incorrect syntax near '('

Question

1.00/5 (1 vote)

See more:

I am updating my record by taking the value from label9 but i am getting an error "Incorrect syntax near '(' ". I have checked each and every line of code but unfortunately failed to solve this problem. I don't know where the problem is.following is my code.

SQL

SqlCommand insertingbill = new SqlCommand();
               insertingbill.CommandText = "Update customerdetails set(bill)value('"+label9.Text+"') where contactnumber='" + textBox2.Text + "'";
               insertingbill.Connection = con;
               insertingbill.ExecuteNonQuery();

Posted 28-Mar-14 7:59am

Syed Daniyal Ali

Add a Solution

3 solutions

Solution 3

insertingbill.CommandText = "Update customerdetails set bill='"+label9.Text+"' where contactnumber='" + textBox2.Text + "'";

Posted 28-Mar-14 18:34pm

Kan07

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard C Bishop · Accepted Answer · 2014-03-28T08:00:00

Your update statement is incorrect, see below.

Also, concatenating string values is a dangerous way to run a query. You are leaving yourself open to Sql injection[^]. Use parameterized queries[^] instead.

SqlCommand insertingbill = new SqlCommand();
               insertingbill.CommandText = "Update customerdetails set bill =@bill where contactnumber=@contactNumber";
               insertingbill.Parameters.AddWithValue("@contactNumber",textBox2.Text);
               insertingbill.Parameters.AddWithValue("@bill",label9.Text);
               insertingbill.Connection = con;
               insertingbill.ExecuteNonQuery();

Abhinav S · Accepted Answer · 2014-03-28T08:01:00

Solution 2

Your query formatting is incorrect.
Assuming the field value is bill, use

insertingbill.CommandText = "Update customerdetails set bill = ('"+label9.Text+"') where contactnumber='" + textBox2.Text + "'";

Posted 28-Mar-14 8:01am

Abhinav S

v2

Comments

Syed Daniyal Ali 28-Mar-14 14:10pm

Ok Abhinav S... Thanks alot

PIEBALDconsult 28-Mar-14 15:21pm

Richard's answer is better in the long run.