SqlConnection con = new SqlConnection(str);
int ID;
ID = Int32.Parse(Combo_Stu.SelectedValue.ToString());
double a = double.Parse(Txt_Ins.Text);
string date = dtp_Stu.Value.ToString();
SqlCommand sqlcmd1 = new SqlCommand("INSERT INTO Instalment_Billing(ID,Pay_Date, Fees) VALUES (" + ID + "," + **date** + "," + a + ")", con);
con.Open();
sqlcmd1.ExecuteNonQuery();
Incorrect syntax near '10'
I am getting this error in date
guess pls help me
The problem is probably that your date is unquoted, but the real solution to this problem is to use a parameterized query.
Whenever you get an error in a line like:
SqlCommand sqlcmd1 = new SqlCommand("INSERT INTO Instalment_Billing(" +
"ID,Pay_Date, Fees) VALUES (" + ID + "," + date + "," + a + ")", con);
you should immediately insert some code to print it out and check whether it's valid SQL:
Console.WriteLine ("INSERT INTO Instalment_Billing(" +
"ID,Pay_Date, Fees) VALUES (" + ID + "," + date + "," + a + ")");
or:
System.Windows.Forms.MessageBox.Show("INSERT INTO Instalment_Billing" +
"(ID,Pay_Date, Fees) VALUES (" + ID + "," + date + "," + a + ")");
This should show you exactly where your problem lies. Most likely insertions of dates should use strings of the format 'yyyy.mm.dd' or something similar so you should, at a bare minimum:
quote the date string (... + ",'" + date + "'," + ...).
ensure that its format is okay (I'm not sure what ToString() will give you off the top of my head but I would think, given that you posted this today and it's not the tenth month or tenth day of the month, that it's probably something like yy-mm-dd and the unquoted 10 from 2010 is causing you grief).
Related
I am trying to save some data to access DB but the date is stored in incorrect format
dbCommand.CommandText = "insert into Clients(Name,Gender,PhoneNumber,ReciveServiceDate)
values ('" + name_txtBox.Text + "','" + gender_comBox.Text + "',"
+ long.Parse(phone_txtBox.Text) + ","
+ (recive_dateTimePicker.Value).ToShortDateString() + ");";
Listen to Jon's advice.
However, if you insist, you can do it like this:
+ (recive_dateTimePicker.Value).ToString("#yyyy'/'MM'/'dd#") + ");";
Am trying to insert a record into my database using a function that consists of 11 arguments as input. The function is as follows:
public int check_in_visitor(int visitor_id,String date_in, String date_out,
String time_in, int check_in, int check_out, String employer,
String vehicle_number, int manual_entrychk, String time_out)
The corresponding query for it:
String query = "insert into visitor values('"+visitor_id +"','" +
date_in + "','" + date_out + "','" + time_in + "'," + check_in +
",'" + check_out + "'," + employer + ",'" + vehicle_number + "'," +
manual_entrychk + ",'" + time_out + "')
its always giving errors like expression incorrect! Please help me solve the issue
Use SqlParameter..
That way you would avoid sql injection attack,enclosing data with ' or " & other issues..
String query = "insert into visitor values(#visitor_id,#date_in,#date_out,#time_in,#check_in,#check_out,#employer,#vehicle_number, #manual_entrychk,#time_out)";
SqlCommand command = new SqlCommand(query, connection);
command.Parameters.Add(new SqlParameter("visitor_id", visitor_id));
command.Parameters.Add(new SqlParameter("date_in", date_in));
....
command.ExecuteNonQuery();
You are missing to close the Query String with double quotes.
String query = "insert into visitor values('"+visitor_id +"','" + date_in + "','" + date_out + "','" + time_in + "'," + check_in + ",'" + check_out + "'," + employer + ",'" + vehicle_number + "'," + manual_entrychk + ",'" + time_out + "')";
Note1 : all VARCHAR feilds should be enclosed in single quotes properly.
Note 2: all INT feilds should not be enclosed with single quotes.
Note 3: your query is open to SQL injection attaks. please use parameterised queries.
untill unless you provide the feild types its defficult to solve the problem.
use string.format. Like string query = string.Format("insert into visitor values ('{0}','{1}'...",vistor_id ...); This syntax is a lot easier to troubleshoot and avoids the string concatenations. You should also consider not using data that's not fully trusted in your query (like anirudh mentioned in his reply), if that's an option at all.
if query below doesnt help you, please tell what is the error returned?
string query = "insert into visitor values ("+visitor_id+ ","+ date_in +","+date_out
+","+time_in+","+check_in+","+check_out+","+employer+","+vehicle_number+","
+manual_entrychk+","+time_out+")";
I spent hours trying to solve this error but I couldn't. I would be glad if someone could help me solve this.
Code:
FileStream fs;
fs = new FileStream(#imagename, FileMode.Open, FileAccess.Read);
byte[] picbyte = new byte[fs.Length];
fs.Read(picbyte, 0, System.Convert.ToInt32(fs.Length));
fs.Close();
string query;
SqlCeConnection conn = new SqlCeConnection(#"Data Source=C:\Users\admin\documents\visual studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\hotel.sdf");
conn.Open();
SqlParameter picparameter = new SqlParameter();
picparameter.SqlDbType = SqlDbType.Image;
picparameter.ParameterName = "pic";
picparameter.Value = picbyte;
query = "insert into Staffs(name, age, qualification, mobile, landline, salary, salary_type, address, work_type, reference, picture) values(" + textBox16.Text + ", " + textBox15.Text + "," + textBox14.Text + "," + textBox13.Text + "," + textBox12.Text + "," + textBox11.Text + "," + comboBox2.Text + "," + richTextBox2.Text + "," + textBox10.Text + "," + textBox9.Text + ", " + " #pic)";
SqlCeCommand cmd = new SqlCeCommand("insert into Staffs(name, age, qualification, mobile, landline, salary, salary_type, address, work_type, reference, picture) values(" + textBox16.Text + ", " + textBox15.Text + "," + textBox14.Text + "," + textBox13.Text + "," + textBox12.Text + "," + textBox11.Text + "," + comboBox2.Text + "," + richTextBox2.Text + "," + textBox10.Text + "," + textBox9.Text + ", " + " #pic)", conn);
cmd.ExecuteNonQuery();
MessageBox.Show("Profile Added");
cmd.Dispose();
conn.Close();
conn.Dispose();
Error:
the column name is not valid node name (if any) = , column name = d
So far what I have found:
"column name = d" in the error is the value of the text field. If I type a in the text field the error changes to "column name = a".
If I put numbers in the text field instead of character the error changes to this
"A Parameter is missing [parameter ordinal = 1]. The datatype of the column is nvarchar.
I tried editing the database schema but nothing happened.
I checked for duplicate copies of the database and found none, so I suppose the problem is with the code.
The columns are in the datatypes nvarchar, int or image.
Just to be sure I checked the database to see if insert worked, the database is still empty.
You need to use SQL parameters to avoid SQL injection issues.
But the reason your stuff is failing now is that you're not quoting your string values in the query. If you debug and look at the text of your command, you'll see something like values(abc,def,ghi...), without the single-quotes around the strings.
That query tries to run, and of course it fails. SQL parameters eliminate the need for the single quotes, in addition to making your code safer and easier to read.
Your parameter name is incorrect. It should be #pic, not pic.
By the way, the way you're concatenating textbox values leaves you open to SQL Injection attacks. Granted I don't know your context, but consider replacing the string concatenation with parameter value setting.
I solved this issue by removing the whole database and recreate it.
Obivously, this happens, if you have older version of table in database than you want to use, thus that column does not exist in that table.
This is my code:
OleDbConnection con = new OleDbConnection("provider=microsoft.jet.oledb.4.0;data source=" + Application.StartupPath + "/shoping mall.mdb");
con.Open();
OleDbCommand cmd = new OleDbCommand("update RecordofItems set RecordofItems.Bill_no = " + textBox1.Text + ", RecordofItems.Received_from = '" + textBox62.Text + "', RecordofItems.Item_Code = " + textBox2.Text + ", RecordofItems.Quantity = " + textBox32.Text + ", RecordofItems.Sale_Rate = " + textBox47.Text + " where Item_Name = '" + textBox17.Text + "'", con);
int x = 0;
x = cmd.ExecuteNonQuery();
if (x > 0)
{
MessageBox.Show("record deleted" + x);
}
else
{
MessageBox.Show("no record exixt");
}
con.Close();
I want to update selected columns in my "RecordofItems" table that has 10 columns but I want to update only 6 selected columns, when I run the query it shows error "no value for one or more required paremeter" What to do ? please help me as soon as you can.
the error No value given for one or more required parameters usually comes when you have misplaced single quote.
try these two.
try assigning your numerical db columns a numerical value viz update your query with these:
RecordofItems.Bill_no = " + Convert.ToInt32(textBox1.Text) + ",
RecordofItems.Item_Code = " + Convert.ToInt32(textBox2.Text) + ",
RecordofItems.Quantity = " + Convert.ToInt32(textBox32.Text) + ",
RecordofItems.Sale_Rate = " + Convert.ToInt32(textBox47.Text) +
or use whatever suitable numerical converter applies to your columns.
one of your text fields might have a single quote in it, so try replacing/updating your text fields like this:
RecordofItems.Received_from = '" + textBox62.Text.Replace("'","''") + "',
so basically, replace single quote with two single quotes.
see if these solve your issue.
Also, do note, never create your sql query by concatenating textboxes(strings). use command parameters. they will save you from sql injection.
I have a question, how to parse datetime value from Oracle to MySQL database.
I wrote this to extract a datetime from Oracle:
SELECT TO_CHAR(p1.creation_date,'DD.MM.RRRR HH24:mi:ss') AS dat_pot
FROM TABLE
then I put the result into data set, then I extract the value of date from dataset like this:
string lDat_otp = null;
if (rw_mat["dat_otp"].ToString().Length <= 0)
{
lDat_otp = "0";
}
else
{
lDat_otp = "convert(datetime,'" + rw_mat["dat_otp"] + "',4)";
}
Then I use lDat_otp in INSERT statement with some other values like this:
myQuery = " INSERT INTO ordersstavke (BrDok, " +
" SifParFil, SifParIsp, DatPriOtpr, SifPodKla, Masa, Paketa) " +
" VALUES ('" + rw_mat["brdok"] + "', '" +
rw_mat["sifskl_kor"] + "','" +
rw_mat["partner"] + "'," +
lDat_otp + ",'" +
rw_det["ibrmat"] + "', '" +
rw_det["izlaz_tez"] + "', '" +
rw_det["izlaz_kol"] + "')";
But there is an error on execute and it goes:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '26.01.2012 13:48:41',4)','100654', '0', '10')' at line 1
So help!!!
You can parse the datetime field into a DateTime struct and then create an insert into query with parameters and pass the date as parameter :
DateTime time = //Some value ...
String myQuery = " INSERT INTO ordersstavke (BrDok, " +
" SifParFil, SifParIsp, DatPriOtpr, SifPodKla, Masa, Paketa) " +
" VALUES ('" + rw_mat["brdok"] + "', '" +
rw_mat["sifskl_kor"] + "','" +
rw_mat["partner"] + "'," +
"?date ,'" +
rw_det["ibrmat"] + "', '" +
rw_det["izlaz_tez"] + "', '" +
rw_det["izlaz_kol"] + "')";
MysqlCommand command = new MysqlCommand(query, connection);
command.Parameters.AddWithValue("?date", time);
Doing this you should not have problems with date formatting.
I strongly suggest to use parameters instead of string concatenation even for the others parameters of the query ...