Develop Reference

C# SQL Server command data type mismatch [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I want to insert record to student table and I used a SqlCommand but when executing command as shown here, a datatype mismatch error occurs.
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("insert into Student(studentID,studentName,birthDate) values(" + studentID.Text + ",'" + studentName.Text +"','" + birthDate.Text + "')", con);

You can use parameters to solve this problem like this:
SqlCommand cmd = new SqlCommand("insert into Student(studentID, studentName, birthDate) values(#studentID, #studentName, #birthDate)" , con);
cmd.Parameters.AddWithValue("#studentID", studentID.Text);
cmd.Parameters.AddWithValue("#studentName", studentName.Text);
cmd.Parameters.AddWithValue("#birthDate", birthDate.Text);
cmd.ExecuteNonQuery();

ORA-00904: \"ASD\": invalid identifier for insert command [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am working for a asp.net website with oracle 11g database in backend. For a button click, i want to execute an update command. I have executed other commands elsewhere (insert,select,delete) but this command however is giving invalid identifier. The code is below:
protected void GridView1_RowCommand(object sender, GridViewCommandEventArgs e)
{
if (e.CommandName == "Answer")
{
int index = Convert.ToInt32(e.CommandArgument);
// Retrieve the row that contains the button
// from the Rows collection.
GridViewRow row = GridView1.Rows[index];
TextBox TextBox1 = row.FindControl("TextBox1") as TextBox;
string ID = row.Cells[0].Text;
string Date = row.Cells[2].Text;
string answer = TextBox1.Text;
string query = "update \"Review2\" set \"Answer\"='" + answer + "' where \"Cust_id\"=" + ID + " and \"Date\"=to_date('" + Date + "','yyyy-mm-dd hh24:mi:ss')";
SqlDataSource1.UpdateCommand = query;
SqlDataSource1.UpdateCommandType = SqlDataSourceCommandType.Text;
int result = SqlDataSource1.Update();
GridView1.DataBind();
}
}
when i execute this code, no update is being done and at line :int result = SqlDataSource1.Update(); , i get the error,{"ORA-00904: \"ASD\": invalid identifier\n"}. Any solution?

Your update query is wrong in syntax
try the below one
string query = #"update Review2 set Answer ='" + answer + "' where Cust_id =" + ID + " and Date =to_date('" + Date + "','yyyy-mm-dd hh24:mi:ss')";
Note:- Strongly recommend to use parameterized queries inorder to avoid SQL Injection

How to get fields from database [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I want to get "Model" field and put on Textbox6. But how come it does not work.
The problem is that the Model field answer will not be shown in the textbox6
string Query = "Select * from S where Name = '" + TextBox1.Text + "' and Clientno = '" + TextBox2.Text + "';";
command.CommandText = Query;
OleDbDataReader reader = command.ExecuteReader();
while (reader.Read())
{
string Model = reader.GetString(reader.GetOrdinal("Model"));
TextBox6.Text = Model;
}

Couple of things:
Do not use select *, instead use select your columns names
Do not pass the .Text directly to your query, instead use parameterized sql expression
If Clientno is primary key column or , combination of Name and ClientNo gives unique result, use ExecuteScalar, you don't have to use ExecuteReader and loop through the datareader
Since you using only one field and want to fill in the textbox, modify your select statement to :
select top 1 Model from S where....
And if you are reading only one row you will not need a while loop. Further, you should always close the reader and put your SqlConnection inside using block. ( edited as suggested by the comments)
If (reader.Read())
{
TextBox6.Text = reader.GetString(reader.GetOrdinal("Model"));
reader.Close();
}

SQL Insert Statement in C# [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
SqlConnection connection1 = new SqlConnection(Properties.Settings.Default.KalenderDBconnect);
SqlCommand insertCommand = new SqlCommand(
"INSERT into KalenderDB values ('" + tb_name + "','" + tb_Ort + "','" + tb_Event + "','" + tb_Notiz + "','" + teilgenommen + "','" + date + "')");
connection1.Open();
insertCommand.ExecuteNonQuery();
connection1.Close();
Can somebody say, why the insertCommand.ExecuteNonQuery() doesn't work? I can't find the problem .

Your connection and command aren't linked together.
Try something like the following:
connection1.Open();
insertCommand.Connection = connection1;
insertCommand.ExecuteNonQuery();
connection1.Close();
Also, as someone commented on your question, this is prone to SQL injection. You should be using parameters.
Here's some MSDN documentation on parameters.

SqlCommand take 2 arguments
Query
Connection Name
SqlCommand objSql = new SqlCommand("Your Query",ObjectSqlConnection);

Connecting to database [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm getting a run time error in my program when connecting to a SQL Server CE database.
Can anyone help me, and please don't write the whole code just a line of what needs to be changed to.
Here is my code:
string conString = Properties.Settings.Default.POSdatabaseConnectionString;
using (SqlCeConnection con = new SqlCeConnection(conString))
{
con.Open();
using (SqlCeCommand com = new SqlCeCommand("SELECT * FROM Customer where Customer ID ='" + this.useridtexbox.Text + "' and Name='" + this.nametexbox.Text + "'", con))
{
SqlCeDataReader reader = com.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("You have logged in succesfully");
Homepage homepage = new Homepage();
homepage.Show();
homepage.LabelText = ("Welcome " + reader["name"].ToString());
}
else
{
MessageBox.Show("Username and password is Not correct ...Please try again");
con.Close();
}
Error:
There was an error parsing the query. [ Token line number = 1,Token line offset = 39,Token in error = ID ]

I think the problem with the space in Customer ID,Try this
SqlCeCommand com = new SqlCeCommand("SELECT * FROM Customer where CustomerID ='" + this.useridtexbox.Text + "' and Name='" + this.nametexbox.Text + "'", con))

In your command, do not use string concatenation. That will fail badly and leave you open to SQL injection attacks.
Image what happens if I enter the following text into this.nametexbox.Text:
Joe'; DROP DATABASE; --
You don't want have someone like little Bobby Tables as user.
Use sql parameters.
If you have tables or fields with spaces, you to have a word with your DBA. If you cannot change it, make sure you use the correct syntax:
WHERE [Customer ID] = '12345'

Make sure you CustomerID column have space
Always use parameterized query to avoid SQL Injection
How does SQLParameter prevent SQL Injection
SqlCeCommand com = new SqlCeCommand = "SELECT * FROM Customer where CustomerID=#CustomerID and
name=#name";
con.Parameters.AddWithValue("#CustomerID", valuesTextBox.Text);
con.Parameters.AddWithValue("#name", namwTextBox.Text);