Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
I have this comamand and that error, in data i have zip code 79000 and table name site
private void Crt_clck_Click(object sender, EventArgs e)
{
{
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "SELECT CMC, [Site Name], [Phone Number], Zip_Code FROM site Where Zip_Code'" + Zipcode.Text + "'";
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dt);
dataGridView1.DataSource = dt;
con.Close();
}
can you help me with this
Change your sql statement to
cmd.CommandText = "SELECT CMC, [Site Name], [Phone Number], Zip_Code FROM site Where Zip_Code = '" + Zipcode.Text + "'";
You are missing the = which is needed for the syntax to be correct.
But you should think about using parameter instead to avoid SQL Injection.
Why do we always prefer using parameters in SQL statements? could be interesting for this, too.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
I am trying to run a database query through c#. I am trying to pass a parameter into my sql statement but I am getting an exception saying invalid near #Agent_ID.
My code is like this
SqlCommand command = new SqlCommand("Select Csr_DISBURSEMENTDATE, Csr_AGENTNUMBER, Csr_TOTCURREARNINGS, Csr_MISCADJUSTMENTS, Csr_YTDTOTALCOMM, Csr_PAYMENTMETHOD From Cm_Opt_Csr_CommStatement_S " +
"inner join Cm_Opt_Con_Contract_S on Con_WritingCode = Csr_AgentNumber" +
"inner join Cm_Opt_Agt_Agent_S on agt_ID = Con_AgentID" +
"where Agt_ID = #AgentID");
command.Parameters.AddWithValue("#AgentID", Con_agentID);
command.Connection = conn;
SqlDataReader rdr = null;
rdr = command.ExecuteReader();
Con_agentID is a guid and in the database table the column which it maps to is a uniqueidentifer. I am stuck at this point. Could someone please point out the mistake in the syntax.
The exception thrown is
System.Data.SqlClient.SqlException: 'Incorrect syntax near 'Agt_ID'.'
You are missing spaces between words when you continue on to next line.
SqlCommand command = new SqlCommand("Select Csr_DISBURSEMENTDATE, Csr_AGENTNUMBER, Csr_TOTCURREARNINGS, Csr_MISCADJUSTMENTS, Csr_YTDTOTALCOMM, Csr_PAYMENTMETHOD From Cm_Opt_Csr_CommStatement_S " +
"inner join Cm_Opt_Con_Contract_S on Con_WritingCode = Csr_AgentNumber " +
"inner join Cm_Opt_Agt_Agent_S on agt_ID = Con_AgentID " +
"where Agt_ID = #AgentID");
command.Parameters.AddWithValue("#AgentID", Con_agentID);
command.Connection = conn;
SqlDataReader rdr = null;
rdr = command.ExecuteReader();
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
i'm a student in a vocational high school and i'm still new to programming, i have an assignment to create a application using c#, and i have a problem in joining 3 tables to display on datagridview..
i have tried the query on mySql it works just fine, but when i applied it in my c# line of code it didnt work it shows "no database selected", can somebody help me on this, here's my full code
string constring = "datasource=localhost;port=3306;username=root;password=root";
MySqlConnection conDataBase = new MySqlConnection(constring);
MySqlCommand cmdDataBase = new MySqlCommand("select book_detail.id_bookdetail, location.location_id, location.location_name, book.book_id, book.title from location inner join book_detail on location.location_id = book_detail.location_id inner join book on book_detail.book_id = book.book_id; ", conDataBase);
try
{
MySqlDataAdapter sda = new MySqlDataAdapter();
sda.SelectCommand = cmdDataBase;
DataTable dbdataset = new DataTable();
sda.Fill(dbdataset);
BindingSource bSource = new BindingSource();
bSource.DataSource = dbdataset;
transfer_view.DataSource = bSource;
sda.Update(dbdataset);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
Your connection string should specify a database name:
Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword;
^^^^^^^^^^^^^^^^^^^
(Port 3306 is the default MySql port)
Ref. MySQL connection strings
Do a "use mydbname"
Perhaps it is the last optional parameter in prior string that u are not providing
Can do "select database()" to show current db in use
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm trying to get a label to display how many entries exist in a database. And I'm using the most ridiculously simple FROM I can imagine. And I'm getting spammed with "Syntax error in FROM clause" rather than having my label update. Syntax is an error I get a lot when I use a system reserved name for a table or column. But the table name I'm using works in other statements, so I assume that's not the issue, and it's the ONLY variable. Unless it's something other than the FROM and it's lying to me, which is entirely possible...
if (DateTime.Now.Millisecond > 500)
{
try
{
OleDbConnection conn = new OleDbConnection();
conn.ConnectionString = #"Provider=Microsoft.Jet.OLEDB.4.0; Data Source=access.mdb";
conn.Open();
OleDbCommand cmmd = new OleDbCommand("SELECT * FROM probe)", conn);
using (OleDbDataReader myReader = cmmd.ExecuteReader())
{
DataTable dt = new DataTable();
dt.Load(myReader);
int count = dt.Rows.Count;
lblCount.Text = count.ToString();
conn.Close();
}
}
catch (OleDbException expe)
{
MessageBox.Show(expe.Message);
}
}
}
SELECT * FROM probe)
should be
SELECT * FROM probe
?
Change
OleDbCommand cmmd = new OleDbCommand("SELECT * FROM probe)", conn);
to
OleDbCommand cmmd = new OleDbCommand("SELECT * FROM probe", conn);
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
con = new MySqlConnection(cs);
con.Open();
cmd = new MySqlCommand("SELECT (invoiceNo) as [Invoice No],(invDate) as [inv Date],
(sales.CustomerID) as [Customer ID],(CustomerName) as [Customer Name],
(GrandTotal) as [Grand Total],(TotalPayment) as [Total Payment],(PaymentChange) as
[Payment Change] from sales,customer where sales.CustomerID=customer.CustomerID
and invDate between #" + dtpInvoiceDateFrom.Text + "# And #" +
dtpInvoiceDateTo.Text + "# order by invDate desc", con);
MySqlDataAdapter mySDAp = new MySqlDataAdapter(cmd);
DataSet myDatSet = new DataSet();
mySDAp.Fill(myDatSet, "sales");
mySDAp.Fill(myDatSet, "customer");
dataGridView1.DataSource = myDatSet.Tables["customer"].DefaultView;
dataGridView1.DataSource = myDatSet.Tables["sales"].DefaultView;
The error statement is : You have an error in your SQL syntax check the manual that corresponds to your MySql server version for the right syntax to use near '[InvoiceNo],(invDate) as [inv Date],(sales.CustomerID) as [Customer ID],(Custom' at line 1
MySQL does not allow square brackets around table of column names.
Please refer to the link
http://www.convert-in.com/mssql-to-mysql-queries.htm
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm getting a run time error in my program when connecting to a SQL Server CE database.
Can anyone help me, and please don't write the whole code just a line of what needs to be changed to.
Here is my code:
string conString = Properties.Settings.Default.POSdatabaseConnectionString;
using (SqlCeConnection con = new SqlCeConnection(conString))
{
con.Open();
using (SqlCeCommand com = new SqlCeCommand("SELECT * FROM Customer where Customer ID ='" + this.useridtexbox.Text + "' and Name='" + this.nametexbox.Text + "'", con))
{
SqlCeDataReader reader = com.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("You have logged in succesfully");
Homepage homepage = new Homepage();
homepage.Show();
homepage.LabelText = ("Welcome " + reader["name"].ToString());
}
else
{
MessageBox.Show("Username and password is Not correct ...Please try again");
con.Close();
}
Error:
There was an error parsing the query. [ Token line number = 1,Token line offset = 39,Token in error = ID ]
I think the problem with the space in Customer ID,Try this
SqlCeCommand com = new SqlCeCommand("SELECT * FROM Customer where CustomerID ='" + this.useridtexbox.Text + "' and Name='" + this.nametexbox.Text + "'", con))
In your command, do not use string concatenation. That will fail badly and leave you open to SQL injection attacks.
Image what happens if I enter the following text into this.nametexbox.Text:
Joe'; DROP DATABASE; --
You don't want have someone like little Bobby Tables as user.
Use sql parameters.
If you have tables or fields with spaces, you to have a word with your DBA. If you cannot change it, make sure you use the correct syntax:
WHERE [Customer ID] = '12345'
Make sure you CustomerID column have space
Always use parameterized query to avoid SQL Injection
How does SQLParameter prevent SQL Injection
SqlCeCommand com = new SqlCeCommand = "SELECT * FROM Customer where CustomerID=#CustomerID and
name=#name";
con.Parameters.AddWithValue("#CustomerID", valuesTextBox.Text);
con.Parameters.AddWithValue("#name", namwTextBox.Text);