)", con);
           con.Open();
           mycom.Parameters.AddWithValue("sno", @TextBox1.Text);
           mycom.Parameters.AddWithValue("rdate",@TextBox6.Text);
           mycom.Parameters.AddWithValue("acno", @TextBox2.Text);
           mycom.Parameters.AddWithValue("name", @TextBox7.Text);
           mycom.Parameters.AddWithValue("vno", @TextBox4.Text);
           mycom.Parameters.AddWithValue("amt", @TextBox8.Text);
           mycom.Parameters.AddWithValue("edate",@TextBox5.Text);
           mycom.Parameters.AddWithValue("chno",@TextBox9.Text);
           mycom.ExecuteNonQuery();

           con.Close();

       }

if you are getting string or binary data truncated then your txtboxes should have ' so you should replace this one by the ''

hope this will help you regards...:)

Posted 4-Sep-13 21:32pm

Dholakiya Ankit

Updated 5-Sep-13 23:51pm

v5

Solution 4

hi,,
here is the sample query for insert

C#

Sqlconnection con=new Sqlconnection();
con.open();
con.Connectionstring="Data Source=PHANNY-PC\PHANNY; Initial Catalog=db_stuRegisterPay; Integrated Security=SSPI";
string query="insert into Persons_info(perID, latinName, gender, dob, pob, phone, passport, curAdd, status) values('" + txtID.Text + "','" + txtLatinName.Text + "','" + cbGender.Text + "'" + dTPdob.Text + txtPob.Text + "','" + txtPhone.Text + "','" + txtPassport.Text + "'" + txtCurAdd.Text + "'" + cbStatus.Text + " )";
 
SqlCommand cmd=new SqlCommand(query,con);
cmd.ExecuteNonQuery();
 
MessageBox.show("Saving is done!");

hope this helps
Happy coding :)

Posted 4-Sep-13 18:49pm

Priyanka Bhagwat

Comments

Raghavendra Guptha 5-Sep-13 2:13am

i am trying the above code but given the error is " String or binary data would be truncated.
The statement has been terminated.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: String or binary data would be truncated.
The statement has been terminated.

Source Error:
"

Priyanka Bhagwat 5-Sep-13 2:20am

You will get error "String or binary data would be truncated. The statement has been terminated." when existing column contains data having more length than new column length.
please check your db

Raghavendra Guptha 5-Sep-13 3:14am

it's is working on internet explorer but not working mozilla browser . I can't trace the correct problem how is possiable its working one browser

Priyanka Bhagwat 5-Sep-13 3:22am

i also don't knw, sorry

Raghavendra Guptha 5-Sep-13 3:30am

oky thank q for u r co-operation and also u r given new idea

Raghavendra Guptha 18-Sep-13 6:52am

i am findout that my mozilla browser is old version these version has not microsoft dotnet framework assistant 1.2.1 so these addon installed the above problem is clear

[no name] 6-Sep-13 5:39am

Friend Your Button Click Event Is Remaining..........

you directly generate this code..

protected void BTNSAVE(object sender, EventArgs e)

it's not possible so just check your code and then run your application

And also check Your client side code where BTNSAVE_click event is also remaining on Button Control....

In Above Code You Have remove extra comma after===>> TextBox9.Text + "',)====>> so just remove comma and run your application

Solution 6

HTML

You Have Try to do this code....

protected void BTNSAVE_Click(object sender, EventArgs e)
       {
            SqlConnection con = new SqlConnection("Data Source=NSYS1\\SQLEXPRESS;Initial Catalog=agfl;connect timeout=30;Integrated Security=True");
            con.open();
            string qry="Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno)
                          Values(@sno,@rdate,@acno,@name,@vno,@amt,@edate,@chno)";
            SqlCommand mycom = new SqlCommand(con,qry);
            mycom.Parameters.AddWithValue("@sno",TextBox1.Text);
            mycom.Parameters.AddWithValue("@rdate",TextBox6.Text);
            mycom.Parameters.AddWithValue("@acno",TextBox2.Text);
            mycom.Parameters.AddWithValue("@name",TextBox7.Text);
            mycom.Parameters.AddWithValue("@vno",TextBox4.Text);
            mycom.Parameters.AddWithValue("@amt",TextBox8.Text);
            mycom.Parameters.AddWithValue("@edate",TextBox5.Text);
            mycom.Parameters.AddWithValue("@chno",TextBox9.Text);
            mycom.ExecuteNonQuery();
            con.Close();
         }

Friend Your Button Click Event Is Remaining..........
you directly generate this code..
protected void BTNSAVE(object sender, EventArgs e)
it's not possible so just check your code and then run your application .
And also check Your client side code where BTNSAVE_click event is also remaining on Button Control....

In Above Code You Have remove extra comma after TextBox9.Text + "',) so just remove comma and run your application

Posted 5-Sep-13 23:35pm

Kunal_Patel

Updated 5-Sep-13 23:50pm

v3

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Member 9822231 · Accepted Answer · 2013-09-06T01:13:00

Solution 7

Remove the Second Last Comma from your Query.

Posted 6-Sep-13 1:13am

Member 9822231