Incorrect syntax near ','. data insert problems in number field.

Question

0.00/5 (No votes)

See more:

hi all,

table
srno number(18,0)
name varchar(50)

i have two textboxes.when i fill both textbox then data insert. when i fill only srno then also data enter. but when i fill only name and leave srno blank then, error :: Incorrect syntax near ','.

MY CODE IS....

con.Open()
ss = "insert into fir values("& TextBox1.Text &",' " & textBox2.Text & " ')"
com = New SqlCommand(ss, con)
com.ExecuteNonQuery()
MsgBox("Data Stored Successfully")
con.Close()

Posted 17-Apr-11 16:19pm

Bhatt Aniruddh

Updated 27-Nov-17 2:45am

Pong D. Panda

v3

Add a Solution

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2011-04-17T16:36:00

Solution 3

Google for ".net parameterized query". Right now, anyone can screw up your query just by adding a "'" to the input. This is one of the basis for what's called a SQL Injection attack.

Posted 17-Apr-11 16:36pm

Dave Kreskowiak

Comments

Fabio V Silva 17-Apr-11 22:37pm

Good point.

Mahendra.p25 · Answer 2 · 2011-04-17T18:23:00

In Your Second Case when You leave your Textboxfield (SrNo empty)
then it passes "" to the databse which is incompatible with your Decimal field
sr.No(Decimal(18,0)
So need to check before passing it to the database like below

Decimal Value1;
 if(TextBox1.text=="")
  {
   Value1 = 0.0;
   }
  else
   {
   Value1 = Convert.ToDecimal(TextBox1.text);
   }

  string Value2=  TextBox2.Text;


 Con.Open();
  Cmd = new SqlCommand("Insert into t1 values (@Value1,@Value2)", Con);


  Cmd.Parameters.AddWithValue("@Value1", Value1);
  Cmd.Parameters.AddWithValue("@Value2", Value2);
  Cmd.ExecuteNonQuery();
  Con.Close();

Fabio V Silva · Answer 3 · 2011-04-17T16:26:00

Solution 1

You have to make sure your TextBox1.Text is a numeric value otherwise your SQL statement will give you an error as you are passing an empty string as a number.

Posted 17-Apr-11 16:26pm

Fabio V Silva

Updated 17-Apr-11 16:34pm

v2

Comments

Pong D. Panda 17-Apr-11 22:29pm

This will not solve the error. You added additional quotation mark on an input for a numeric field.

Fabio V Silva 17-Apr-11 22:32pm

3:30am...

Pong D. Panda 17-Apr-11 22:34pm

More coffee? :D

Fabio V Silva 17-Apr-11 22:35pm

:)

[no name] 18-Apr-11 0:44am

yes i passing an empty string as a number.
but how can i leave blank textbox which is number.

Pong D. Panda · Answer 4 · 2011-04-17T16:26:00

Solution 2

The error is caused by your inline code

"insert into fir values("& TextBox1.Text &",' " & textBox2.Text & " ')"

You need to update this code to handle your given scenario.

Posted 17-Apr-11 16:26pm

Pong D. Panda

Comments

[no name] 18-Apr-11 0:40am

MY CODE IS OK. I ALREADY STORED DATA WITH THIS CODE. PLZ READ QUESTION PROPERLY.

Pong D. Panda 18-Apr-11 0:42am

If your code is ok, then you dont need to post your issue here. If your code is not working from your bad syntax design, then read my tip on what to do.