String query6 = "
SELECT p.*,SUM(L.qty)as sales
FROM product p,purchaseLog L
WHERE L.purchaseDate
BETWEEN '"+ startDate.Value.Date.ToString("yyyy-dd-MM") + "'
AND '"+endDate.Value.Date.ToString("yyyy-dd-MM") +"'
AND p.id=l.itemID GROUP BY p.product_name
ORDER BY sales ASC LIMIT " + " " + " " + count + "";
This is the query that I made in Visual Studio. I tried inputting this query manually without variables in phpmyadmin and it works just fine. But for some reason when I write the query down and pass it to a mysqlcommand and mysqldatareader it doesn't detect the date. The count used not work too. But adding space in between the word "limit" and the count made it work.
Is C# trimming some parts of my queries?
This: 'yyyy-dd-MM' is the wrong format. It must be "yyyy-MM-dd". Ideally you'd even prefix this with the word DATE so as to mark the string as a date literal:
" ... WHERE L.purchaseDate BETWEEN DATE '" + startDate.Value.Date.ToString("yyyy-MM-dd") +
"' AND DATE '" + endDate.Value.Date.ToString("yyyy-MM-dd") + "'... "
Related
i am not getting what is the issue in the query probably i am not following the correct way to put the string and char sign , i am inserting the data in c# to local host with where clause please check the query and Error i am getting
Here is the query
String insertQuery = "insert into exam_add (id,session_id,Title,From_date,To_date,class_id,is_Post,is_Lock) select '"+id+ ",s.session,'" + title.Text+",'"+ from.Value.Date.ToString("yyyy-MM-dd")+",'"+to.Value.Date.ToString("yyyy-MM-dd")+ ", c.class_name,'"+x+",'"+x+" from year_session s, classes c where s.id = '1' and c.id='" + cls + "'";
Exception image
here the image for exception i am getting after run this query
On your ...'"+x+"... you forgot to close the single quotes. You open them but you never close them after you add the X variable to your query. All SQL is seeing is "'0," which is invalid syntax.
I recommend use SQLparameters to avoid sql injection but your error is you forgot to close the single quotes it shoud be like this '"+cls + "'
String insertQuery = "insert into exam_add (id,session_id,Title,From_date,To_date,class_id,is_Post,is_Lock) select '" + id + "','"+s.session+"','" + title.Text + "','" + from.Value.Date.ToString("yyyy-MM-dd") + "','" + to.Value.Date.ToString("yyyy-MM-dd")+"' , '"+c.class_name+"','" + x + "','" + x + "' from year_session s, classes c where s.id = '1' and c.id='" + cls + "'";
I don't know why you need that on select columns. and you provided insufficient information and code on your question.
Hello I have a table with following columns.
Profile_ID,
Name,
Age,
More_Info_about family,
qualification details,
job details and
partner_preference
I have to search on keyword basis and keyword is to be taken from textbox.
The search result should be in such a way so that if keyword presents in starting, ending and in between the sentence of any of the columns presents in where conditions.
I tried LIKE '" + txtbox_keyword.Text + "'
but is not working properly it is not searching data if keyowrd is present in between sentense.
select (Profile_ID,Name,Age, More_info_about_family,Job_Business_Location_City,Salary
from tblRegistration
WHERE More_info_about_family LIKE '" + txtbox_keyword.Text + "'
OR LIKE '" + txtbox_keyword.Text + "'
OR origin LIKE '" + txtbox_keyword.Text + "'
OR Job_Detail LIKE '" + txtbox_keyword.Text + "' ", con);
Use sqlParameter for except sql injection and you need add %% in your query to search by field.
SqlParameter parameter = new SqlParameter("#keyWord",txtbox_keyword.Text);
select (Profile_ID,Name,Age, More_info_about_family,Job_Business_Location_City,Salary
from tblRegistration
WHERE More_info_about_family LIKE '%#keyWord%'
OR LIKE '%#keyWord%'
OR origin LIKE '%#keyWord%'
OR Job_Detail LIKE '%#keyWord%', con,parameter);
I need help! I write software for database management for the course. I can not complete the transaction by inserting data. I am from Ukraine and use Ukrainian data on database, but the transaction is not completed bringing the error "Incorrect string value: '\ xD0 \ xB2' for column 'User_name' at row 1 "} System.Exception {MySql.Data .MySqlClient.MySqlException}
" I read all the articles on the stack overflow but nothing helped me(
i use SET NAMES 'utf8'(cp1251, utf8mb4, koi8r, win1251, cp866 and other) but nothing work(help, the problem may be encoded on the development environment?
i use MySql.Data.MySqlClient or MySQL.dll
connect code ->
connStr = "server= localhost;user=root;charset=utf8mb4;database=DB_Journal;port=3306;password=masterkey;"conn = new MySqlConnection(connStr);
and insert ->
conn.Open();
string sql = "insert into Users(User_id, User_name, User_surname, User_fname, Login, UType_id, Password,Secret,Answer) values (null, '" +
textBox1.Text + "', '" + textBox2.Text + "', '"
+ textBox4.Text + "', '" + textBox3.Text + "', '"
+ usr + "', '" + pass + "', '"
+ richTextBox1.Text + "', '"
+ textBox7.Text + "')";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.ExecuteNonQuery();
(I'm sorry, I can write not correctly, but i study hard)
I don't know what you are trying to accomplish with SET NAMES, but it probably does not do what you think it does. (Besides, its documentation explicitly says that it won't work with utf8.)
It is kind of hard to tell without seeing your CREATE TABLE statement, but what is probably happening is that you have declared your User_name etc. columns as being of type CHAR or VARCHAR while in fact they should be of type NCHAR or NVARCHAR.
I have a following SQL query that I run inside C# application. I work with local (no servers) database created in access:
string query = #"SELECT s.TagID, se.SessionID, '" +
DateTime.Now.ToString("MM/dd/yy HH:mm:ss tt") +
"' AS ScanningTime " +
" FROM (((Student s " +
" LEFT JOIN [CourseID-ModuleID] cm ON s.CourseID = cm.CourseID) " +
" LEFT JOIN [ModuleID-SessionID] ms ON ms.ModuleID = cm.ModuleID) " +
" LEFT JOIN [Session] se ON ms.SessionID = se.SessionID) " +
" WHERE s.TagID = #tagNo " +
" AND se.SessionDate = Date() " +
" AND DateAdd('n', -30, [SessionTimeStart]) < #timeNow " +
" AND se.SessionTimeEnd > #Plus30Min ";
Parameters and variables used in the query:
DateTime TimePlus = DateTime.Now.AddMinutes(30);
DateTime now = DateTime.Now;
string Plus30Min = TimePlus.ToString("hh:mm tt");
string timeNow = now.ToString("hh:mm tt");
command.Parameters.Add("tagNo", OleDbType.Integer).Value = tagNo;
command.Parameters.Add("Plus30Min", OleDbType.VarChar).Value = Plus30Min;
command.Parameters.Add("timeNow", OleDbType.VarChar).Value = timeNow;
At the moment, this query runs, but does not produce any results. However, if I delete the line:
" AND DateAdd('n', -30, [SessionTimeStart]) < #timeNow " +
Then the query runs perfectly. This means that there must be something wrong with this line inside the query. Can you see it somewhere? I looked at multiple websites for examples of date query criteria, but I cannot find the mistake, maybe you will be able to help. Thanks in advance.
The only thing I noticed is the ' sign surrounding n. Should i use quotation mark instead? If so, how can I achieve it inside the quotes?
Change your calling code to
DateTime now = DateTime.Now.AddMinutes(30);
and replace the offending line in query text with
" AND SessionTimeStart > #timeNow "
If you need a DateTime.Now somewhere in your code, you could easily obtain again from the same expression. However, I am a bit perplexed by your parameters. They works against Date/Time fields but you pass strings. If the above solution doesn't work try also to change the OleDbType.VarChar to OleDbType.DBTime or DbDate
EDIT Pay attention to the parameter order. You are using OleDB and the name of parameters is meaningless. You should insert the parameters in the parameter collection in the same exact order in which they appears in the query text. The #timenow and Plus30Min should be changed in position.
Your query ends to use the timenow parameter to test the SessioneEndTime and viceversa
command.Parameters.Add("tagNo", OleDbType.Integer).Value = tagNo;
command.Parameters.Add("timeNow", OleDbType.VarChar).Value = timeNow;
command.Parameters.Add("Plus30Min", OleDbType.VarChar).Value = Plus30Min;
i got problem with a query, got something like this
command.CommandText = "SELECT " +
"COUNT(a.`id`) " +
"FROM " +
"`messageaccess` a " +
"WHERE " +
"a.`Users_LOGIN` = '" + Settings.UserLogin + "' " +
"AND a.`Status` = '" + Enums.MessageStatus.New + "' " +
"AND a.`FOLDER` = '" + Enums.MessageFolder.INBOX + "'" +
"AND a.`ShowAlert` = '" + Enums.YesNo.No + "'" +
"AND a.`Postponed` <= " + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "";
but sql throws me exception
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '14:40:37' at line 1
tried diffrent combinantions but nothing works :(
The simple answer is not to embed values directly into the SQL to start with.
Use a parameterized SQL statement, specify the parameter value as DateTime.Now, and all will be well:
Your SQL will be easier to read (as it'll just be the code, not the data)
You won't need to worry about formatting of things like numbers and dates
You won't be vulnerable to SQL injection attacks
You forgot the quotation marks around the date/time thing.
try using this line instead:
"AND a.`Postponed` <= NOW()"
and it should work with the native MySql function for the current time.
Have a look at named parameterized queries. They take care of these formatting issues for you.
You shouldn't build your query appending strings. This is not very safe (sql injection) and you're not taking advantage of the ADO .NET capabilities to set the correct format according the parameter type.
You should use parametrized queries.