Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
con = new MySqlConnection(cs);
con.Open();
cmd = new MySqlCommand("SELECT (invoiceNo) as [Invoice No],(invDate) as [inv Date],
(sales.CustomerID) as [Customer ID],(CustomerName) as [Customer Name],
(GrandTotal) as [Grand Total],(TotalPayment) as [Total Payment],(PaymentChange) as
[Payment Change] from sales,customer where sales.CustomerID=customer.CustomerID
and invDate between #" + dtpInvoiceDateFrom.Text + "# And #" +
dtpInvoiceDateTo.Text + "# order by invDate desc", con);
MySqlDataAdapter mySDAp = new MySqlDataAdapter(cmd);
DataSet myDatSet = new DataSet();
mySDAp.Fill(myDatSet, "sales");
mySDAp.Fill(myDatSet, "customer");
dataGridView1.DataSource = myDatSet.Tables["customer"].DefaultView;
dataGridView1.DataSource = myDatSet.Tables["sales"].DefaultView;
The error statement is : You have an error in your SQL syntax check the manual that corresponds to your MySql server version for the right syntax to use near '[InvoiceNo],(invDate) as [inv Date],(sales.CustomerID) as [Customer ID],(Custom' at line 1
MySQL does not allow square brackets around table of column names.
Please refer to the link
http://www.convert-in.com/mssql-to-mysql-queries.htm
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
I am trying to run a database query through c#. I am trying to pass a parameter into my sql statement but I am getting an exception saying invalid near #Agent_ID.
My code is like this
SqlCommand command = new SqlCommand("Select Csr_DISBURSEMENTDATE, Csr_AGENTNUMBER, Csr_TOTCURREARNINGS, Csr_MISCADJUSTMENTS, Csr_YTDTOTALCOMM, Csr_PAYMENTMETHOD From Cm_Opt_Csr_CommStatement_S " +
"inner join Cm_Opt_Con_Contract_S on Con_WritingCode = Csr_AgentNumber" +
"inner join Cm_Opt_Agt_Agent_S on agt_ID = Con_AgentID" +
"where Agt_ID = #AgentID");
command.Parameters.AddWithValue("#AgentID", Con_agentID);
command.Connection = conn;
SqlDataReader rdr = null;
rdr = command.ExecuteReader();
Con_agentID is a guid and in the database table the column which it maps to is a uniqueidentifer. I am stuck at this point. Could someone please point out the mistake in the syntax.
The exception thrown is
System.Data.SqlClient.SqlException: 'Incorrect syntax near 'Agt_ID'.'
You are missing spaces between words when you continue on to next line.
SqlCommand command = new SqlCommand("Select Csr_DISBURSEMENTDATE, Csr_AGENTNUMBER, Csr_TOTCURREARNINGS, Csr_MISCADJUSTMENTS, Csr_YTDTOTALCOMM, Csr_PAYMENTMETHOD From Cm_Opt_Csr_CommStatement_S " +
"inner join Cm_Opt_Con_Contract_S on Con_WritingCode = Csr_AgentNumber " +
"inner join Cm_Opt_Agt_Agent_S on agt_ID = Con_AgentID " +
"where Agt_ID = #AgentID");
command.Parameters.AddWithValue("#AgentID", Con_agentID);
command.Connection = conn;
SqlDataReader rdr = null;
rdr = command.ExecuteReader();
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
I have this comamand and that error, in data i have zip code 79000 and table name site
private void Crt_clck_Click(object sender, EventArgs e)
{
{
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "SELECT CMC, [Site Name], [Phone Number], Zip_Code FROM site Where Zip_Code'" + Zipcode.Text + "'";
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dt);
dataGridView1.DataSource = dt;
con.Close();
}
can you help me with this
Change your sql statement to
cmd.CommandText = "SELECT CMC, [Site Name], [Phone Number], Zip_Code FROM site Where Zip_Code = '" + Zipcode.Text + "'";
You are missing the = which is needed for the syntax to be correct.
But you should think about using parameter instead to avoid SQL Injection.
Why do we always prefer using parameters in SQL statements? could be interesting for this, too.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
string conn = "";
conn = ConfigurationManager.ConnectionStrings["Conn"].ToString();
SqlConnection objsqlconn = new SqlConnection(conn);
objsqlconn.Open();
SqlCommand objcmd = new SqlCommand("IF (select 1 from PRODUCT where PRODUCT_NAME=" + Master_product_txt.Text + ")=1
PRINT 'ALREADY AVAILABLE'
ELSE
Insert into PRODUCT(PRODUCT_NAME) Values('" + Master_product_txt.Text + "')
GO", objsqlconn);
objcmd.ExecuteNonQuery();
MessageBox.Show("Details Successfully Added!!!");
I'm trying check the data base values before insert the value, I've wrote query for it, it's working in sql server environment, I could not able to implement same thing in Visual Studio
go is a SSMS (SQL Server Management Studio) statement, it won't work from C#
use parameters to avoid SQL injection
it is unusual to use the Hungarian obj prefix in C#
A quick try at a better version:
var cmd = new SqlCommand(#"
IF NOT EXISTS (SELECT * FROM PRODUCT WHERE PRODUCT_NAME = #NAME)
BEGIN
INSERT INTO PRODUCT (PRODUCT_NAME) VALUES (#NAME)
END
", sqlconn);
cmd.Parameters.AddWithValue("#NAME", Master_product_txt.Text);
cmd.ExecuteNonQuery();
SqlCommand objcmd = new SqlCommand("SELECT 1 from PRODUCT WHERE PRODUCT_NAME=#NAME" , objsqlconn);
//NVarChar
cmd.Parameters.Add("#NAME", SqlDbType.NVarChar,20).Value = Master_product_txt.Text;
objsqlconn.Open();
readr = SelectCommand.ExecuteReader();
if (!readr.HasRows)
{
`// code to insert values here.
}`
PRINT 'ALREADY AVAILABLE' will not work here.For capturing print statement message you have to add an event handler to the InfoMessage event on the connection.And use parametrized query where ever possible. ;)
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm getting a run time error in my program when connecting to a SQL Server CE database.
Can anyone help me, and please don't write the whole code just a line of what needs to be changed to.
Here is my code:
string conString = Properties.Settings.Default.POSdatabaseConnectionString;
using (SqlCeConnection con = new SqlCeConnection(conString))
{
con.Open();
using (SqlCeCommand com = new SqlCeCommand("SELECT * FROM Customer where Customer ID ='" + this.useridtexbox.Text + "' and Name='" + this.nametexbox.Text + "'", con))
{
SqlCeDataReader reader = com.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("You have logged in succesfully");
Homepage homepage = new Homepage();
homepage.Show();
homepage.LabelText = ("Welcome " + reader["name"].ToString());
}
else
{
MessageBox.Show("Username and password is Not correct ...Please try again");
con.Close();
}
Error:
There was an error parsing the query. [ Token line number = 1,Token line offset = 39,Token in error = ID ]
I think the problem with the space in Customer ID,Try this
SqlCeCommand com = new SqlCeCommand("SELECT * FROM Customer where CustomerID ='" + this.useridtexbox.Text + "' and Name='" + this.nametexbox.Text + "'", con))
In your command, do not use string concatenation. That will fail badly and leave you open to SQL injection attacks.
Image what happens if I enter the following text into this.nametexbox.Text:
Joe'; DROP DATABASE; --
You don't want have someone like little Bobby Tables as user.
Use sql parameters.
If you have tables or fields with spaces, you to have a word with your DBA. If you cannot change it, make sure you use the correct syntax:
WHERE [Customer ID] = '12345'
Make sure you CustomerID column have space
Always use parameterized query to avoid SQL Injection
How does SQLParameter prevent SQL Injection
SqlCeCommand com = new SqlCeCommand = "SELECT * FROM Customer where CustomerID=#CustomerID and
name=#name";
con.Parameters.AddWithValue("#CustomerID", valuesTextBox.Text);
con.Parameters.AddWithValue("#name", namwTextBox.Text);
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
How to query on table's view in .Net C# web application ?
for example, here [View_App_Academic] is my table view. My code is listed below. under db scheme, I am not able to see the view due to my user privilege.
string strquery = "select * from [dbo].[View_App_Academic] where recruitment_id=" +
RecruitDropDownList.Text + " and ref_no='" + RefDropDownList.Text + "'";
SqlCommand objCMD = new SqlCommand(strquery, conn);
Use parameterized query always.
Remove [dbo] from your query, you don't need to add [dbo] because it is default database schema.
Change your code to this.
string strquery = "select * from View_App_Academic where recruitment_id=#recruitment_id and ref_no=#ref_no";
SqlCommand objCMD = new SqlCommand(strquery, conn);
objCMD.Parameters.AddWithValue("#recruitment_id", RecruitDropDownList.Text);
objCMD.Parameters.AddWithValue("#ref_no",RefDropDownList.Text);
SqlDataAdapter myAdapter = new SqlDataAdapter();
myAdapter.SelectCommand = objCMD;
DataSet myDataSet = new DataSet();
myAdapter.Fill(myDataSet);
Hope it helps.