Syntax error in INSERT INTO statement OleDBCOmmand - c#

I have an issue when trying to insert Rows from Datatable into an Excel sheet. I keep getting syntax error but when i insert the sql string into mssql server there is no issue verifying the sql statement.
this is my code:
public void InsertData(DataTable kpiData)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + #"\KPIReports\";
string fileName = #"\Return_Report - " + DateTime.Today.ToShortDateString() + ".xlsx";
string[] files = Directory.GetFiles(folderPath);
foreach (string file in files)
{
File.Delete(file);
}
File.Copy(Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + #"\ReportTemp.xlsx", folderPath + fileName);
System.Data.OleDb.OleDbConnection connection;
System.Data.OleDb.OleDbCommand myCommand = new System.Data.OleDb.OleDbCommand();
string sql = null;
connection = new System.Data.OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + folderPath + fileName + ";Extended Properties=\"Excel 12.0;ReadOnly=False;HDR=YES;\"");
connection.Open();
myCommand.Connection = connection;
foreach (DataRow row in kpiData.Rows)
{
string weight = row[11].ToString().Replace(',', '.');
sql = "Insert into [Data$] (WeekNr, AccountNumber, Barcode, Barcode2, PickupDate, DeliveryCustID, DeliveryAlias, PickupCustID, PickupAlias, DeliveryAttentionName, Coli, Weight, Note, DeliveryType, " +
"Name, Street, HouseNo, Postal, City, DanxCode, Receiver, PODTime, OnTime, [Service]) Values('" + row[0].ToString() + "','" + row[1].ToString() + "','" + row[2].ToString() + "','" + row[3].ToString() + "','" + row[4].ToString() + "','"
+ row[5].ToString() + "','" + row[6].ToString() + "','" + row[7].ToString() + "','" + row[8].ToString() + "','" + row[9].ToString() + "','" + row[10].ToString() + "','" + weight + "','" + row[12].ToString() + "','" + row[13].ToString() + "','"
+ row[14].ToString() + "','" + row[15].ToString() + "','" + row[16].ToString() + "','" + row[17].ToString() + "','" + row[18].ToString() + "','" + row[19].ToString() + "','" + row[20].ToString() + "','" + row[21].ToString() + "','" + row[22].ToString() + "','" + row[23].ToString() + "')";
myCommand.CommandText = sql;
myCommand.ExecuteNonQuery();
}
myCommand.Dispose();
connection.Close();
releaseObject(myCommand);
releaseObject(connection);
}
and this is the sql string:
Insert into [Data$] (WeekNr, AccountNumber, Barcode, Barcode2, PickupDate, DeliveryCustID, DeliveryAlias, PickupCustID, PickupAlias, DeliveryAttentionName, Coli, Weight, Note, DeliveryType, Name, Street, HouseNo, Postal, City, DanxCode, Receiver, PODTime, OnTime, [Service]) Values('20','44730629311','12626707007','0681739685','10-05-2014 15:22:13','xxxxx','xxxx','xxxxx','Asker','','1','0.2','','N','xxx','xxxx','111','0665','xxx','xxx','xxxx','13-05-2014 07:00:00','OT','Reverse')
I cant seem to find the problem. I hope someone cant help me..
thanks in advance.


I have found the issue.
The problem was that i didnt have the Note column in brackets. Because Note is a reserved word then it has to have brackets around it like so: [Note]

Related

When I execute my code below, this error message occurs: [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
An exception of type 'System.Data.SqlClient.SqlException occurred in System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near 'in'. "
private void buttonSave_Click(object sender, EventArgs e)
{
string name = txtfullName.Text;
string fname = texfatherName.Text;
string gender = "";
bool isChecked = radioButton1Male.Checked;
if (isChecked)
{
gender = radioButton1Male.Text;
}
else
{
gender = radioButton2Female.Text;
}
string dob = dateTimePicker1DOB.Text;
Int64 mobile = Int64.Parse(texmobNo.Text);
string emai = textEmail.Text;
string semester = comboBoxSemester.Text;
string department = comboBox2Department.Text;
string schoo = textsch.Text;
string duration = comboBox3Duration.Text;
string address = richTextBoxAdress.Text;
SqlConnection con = new SqlConnection();
con.ConnectionString = "data source =CR7\\SQLEXPRESS;database =coll;integrated security =True";
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "Insert in to NewAdmission(fname,mname,gender,dob,mobile,email,semester,prog,sname,duration,addres)values('" + name + "','" + fname + "','" + gender + "','" + dob + "'," + mobile + ",'" + mobile + "','" + emai + "','" + semester + "','" + department + "','" + schoo + "','" + address + "')";
SqlDataAdapter DA = new SqlDataAdapter(cmd);
DataSet DS = new DataSet();
DA.Fill(DS);
con.Close();
MessageBox.Show("Data Saved. Remembet The Registration ID", "Data", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}

Your command text is incorrect. This line:
cmd.CommandText = "Insert in to NewAdmission(fname,mname,gender,dob,mobile,email,semester,prog,sname,duration,addres)values('" + name + "','" + fname + "','" + gender + "','" + dob + "'," + mobile + ",'" + mobile + "','" + emai + "','" + semester + "','" + department + "','" + schoo + "','" + address + "')";
The statement should be insert into rather than insert in to:
cmd.CommandText = "Insert into NewAdmission(fname,mname,gender,dob,mobile,email,semester,prog,sname,duration,addres)values('" + name + "','" + fname + "','" + gender + "','" + dob + "'," + mobile + ",'" + mobile + "','" + emai + "','" + semester + "','" + department + "','" + schoo + "','" + address + "')";
You should also try to avoid passing values into the sql statement in this way as SQL injection can be a problem. Should be passed as parameters into the statement

The correct SQL syntax is INSERT INTO not INSERT IN TO

C# / SQL incorrect syntax

I don't understand where the problem is, I try to fix, to search and I can't find the problem.
Incorrect syntax near ','.
Code:
using System.Data.SqlClient;
SqlConnection ABC = new SqlConnection(#"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\kindl\Desktop\WindowsFormsApplication2\WindowsFormsApplication2\bd_formular.mdf;Integrated Security=True;Connect Timeout=30");
SqlCommand comm = new SqlCommand();
SqlDataReader dataRead;
private void B1_Click(object sender, EventArgs e)
{
ABC.Open();
comm.CommandText = "insert into dbo.bd_formular(facultate,domeniul,specializare,forma_invatamant,d_inscriere,nume_prenume,cod,localitate,judet,tara,strada,numar,bloc,scara,etaj,apartament,sector,cod_p,data_nasterii,locul_nasterii,judet_n,tara_n,sex,starea_civila,cetatenie,cetatenie_op,etnie,cnp,serie,numar_cnp,eliberat,e_data,studii_preuni,nume_unitate,spec_fili_profil,oras_s,,judet_s,tara_s,forma_de_invatamant,medie_bac,durata_studii,data_absolvirii,tipul_diploma,seria_diploma,numarul_diploma,emis_de_catre,data_emiterii,nr_foi_matricole,introducere_date,semnatura)values('"
+ C1.Text + "','" + T1.Text + "','" + T2.Text + "','" + C2.Text + "','" + DTP1.Value.ToString("MM/dd/yyyy") + "','" + T3.Text + "','" + T4.Text + "','" + T5.Text + "','" + T6.Text + "','" + T7.Text + "','"
+ T8.Text + "','" + T9.Text + "','" + T10.Text + "','" + T11.Text + "','" + T12.Text + "','" + T13.Text + "','" + T14.Text + "','" + T15.Text + "','" + DTP2.Value.ToString("MM/dd/yyyy") + "','" + T16.Text + "','" + T17.Text + "','" + T18.Text + "','" + C3.Text + "','" + C4.Text + "','" + C5.Text + "','" + T19.Text + "','" + T20.Text + "','" + C6.Text + "','" + T21.Text + "','" + T22.Text + "','" + T23.Text + "','" + T24.Text + "','" + DTP3.Value.ToString("MM/dd/yyyy") + "','" + C7.Text + "','" + T25.Text
+ "','" + T26.Text + "','" + T27.Text + "','" + T28.Text + "','" + T29.Text + "','" + C8.Text + "','" + T30.Text + "','" + C9.Text + "','" + DTP4.Value.ToString("MM/dd/yyyy") + "','" + C10.Text + "','" + T31.Text + "','" + T32.Text + "','" + T33.Text + "','" + DTP5.Value.ToString("MM/dd/yyyy") + "','" + T34.Text + "','" + T35.Text + "','" + T36.Text + "')";
comm.ExecuteNonQuery();
ABC.Close();
MessageBox.Show("Adaugat cu succes!");
}

You have two commas successively. Remove the same.
Suggestion: Please use parameterized queries.

As already pointed out the Exception is caused by a double , in your statement. Really you need to use Sql Parameters. Also use the using statement, and do not share connection instances (again, see the link).
// store this in the app.config instead of hard coding
const string SqlConnectionString = #"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\kindl\Desktop\WindowsFormsApplication2\WindowsFormsApplication2\bd_formular.mdf;Integrated Security=True;Connect Timeout=30";
private void B1_Click(object sender, EventArgs e)
{
const string sqlText = "INSERT INTO dbo.bd_formular(facultate,domeniul,specializare,forma_invatamant,d_inscriere,nume_prenume,cod,localitate,judet,tara,strada,numar,bloc,scara,etaj,apartament,sector,cod_p,data_nasterii,locul_nasterii,judet_n,tara_n,sex,starea_civila,cetatenie,cetatenie_op,etnie,cnp,serie,numar_cnp,eliberat,e_data,studii_preuni,nume_unitate,spec_fili_profil,oras_s,judet_s,tara_s,forma_de_invatamant,medie_bac,durata_studii,data_absolvirii,tipul_diploma,seria_diploma,numarul_diploma,emis_de_catre,data_emiterii,nr_foi_matricole,introducere_date,semnatura) VALUES (#facultate,#domeniul,#specializare,#forma_invatamant,#d_inscriere,#nume_prenume,#cod,#localitate,#judet,#tara,#strada,#numar,#bloc,#scara,#etaj,#apartament,#sector,#cod_p,#data_nasterii,#locul_nasterii,#judet_n,#tara_n,#sex,#starea_civila,#cetatenie,#cetatenie_op,#etnie,#cnp,#serie,#numar_cnp,#eliberat,#e_data,#studii_preuni,#nume_unitate,#spec_fili_profil,#oras_s,#judet_s,#tara_s,#forma_de_invatamant,#medie_bac,#durata_studii,#data_absolvirii,#tipul_diploma,#seria_diploma,#numarul_diploma,#emis_de_catre,#data_emiterii,#nr_foi_matricole,#introducere_date,#semnatura)";
// use using statements to ensure connections are closed and resources are freed
using(var con = new SqlConnection(SqlConnectionString))
using(var comm = new SqlCommand(sqlText, con))
{
comm.Parameters.Add(new SqlParameter("#facultate", SqlDbType.VarChar){Value = C1.Text});
comm.Parameters.Add(new SqlParameter("#domeniul", SqlDbType.VarChar){Value = T1.Text});
// etc, fill this in with the remaining parameters
con.Open();
comm.ExecuteNonQuery();
// not really a great place for this, I recommend splitting the ADO.NET code from the UI code
MessageBox.Show("Adaugat cu succes!");
}
}
Finally understand what Exceptions are and how to read them.

this is right query try it
using System.Data.SqlClient;
SqlConnection ABC = new SqlConnection(#"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\kindl\Desktop\WindowsFormsApplication2\WindowsFormsApplication2\bd_formular.mdf;Integrated Security=True;Connect Timeout=30");
SqlCommand comm = new SqlCommand();
SqlDataReader dataRead;
private void B1_Click(object sender, EventArgs e)
{
ABC.Open();
comm.CommandText = "insert into dbo.bd_formular(facultate,domeniul,specializare,forma_invatamant,d_inscriere,nume_prenume,cod,localitate,judet,tara,strada,numar,bloc,scara,etaj,apartament,sector,cod_p,data_nasterii,locul_nasterii,judet_n,tara_n,sex,starea_civila,cetatenie,cetatenie_op,etnie,cnp,serie,numar_cnp,eliberat,e_data,studii_preuni,nume_unitate,spec_fili_profil,oras_s,judet_s,tara_s,forma_de_invatamant,medie_bac,durata_studii,data_absolvirii,tipul_diploma,seria_diploma,numarul_diploma,emis_de_catre,data_emiterii,nr_foi_matricole,introducere_date,semnatura)values('"
+ C1.Text + "','" + T1.Text + "','" + T2.Text + "','" + C2.Text + "','" + DTP1.Value.ToString("MM/dd/yyyy") + "','" + T3.Text + "','" + T4.Text + "','" + T5.Text + "','" + T6.Text + "','" + T7.Text + "','"
+ T8.Text + "','" + T9.Text + "','" + T10.Text + "','" + T11.Text + "','" + T12.Text + "','" + T13.Text + "','" + T14.Text + "','" + T15.Text + "','" + DTP2.Value.ToString("MM/dd/yyyy") + "','" + T16.Text + "','" + T17.Text + "','" + T18.Text + "','" + C3.Text + "','" + C4.Text + "','" + C5.Text + "','" + T19.Text + "','" + T20.Text + "','" + C6.Text + "','" + T21.Text + "','" + T22.Text + "','" + T23.Text + "','" + T24.Text + "','" + DTP3.Value.ToString("MM/dd/yyyy") + "','" + C7.Text + "','" + T25.Text
+ "','" + T26.Text + "','" + T27.Text + "','" + T28.Text + "','" + T29.Text + "','" + C8.Text + "','" + T30.Text + "','" + C9.Text + "','" + DTP4.Value.ToString("MM/dd/yyyy") + "','" + C10.Text + "','" + T31.Text + "','" + T32.Text + "','" + T33.Text + "','" + DTP5.Value.ToString("MM/dd/yyyy") + "','" + T34.Text + "','" + T35.Text + "','" + T36.Text + "')";
comm.ExecuteNonQuery();
ABC.Close();
MessageBox.Show("Adaugat cu succes!");
}
Also try to use parameterized queries.

SQL Command Error

here is the story :
Im trying to insert some data form the form to my data base but some thing wrong with the syntax "Vs Say so" but i can't find the mistake and some one help ?
MySqlConnection conn = new MySqlConnection("Server=localhost;Database=ltdb;UID=root;Password=1234;port=3306");
try
{
string command = "(INSERT INTO invoice companyName,rate,svatNo,tinNo,line1,line2,city)VALUES('" + this.txtname.Text + "','" + this.txtrate.Text + "','" + this.txtsvatno.Text + "','" + this.txttinno.Text + "','" + txtadline1.Text + "','" + txtadline2.Text + "','" + txtcity.Text + "');";
conn.Open();
MySqlCommand cmd = new MySqlCommand(command, conn);
cmd.ExecuteNonQuery();
conn.Close();
MessageBox.Show("Saved !");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}

INSERT INTO invoice companyName, ... missing opening brace, correct is
INSERT INTO invoice(column1, column2, ...) VALUES (#Columns1, #columns2, ...)
Coming to point 2: you're open for sql-injection. Use parameterized queries.

Change your
string command = "(INSERT INTO invoice companyName,rate,svatNo,tinNo,line1,line2,city)VALUES('" + this.txtname.Text + "','" + this.txtrate.Text + "','" + this.txtsvatno.Text + "','" + this.txttinno.Text + "','" + txtadline1.Text + "','" + txtadline2.Text + "','" + txtcity.Text + "');";
To
string command = "INSERT INTO invoice (companyName,rate,svatNo,tinNo,line1,line2,city) VALUES (#name,#rate,#vatno,#tinno,#adline1,#adline2,#city)";
command.Parameters.AddWithValue("name",txtname.Text);
command.Parameters.AddWithValue("rate",txtrate.Text);
....
*Edit: For more info, google "c# parameterized sql"

You put Wrong bracket
INSERT INTO invoice (companyName,rate,svatNo,tinNo,line1,line2,city) VALUES ('" + this.txtname.Text + "','" + this.txtrate.Text + "','" + this.txtsvatno.Text + "','" + this.txttinno.Text + "','" + txtadline1.Text + "','" + txtadline2.Text + "','" + txtcity.Text + "');

How to use OleDbCommand to insert into different tables?

How do I properly use an OleDbCommand to insert into two different tables? Here is what I have tried so far:
GradeConn.Open();
oledDbCmd.Connection = GradeConn;
oledDbCmd.CommandText = "insert into StudentInfo (IdNumber, LastName,FirstName,MiddleName,YearSection,MidtermGrade) values ('" +
txbIdNumber.Text + "','" +
txbLastName.Text + "','" +
txbFirstName.Text + "','" +
txbMiddleName.Text + "','" +
txbYearSection.Text + "','" +
dmg + "')"; "insert into MidTerm (IdNumber,StudentName, QuizzesSeatworks,ClassParticipation,Attendance,Assignments, LaboratoryExercises, CaseStudy,Behavior,ClassStanding,MidtermExam,MidtermGrade ) values('" +
txbIdNumber.Text + "', '" +
txbStudentName.Text + "','" +
mquiz + "','" +
mcp + "','" +
matt + "','" +
mass + "','" +
mlab + "','" +
mcstu + "','" +
mbeh + "','" +
mstanding + "','" +
mte + "','" +
dmg + "')";
int temp = oledDbCmd.ExecuteNonQuery();
if (temp > 0)
{
txbIdNumber.Text = null;
txbLastName = null;
txbFirstName.Text = null;
txbMiddleName.Text = null;
txbYearSection.Text = null;
txbStudentName.Text = null;
MessageBox.Show("Records Successfully Added");
}
else
{
MessageBox.Show("Records Fail to Added");
}

Change to this and try. You are missing ; (semicolon in the queries)
oledDbCmd.CommandText = "insert into StudentInfo (IdNumber, LastName,FirstName,MiddleName,YearSection,MidtermGrade) values ('" +
txbIdNumber.Text + "','" +
txbLastName.Text + "','" +
txbFirstName.Text + "','" +
txbMiddleName.Text + "','" +
txbYearSection.Text + "','" +
dmg + "'); INSERT into MidTerm (IdNumber,StudentName, QuizzesSeatworks,ClassParticipation,Attendance,Assignments, LaboratoryExercises, CaseStudy,Behavior,ClassStanding,MidtermExam,MidtermGrade ) values('" +
txbIdNumber.Text + "', '" +
txbStudentName.Text + "','" +
mquiz + "','" +
mcp + "','" +
matt + "','" +
mass + "','" +
mlab + "','" +
mcstu + "','" +
mbeh + "','" +
mstanding + "','" +
mte + "','" +
dmg + "')";

System.Web.UI.WebControls.DataGrid' does not contain a definition for 'Rows'

I got the excel value in gridview and now I need to insert all the values in rows to sql server 2008.
When i try to iterate throught Gridview rows it throws the error in for loop near the dg_AgentSFR.Rows as "DataGrid' does not contain a definition for 'Rows' "
Here is my code:
protected void savedatafromgv()
{
foreach (GridViewRow g1 in ***dg_AgentSFR.Rows)***
{
SqlConnection con = new SqlConnection(strConnString);
SqlCommand cmd = con.CreateCommand();
cmd = new SqlCommand("INSERT INTO TB_TransAgenSeaFreightRate(POL,POD,FORWARDER,FORWARDER REFERENCE,SHIPPING LINE,CONTAINER TYPE,CONTAINER SIZE,VALIDITY FROM,VALIDITY TO,BASIC RATE,PAF,CAF,PSS,TOTAL AMOUNT,REE DAYS,CREDIT DAYS,NIT DEPOSIT,COMPANYID,ISACTIVE) values ('" + g1.Cells[0].Text + "','" + g1.Cells[1].Text + "','" + g1.Cells[2].Text + "','" + g1.Cells[3].Text + "','" + g1.Cells[4].Text + "','" + g1.Cells[5].Text + "','" + g1.Cells[6].Text + "','" + g1.Cells[7].Text + "','" + g1.Cells[8].Text + "','" + g1.Cells[9].Text + "','" + g1.Cells[10].Text + "','" + g1.Cells[11].Text + "','" + g1.Cells[12].Text + "','" + g1.Cells[13].Text + "','" + g1.Cells[14].Text + "','" + g1.Cells[15].Text + "','" + g1.Cells[16].Text + "',1,'" + TXTCompanyID.Text + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
Response.Write ("Records inserted successfully");
}
Please help me to resolve this.
Thanks in advance.

Datagrid does not contain a definition for rows. Instead of rows, it has items.
use this
foreach (DataGridItem Dr in dg_AgentSFR.items)
DataGrid Class
And also use parameterized query to avoid How does SQLParameter prevent SQL Injection
cmd = new SqlCommand("INSERT INTO TB_TransAgenSeaFreightRate(POL,POD,FORWARDER....) values (#POL,#POD,#FORWARDER)

try this code
if(dg_AgentSFR.Rows.Count>0)
{
foreach (GridViewRow g1 in dg_AgentSFR.Rows)
{
SqlConnection con = new SqlConnection(strConnString);
SqlCommand cmd = con.CreateCommand();
cmd = new SqlCommand("INSERT INTO TB_TransAgenSeaFreightRate(POL,POD,FORWARDER,FORWARDER REFERENCE,SHIPPING LINE,CONTAINER TYPE,CONTAINER SIZE,VALIDITY FROM,VALIDITY TO,BASIC RATE,PAF,CAF,PSS,TOTAL AMOUNT,REE DAYS,CREDIT DAYS,NIT DEPOSIT,COMPANYID,ISACTIVE) values ('" + g1.Cells[0].Text + "','" + g1.Cells[1].Text + "','" + g1.Cells[2].Text + "','" + g1.Cells[3].Text + "','" + g1.Cells[4].Text + "','" + g1.Cells[5].Text + "','" + g1.Cells[6].Text + "','" + g1.Cells[7].Text + "','" + g1.Cells[8].Text + "','" + g1.Cells[9].Text + "','" + g1.Cells[10].Text + "','" + g1.Cells[11].Text + "','" + g1.Cells[12].Text + "','" + g1.Cells[13].Text + "','" + g1.Cells[14].Text + "','" + g1.Cells[15].Text + "','" + g1.Cells[16].Text + "',1,'" + TXTCompanyID.Text + "')", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
Response.Write ("Records inserted successfully");
}

A datagrid in ASP.NET does indeed not contain a property Rows. The GridView on the other hand, does contain a property Rows. More info:
DataGrid class
GridView class
I suggest you use the GridView, this is kind of the successor of the DataGrid. And another important tip: use SQL parameters and not just a string-query (SQL injection).

Make sure you use GridViewRowEventArgs and NOT GridViewCommandEventArgs
protected void gvSample_RowDataBound(object sender, GridViewRowEventArgs e)
{
//Your code here
}

Categories

Resources