IN SQL Query Error “”Incorrect syntax near '0)'." in c#What's the best method to pass parameters to SQLCommand?C# Equivalent of SQL Server DataTypesInserting multiple rows in a single SQL query?SQL update query using joinsPass file name from file upload control to filestreamdon't see the new database and can't log inWhat is the get; set; syntax in C#?ASP.Net insert data from Textbox to a databasehow to bind datagridview in ado.netSyntax Error at Database Connection String asp.net & c#Incorrect syntax near 'ENTUserAccount'
Jargon request: "Canonical Form" of a word
Implement Own Vector Class in C++
How does an ordinary object become radioactive?
Why didn't Voldemort recognize that Dumbledore was affected by his curse?
How to hide an urban landmark?
Is it a problem if <h4>, <h5> and <h6> are smaller than regular text?
You have (3^2 + 2^3 + 2^2) Guesses Left. Figure out the Last one
What is the actual quality of machine translations?
I have a problem assistant manager, but I can't fire him
With Ubuntu 18.04, how can I have a hot corner that locks the computer?
Check if three arrays contains the same element
Are there any important biographies of nobodies?
Geopandas and QGIS Calulating Different Polygon Area Values?
Is a lack of character descriptions a problem?
How to produce a more sophisticated pie chart?
CROSS APPLY produces outer join
How to handle self harm scars on the arm in work environment?
Certain search in list
Has there been a multiethnic Star Trek character?
Mathematically, why does mass matrix / load vector lumping work?
How to trick the reader into thinking they're following a redshirt instead of the protagonist?
What speaks against investing in precious metals?
Determining fair price for profitable mobile app business
Why we don’t make use of the t-distribution for constructing a confidence interval for a proportion?
IN SQL Query Error “”Incorrect syntax near '0)'." in c#
What's the best method to pass parameters to SQLCommand?C# Equivalent of SQL Server DataTypesInserting multiple rows in a single SQL query?SQL update query using joinsPass file name from file upload control to filestreamdon't see the new database and can't log inWhat is the get; set; syntax in C#?ASP.Net insert data from Textbox to a databasehow to bind datagridview in ado.netSyntax Error at Database Connection String asp.net & c#Incorrect syntax near 'ENTUserAccount'
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
-1
SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);
cmd.ExecuteNonQuery();
con.Close();
This code causes an error
Incorrect syntax near '0)'
What is the solution?
I'm using Visual Studio 2012 and SQL Server
c#
sql-server database edited Jul 21 '18 at 12:43
marc_s
592k13311331278
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
add a comment |
-1
SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);
cmd.ExecuteNonQuery();
con.Close();
This code causes an error
Incorrect syntax near '0)'
What is the solution?
I'm using Visual Studio 2012 and SQL Server
c#
sql-server database edited Jul 21 '18 at 12:43
marc_s
592k13311331278
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
4
I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem?('code','name','retailPrice','purchPrice','statusCode)'
– Grant
Jul 21 '18 at 12:15
4
Learn to use parameters! Problems like this will go away.
– Gordon Linoff
Jul 21 '18 at 12:16
You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);
– Abhishek
Jul 21 '18 at 12:19
1
Use parameterized queries by placing the code in astored proc
– hiFI
Jul 21 '18 at 12:21
1
Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".
– TomTom
Jul 21 '18 at 12:45
add a comment |
-1
-1
-1
SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);
cmd.ExecuteNonQuery();
con.Close();
This code causes an error
Incorrect syntax near '0)'
What is the solution?
I'm using Visual Studio 2012 and SQL Server
c#
sql-server database edited Jul 21 '18 at 12:43
marc_s
592k13311331278
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);
cmd.ExecuteNonQuery();
con.Close();
This code causes an error
Incorrect syntax near '0)'
What is the solution?
I'm using Visual Studio 2012 and SQL Server
c#
sql-server database c#
sql-server database edited Jul 21 '18 at 12:43
marc_s
592k13311331278
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
edited Jul 21 '18 at 12:43
marc_s
592k13311331278
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
edited Jul 21 '18 at 12:43
marc_s
592k13311331278
edited Jul 21 '18 at 12:43
marc_s
592k13311331278
edited Jul 21 '18 at 12:43
marc_s
592k13311331278
592k13311331278
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
asked Jul 21 '18 at 12:12
M Hammad AwanM Hammad Awan
4
4
4
I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem?('code','name','retailPrice','purchPrice','statusCode)'
– Grant
Jul 21 '18 at 12:15
4
Learn to use parameters! Problems like this will go away.
– Gordon Linoff
Jul 21 '18 at 12:16
You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);
– Abhishek
Jul 21 '18 at 12:19
1
Use parameterized queries by placing the code in astored proc
– hiFI
Jul 21 '18 at 12:21
1
Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".
– TomTom
Jul 21 '18 at 12:45
add a comment |
4
I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem?('code','name','retailPrice','purchPrice','statusCode)'
– Grant
Jul 21 '18 at 12:15
4
Learn to use parameters! Problems like this will go away.
– Gordon Linoff
Jul 21 '18 at 12:16
You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);
– Abhishek
Jul 21 '18 at 12:19
1
Use parameterized queries by placing the code in astored proc
– hiFI
Jul 21 '18 at 12:21
1
Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".
– TomTom
Jul 21 '18 at 12:45
4
4
I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem?
('code','name','retailPrice','purchPrice','statusCode)'– Grant
Jul 21 '18 at 12:15
I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem?
('code','name','retailPrice','purchPrice','statusCode)'– Grant
Jul 21 '18 at 12:15
4
4
Learn to use parameters! Problems like this will go away.
– Gordon Linoff
Jul 21 '18 at 12:16
Learn to use parameters! Problems like this will go away.
– Gordon Linoff
Jul 21 '18 at 12:16
You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);
– Abhishek
Jul 21 '18 at 12:19
You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);
– Abhishek
Jul 21 '18 at 12:19
1
1
Use parameterized queries by placing the code in a
stored proc– hiFI
Jul 21 '18 at 12:21
Use parameterized queries by placing the code in a
stored proc– hiFI
Jul 21 '18 at 12:21
1
1
Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".
– TomTom
Jul 21 '18 at 12:45
Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".
– TomTom
Jul 21 '18 at 12:45
add a comment |
3 Answers
3
active
oldest
votes
3
There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:
using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
([ProductID]
,[ProductName]
,[SalePrice]
,[PurchasePrice]
,[Status])
VALUES
(@pid, @pname, @salePrice, @purPrice, @status)", con))
cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;
con.Open();
cmd.ExecuteNonQuery();
con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
You should be using ausing (....) ....block for theSqlCommandas well!
– marc_s
Jul 21 '18 at 12:43
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
add a comment |
2
The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!
Use declared parameters instead.
See What's the best method to pass parameters to SQLCommand?
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
add a comment |
0
Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.
In your query you have placed ' in wrong place
So just rewrite it as below:
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);
Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51455962%2fin-sql-query-error-incorrect-syntax-near-0-in-c-sharp%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
3
There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:
using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
([ProductID]
,[ProductName]
,[SalePrice]
,[PurchasePrice]
,[Status])
VALUES
(@pid, @pname, @salePrice, @purPrice, @status)", con))
cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;
con.Open();
cmd.ExecuteNonQuery();
con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
You should be using ausing (....) ....block for theSqlCommandas well!
– marc_s
Jul 21 '18 at 12:43
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
add a comment |
3
There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:
using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
([ProductID]
,[ProductName]
,[SalePrice]
,[PurchasePrice]
,[Status])
VALUES
(@pid, @pname, @salePrice, @purPrice, @status)", con))
cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;
con.Open();
cmd.ExecuteNonQuery();
con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
You should be using ausing (....) ....block for theSqlCommandas well!
– marc_s
Jul 21 '18 at 12:43
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
add a comment |
3
3
3
There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:
using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
([ProductID]
,[ProductName]
,[SalePrice]
,[PurchasePrice]
,[Status])
VALUES
(@pid, @pname, @salePrice, @purPrice, @status)", con))
cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;
con.Open();
cmd.ExecuteNonQuery();
con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:
using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
([ProductID]
,[ProductName]
,[SalePrice]
,[PurchasePrice]
,[Status])
VALUES
(@pid, @pname, @salePrice, @purPrice, @status)", con))
cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;
con.Open();
cmd.ExecuteNonQuery();
con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
edited Jul 22 '18 at 4:32
Richardissimo
4,4752827
4,4752827
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
answered Jul 21 '18 at 12:33
Cetin BasozCetin Basoz
11.2k11629
11.2k11629
You should be using ausing (....) ....block for theSqlCommandas well!
– marc_s
Jul 21 '18 at 12:43
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
add a comment |
You should be using ausing (....) ....block for theSqlCommandas well!
– marc_s
Jul 21 '18 at 12:43
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
You should be using a
using (....) .... block for the SqlCommand as well!– marc_s
Jul 21 '18 at 12:43
You should be using a
using (....) .... block for the SqlCommand as well!– marc_s
Jul 21 '18 at 12:43
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
@marc_s, right :)
– Cetin Basoz
Jul 21 '18 at 12:44
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.
– Richardissimo
Jul 21 '18 at 20:18
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.
– Cetin Basoz
Jul 21 '18 at 20:25
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
@CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.
– Richardissimo
Jul 21 '18 at 20:33
add a comment |
2
The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!
Use declared parameters instead.
See What's the best method to pass parameters to SQLCommand?
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
add a comment |
2
The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!
Use declared parameters instead.
See What's the best method to pass parameters to SQLCommand?
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
add a comment |
2
2
2
The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!
Use declared parameters instead.
See What's the best method to pass parameters to SQLCommand?
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!
Use declared parameters instead.
See What's the best method to pass parameters to SQLCommand?
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
answered Jul 21 '18 at 12:18
Steve LandSteve Land
3,8792929
3,8792929
add a comment |
add a comment |
0
Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.
In your query you have placed ' in wrong place
So just rewrite it as below:
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);
Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
add a comment |
0
Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.
In your query you have placed ' in wrong place
So just rewrite it as below:
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);
Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
add a comment |
0
0
0
Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.
In your query you have placed ' in wrong place
So just rewrite it as below:
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);
Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.
In your query you have placed ' in wrong place
So just rewrite it as below:
SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);
Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
edited May 22 at 5:55
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
answered Jul 21 '18 at 12:49
Vahid FarahmandianVahid Farahmandian
3,29832644
3,29832644
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
add a comment |
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question
– Vahid Farahmandian
Jul 21 '18 at 12:51
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!
– Vahid Farahmandian
Jul 21 '18 at 12:56
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)
– Vahid Farahmandian
Jul 21 '18 at 12:58
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
@CetinBasoz I have updated my answer and put your note inside it
– Vahid Farahmandian
Jul 21 '18 at 13:00
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51455962%2fin-sql-query-error-incorrect-syntax-near-0-in-c-sharp%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem?
('code','name','retailPrice','purchPrice','statusCode)'– Grant
Jul 21 '18 at 12:15
4
Learn to use parameters! Problems like this will go away.
– Gordon Linoff
Jul 21 '18 at 12:16
You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);
– Abhishek
Jul 21 '18 at 12:19
1
Use parameterized queries by placing the code in a
stored proc– hiFI
Jul 21 '18 at 12:21
1
Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".
– TomTom
Jul 21 '18 at 12:45