Click here to Skip to main content
15,907,328 members
Search within:


Get error when trying to update record
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET
SQL
C#3.5
I get an error when the user is trying to update their record.
HTML
Incorrect syntax near '('.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '('.

Source Error:


Line 675:            cmd3.Parameters.AddWithValue("@HC50", TextBoxHC50.Text.Replace(",", ""));
Line 676:
Line 677:            cmd3.ExecuteNonQuery();
Line 678:        }
Line 679:        con7.Close();


Source File: C:\Users\khopkins\Documents\Visual Studio 2010\Projects\SACSCOCLogin1.1\SACSCOCLogin1.1\FTEEnrollmentInformation.aspx.cs    Line: 677


Here is my INSERT and UPDATE code:
C#
protected void ButtonSave_Click(object sender, EventArgs e)
    {
        SqlConnection con7 = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con7.Open();

        string cmdStr = "Select count(*) from Table88 where User_ID='" + TextBoxUser_ID.Text + "'";
        SqlCommand userExist = new SqlCommand(cmdStr, con7);
        SqlCommand cmd = new SqlCommand("select User_ID from Table88", con7);
        int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
        if (temp == 0)
        {

            SqlCommand cmd2 = new SqlCommand("Insert into Table88 (User_ID, FT_UNDERGR, DATE, FT_GRAD, FTE_UNDERG, FTE_GRAD, NON_CREDIT, TOTAL_FTE, FCFTUHC, FCFTPBHC, FCPTUHC, FCPTPBHC, NCHC, UnderG12, Postb9, Total123b4b, FTEYR, THCAS, FTE40, HC50) values (@User_ID, @FT_UNDERGR, @DATE, @FT_GRAD, @FTE_UNDERG, @FTE_GRAD, @NON_CREDIT, @TOTAL_FTE, @FCFTUHC, @FCFTPBHC, @FCPTUHC, @FCPTPBHC, @NCHC, @UnderG12, @Postb9, @Total123b4b, @FTEYR, @THCAS, @FTE40, @HC50);", con7);
            cmd2.CommandType = CommandType.Text;
            cmd2.Parameters.AddWithValue("@User_ID", TextBoxUser_ID.Text);
            cmd2.Parameters.AddWithValue("@FT_UNDERGR", TextBoxFTUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FT_GRAD", TextBoxFTG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTE_UNDERG", TextBoxTHUGDR.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTE_GRAD", TextBoxTHGDR.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@NON_CREDIT", TextBoxNCCDR.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@TOTAL_FTE", TextBoxTCNC.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCFTUHC", TextBoxTNFUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCFTPBHC", TextBoxTNFG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCPTUHC", TextBoxTNCPUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FCPTPBHC", TextBoxTNCPG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@NCHC", TextBoxTNNCC.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTEYR", lblYEAR1.Text);
            cmd2.Parameters.AddWithValue("@DATE", TextBoxDATE.Text);
            cmd2.Parameters.AddWithValue("@UnderG12", TextBoxTHUG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@Postb9", TextBoxTHG.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@Total123b4b", TextBoxT1234.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@THCAS", TextBoxTHCAS.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@FTE40", TextBoxFTE40.Text.Replace(",", ""));
            cmd2.Parameters.AddWithValue("@HC50", TextBoxHC50.Text.Replace(",", ""));

            cmd2.ExecuteNonQuery();
        }
        else if (temp == 1)
        {
            SqlCommand cmd3 = new SqlCommand("UPDATE Table88 (User_ID, FT_UNDERGR, DATE, FT_GRAD, FTE_UNDERG, FTE_GRAD, NON_CREDIT, TOTAL_FTE, FCFTUHC, FCFTPBHC, FCPTUHC, FCPTPBHC, NCHC, UnderG12, Postb9, Total123b4b, FTEYR, THCAS, FTE40, HC50) values (@User_ID, @FT_UNDERGR, @DATE, @FT_GRAD, @FTE_UNDERG, @FTE_GRAD, @NON_CREDIT, @TOTAL_FTE, @FCFTUHC, @FCFTPBHC, @FCPTUHC, @FCPTPBHC, @NCHC, @UnderG12, @Postb9, @Total123b4b, @FTEYR, @THCAS, @FTE40, @HC50);", con7);
            cmd3.CommandType = CommandType.Text;
            cmd3.Parameters.AddWithValue("@User_ID", TextBoxUser_ID.Text);
            cmd3.Parameters.AddWithValue("@FT_UNDERGR", TextBoxFTUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FT_GRAD", TextBoxFTG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTE_UNDERG", TextBoxTHUGDR.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTE_GRAD", TextBoxTHGDR.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@NON_CREDIT", TextBoxNCCDR.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@TOTAL_FTE", TextBoxTCNC.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCFTUHC", TextBoxTNFUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCFTPBHC", TextBoxTNFG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCPTUHC", TextBoxTNCPUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FCPTPBHC", TextBoxTNCPG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@NCHC", TextBoxTNNCC.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTEYR", lblYEAR1.Text);
            cmd3.Parameters.AddWithValue("@DATE", TextBoxDATE.Text);
            cmd3.Parameters.AddWithValue("@UnderG12", TextBoxTHUG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@Postb9", TextBoxTHG.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@Total123b4b", TextBoxT1234.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@THCAS", TextBoxTHCAS.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@FTE40", TextBoxFTE40.Text.Replace(",", ""));
            cmd3.Parameters.AddWithValue("@HC50", TextBoxHC50.Text.Replace(",", ""));

            cmd3.ExecuteNonQuery();
        }
        con7.Close();
Posted
Updated 13-Nov-14 3:37am
v2
Add a Solution
Comments
vbmike 13-Nov-14 9:29am    
@INST_ID, in cmd3. Is this correct in your code? seems it should be @User_ID as in cmd2??
Computer Wiz99 13-Nov-14 9:37am    
Okay, I corrected the code but still get the same error message.
Herman<T>.Instance 13-Nov-14 9:32am    
And what is your question?
Richard Deeming 13-Nov-14 9:35am    
Your SELECT code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
Kornfeld Eliyahu Peter 13-Nov-14 9:42am    
See you final SQL query for cmd3 - use debugger...

1 solution

First of all, fix the SQL Injection vulnerability[^] in your SELECT code:
C#
const string cmdStr = "Select count(*) from Table88 where User_ID= @User_ID";
SqlCommand userExist = new SqlCommand(cmdStr, con7);
userExist.Parameters.AddWithValue("@User_ID", TextBoxUser_ID.Text);
int temp = Convert.ToInt32(userExist.ExecuteScalar());


Then, fix the syntax of your UPDATE query[^]:
C#
SqlCommand cmd3 = new SqlCommand("UPDATE Table88 SET FT_UNDERGR = @FT_UNDERGR, DATE = @DATE, FT_GRAD = @FT_GRAD, FTE_UNDERG = @FTE_UNDERG, FTE_GRAD = @FTE_GRAD, NON_CREDIT = @NON_CREDIT, TOTAL_FTE = @TOTAL_FTE, FCFTUHC = @FCFTUHC, FCFTPBHC = @FCFTPBHC, FCPTUHC = @FCPTUHC, FCPTPBHC = @FCPTPBHC, NCHC = @NCHC, UnderG12 = @UnderG12, Postb9 = @Postb9, Total123b4b = @Total123b4b, FTEYR = @FTEYR, THCAS = @THCAS, FTE40 = @FTE40, HC50 = @HC50 WHERE User_ID = @User_ID;", con7);
 
Share this answer
 
Posted
Comments
Computer Wiz99 13-Nov-14 12:12pm    
Richard Deeming, I get this error:
Must declare the scalar variable "@FT_UNDERGR".
Richard Deeming 13-Nov-14 12:25pm    
Then you've not added that parameter to the command, even though your code shows you adding it:
cmd3.Parameters.AddWithValue("@FT_UNDERGR", TextBoxFTUG.Text.Replace(",", ""));

Debug your code.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Sql error when updating record
How to append mysql record column when it is NULL by default?
Timeout expired when trying to update records. C#, SQL
Cart is not updating to the cart when added
Error when trying to update subscriptions
Error when I try to load toolbar
Problem in update record
Error 404() when try to make ajax request with type post to function onpostshiftdataup
Unable to Update Record
Error Genrating when Update the record in grid

Advertise
Privacy
Cookies
Terms of Use
Last Updated 13 Nov 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-28:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900