This QUERY is giving error what's wrong, please help asap, thanks in advance. error near )

Question

1.80/5 (2 votes)

See more:

C#

string str1="insert into Employee values("+txtempid.Text+",'"+txtEmpName.Text+"',"+txtsal.Text+",'"+txtdob.Text+"','"+txtdoj.Text+"',"+txtorderid.Text+ ")";

Posted 28-Jan-14 1:29am

Parth Dotnet1

Updated 28-Jan-14 1:57am

Richard MacCutchan

v2

Add a Solution

Comments

Gautam Raithatha 28-Jan-14 7:32am

you should mention the error atleast, so proper help can be provided.

Parth Dotnet1 28-Jan-14 7:36am

THE ERROR IS : Incorrect syntax near ')'.

Dinesh.V.Kumar 28-Jan-14 7:36am

Query seems correct...it will be helpful if you can provide the error information...so that we can help you out...

Valeh_CP 28-Jan-14 7:40am

Use try catch and look Exception error

EduChapow 28-Jan-14 7:46am

see my solution man, i hope help u

Gautam Raithatha 28-Jan-14 7:54am

there may be the error in date format.

Richard MacCutchan 28-Jan-14 7:58am

Use proper parameterized SQL and you will avoid situations like this. There could be any garbage in any of thos text fields.

Richard MacCutchan 28-Jan-14 8:21am

You also appear to be using text values for numeric and date fields which is incorrect.

Parth Dotnet1 28-Jan-14 11:06am

Thank u guys... PROBLEM WAS WITH DATE ONLY.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CHill60 · Accepted Answer · 2014-01-28T03:13:00

Building a string by concatenating text boxes is a bad idea for a couple of reasons ...

Firstly, you are leaving yourself vulnerable to SQL Injection attacks - see http://bobby-tables.com/[^]

So use parameterised queries to avoid this.

Secondly, if you do use parameterised queries, you will gain certain other advantages - simpler query strings - which make it easier to spot any errors. For example you won't have to worry about the single quotes around string parameters. Your command string would become

C#

string str1="insert into Employee values (@empid,@EmpName,@sal,@dob,@doj,@orderid)"

Looking at the query now, I can tell that your problem was the result of the contents of one (or more) of your text boxes.

When creating the parameters from your text boxes do use the TryParse methods on int, string etc to ensure that the contents of the text boxes really do contain the type of data you expect.

Finally, in the debugger grab the final content of str1 and paste it into query analyser or similar ... you might get more detailed error reporting in context.

[edit - example of sql parameters] http://csharp-station.com/Tutorial/AdoDotNet/Lesson06[^]

EduChapow · Accepted Answer · 2014-01-28T01:36:00

Solution 2

Hello man, is missing a columns and char '.

see this example:

SQL

INSERT INTO Employee (< columns1 >,< columns2 >, < column3 >) VALUES (< 'valueColumn1' >, < 'valueColumn2' >, < 'valueColumn3' >)

try this.

bye

Posted 28-Jan-14 1:36am

EduChapow

Comments

Gautam Raithatha 28-Jan-14 7:56am

column names can be omitted from insert query. the values clause will insert the values in columns starting from first in database table.

Parth Dotnet1 28-Jan-14 8:09am

i am NOT MISSING ANY COLUMN , it would have given date type related error if date was the problem

EduChapow 28-Jan-14 8:10am

hmmm, nice... living and learning! lol

EduChapow 28-Jan-14 8:13am

so, first convert your string to datetime?

JayantaChatterjee · Accepted Answer · 2014-01-28T02:49:00

I think the error is datatype mismatch..
So, change your query :

string str1="insert into Employee values("+txtempid.Text+",'"+txtEmpName.Text+"',"+txtsal.Text+",'"+txtdob.Text+"','"+txtdoj.Text+"',"+txtorderid.Text+ ")";

To

string str1="insert into Employee values("+txtempid.Text+",'"+txtEmpName.Text+"',"+txtsal.Text+",#"+txtdob.Text+"#,#"+txtdoj.Text+"#,"+txtorderid.Text+ ")";

# sign represent the date value .
I hope it will help you....
Happy Coding .. :-)

This QUERY is giving error what's wrong, please help asap, thanks in advance. error near )

3 solutions

Solution 5

Solution 2

Solution 4

Add your solution here

Preview 0