IN SQL Query Error “”Incorrect syntax near '0)'." in c#What's the best method to pass parameters to SQLCommand?C# Equivalent of SQL Server DataTypesInserting multiple rows in a single SQL query?SQL update query using joinsPass file name from file upload control to filestreamdon't see the new database and can't log inWhat is the get; set; syntax in C#?ASP.Net insert data from Textbox to a databasehow to bind datagridview in ado.netSyntax Error at Database Connection String asp.net & c#Incorrect syntax near 'ENTUserAccount'

Jargon request: "Canonical Form" of a word

Implement Own Vector Class in C++

How does an ordinary object become radioactive?

Why didn't Voldemort recognize that Dumbledore was affected by his curse?

How to hide an urban landmark?

Is it a problem if <h4>, <h5> and <h6> are smaller than regular text?

You have (3^2 + 2^3 + 2^2) Guesses Left. Figure out the Last one

What is the actual quality of machine translations?

I have a problem assistant manager, but I can't fire him

With Ubuntu 18.04, how can I have a hot corner that locks the computer?

Check if three arrays contains the same element

Are there any important biographies of nobodies?

Geopandas and QGIS Calulating Different Polygon Area Values?

Is a lack of character descriptions a problem?

How to produce a more sophisticated pie chart?

CROSS APPLY produces outer join

How to handle self harm scars on the arm in work environment?

Certain search in list

Has there been a multiethnic Star Trek character?

Mathematically, why does mass matrix / load vector lumping work?

How to trick the reader into thinking they're following a redshirt instead of the protagonist?

What speaks against investing in precious metals?

Determining fair price for profitable mobile app business

Why we don’t make use of the t-distribution for constructing a confidence interval for a proportion?



IN SQL Query Error “”Incorrect syntax near '0)'." in c#


What's the best method to pass parameters to SQLCommand?C# Equivalent of SQL Server DataTypesInserting multiple rows in a single SQL query?SQL update query using joinsPass file name from file upload control to filestreamdon't see the new database and can't log inWhat is the get; set; syntax in C#?ASP.Net insert data from Textbox to a databasehow to bind datagridview in ado.netSyntax Error at Database Connection String asp.net & c#Incorrect syntax near 'ENTUserAccount'






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








-1















SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();

SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
 VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);

cmd.ExecuteNonQuery();
con.Close();


This code causes an error




Incorrect syntax near '0)'




What is the solution?



I'm using Visual Studio 2012 and SQL Server






c# sql-server database







share|improve this question



















  • 4





    I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem? ('code','name','retailPrice','purchPrice','statusCode)'

    – Grant
    Jul 21 '18 at 12:15







  • 4





    Learn to use parameters! Problems like this will go away.

    – Gordon Linoff
    Jul 21 '18 at 12:16











  • You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);

    – Abhishek
    Jul 21 '18 at 12:19







  • 1





    Use parameterized queries by placing the code in a stored proc

    – hiFI
    Jul 21 '18 at 12:21






  • 1





    Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".

    – TomTom
    Jul 21 '18 at 12:45

















-1















SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();

SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
 VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);

cmd.ExecuteNonQuery();
con.Close();


This code causes an error




Incorrect syntax near '0)'




What is the solution?



I'm using Visual Studio 2012 and SQL Server






c# sql-server database







share|improve this question



















  • 4





    I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem? ('code','name','retailPrice','purchPrice','statusCode)'

    – Grant
    Jul 21 '18 at 12:15







  • 4





    Learn to use parameters! Problems like this will go away.

    – Gordon Linoff
    Jul 21 '18 at 12:16











  • You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);

    – Abhishek
    Jul 21 '18 at 12:19







  • 1





    Use parameterized queries by placing the code in a stored proc

    – hiFI
    Jul 21 '18 at 12:21






  • 1





    Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".

    – TomTom
    Jul 21 '18 at 12:45













-1












-1








-1








SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();

SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
 VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);

cmd.ExecuteNonQuery();
con.Close();


This code causes an error




Incorrect syntax near '0)'




What is the solution?



I'm using Visual Studio 2012 and SQL Server






c# sql-server database







share|improve this question
















SqlConnection con = new SqlConnection(@"Data Source=HAMMAD2-PCSQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True");
con.Open();

SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
 VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+")'",con);

cmd.ExecuteNonQuery();
con.Close();


This code causes an error




Incorrect syntax near '0)'




What is the solution?



I'm using Visual Studio 2012 and SQL Server






c# sql-server database




c# sql-server database






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jul 21 '18 at 12:43









marc_s

592k13311331278




592k13311331278










asked Jul 21 '18 at 12:12









M Hammad AwanM Hammad Awan

4




4







  • 4





    I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem? ('code','name','retailPrice','purchPrice','statusCode)'

    – Grant
    Jul 21 '18 at 12:15







  • 4





    Learn to use parameters! Problems like this will go away.

    – Gordon Linoff
    Jul 21 '18 at 12:16











  • You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);

    – Abhishek
    Jul 21 '18 at 12:19







  • 1





    Use parameterized queries by placing the code in a stored proc

    – hiFI
    Jul 21 '18 at 12:21






  • 1





    Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".

    – TomTom
    Jul 21 '18 at 12:45












  • 4





    I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem? ('code','name','retailPrice','purchPrice','statusCode)'

    – Grant
    Jul 21 '18 at 12:15







  • 4





    Learn to use parameters! Problems like this will go away.

    – Gordon Linoff
    Jul 21 '18 at 12:16











  • You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);

    – Abhishek
    Jul 21 '18 at 12:19







  • 1





    Use parameterized queries by placing the code in a stored proc

    – hiFI
    Jul 21 '18 at 12:21






  • 1





    Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".

    – TomTom
    Jul 21 '18 at 12:45







4




4





I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem? ('code','name','retailPrice','purchPrice','statusCode)'

– Grant
Jul 21 '18 at 12:15






I recommend doing a search on "parameterizing queries in c#" - it'll help prevent errors like this one, among other things. Substituting some fake values for your parameters, do you see the problem? ('code','name','retailPrice','purchPrice','statusCode)'

– Grant
Jul 21 '18 at 12:15





4




4





Learn to use parameters! Problems like this will go away.

– Gordon Linoff
Jul 21 '18 at 12:16





Learn to use parameters! Problems like this will go away.

– Gordon Linoff
Jul 21 '18 at 12:16













You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);

– Abhishek
Jul 21 '18 at 12:19






You have missed closing quotes try this ('"+pcodetxt.Text+"','"+pnametxt.Text+"','"+rtlpricetxt+"','"+purpricetxt.Text+"','"+statuscbox.SelectedIndex+"')",con);

– Abhishek
Jul 21 '18 at 12:19





1




1





Use parameterized queries by placing the code in a stored proc

– hiFI
Jul 21 '18 at 12:21





Use parameterized queries by placing the code in a stored proc

– hiFI
Jul 21 '18 at 12:21




1




1





Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".

– TomTom
Jul 21 '18 at 12:45





Simple debug 101: Copy string into variable, look at generated string. Paste into SSMS (SQL Server Managemen Studio). THis is not C# related at all, except "you make mistake putting a string together".

– TomTom
Jul 21 '18 at 12:45












3 Answers
3






active

oldest

votes


















3














There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:



using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
 ([ProductID]
 ,[ProductName]
 ,[SalePrice]
 ,[PurchasePrice]
 ,[Status])
VALUES
 (@pid, @pname, @salePrice, @purPrice, @status)", con))

 cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
 cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
 cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
 cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
 cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;

 con.Open();
 cmd.ExecuteNonQuery();
 con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block






share|improve this answer

























  • You should be using a using (....) .... block for the SqlCommand as well!

    – marc_s
    Jul 21 '18 at 12:43











  • @marc_s, right :)

    – Cetin Basoz
    Jul 21 '18 at 12:44











  • And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

    – Richardissimo
    Jul 21 '18 at 20:18











  • @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

    – Cetin Basoz
    Jul 21 '18 at 20:25











  • @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

    – Richardissimo
    Jul 21 '18 at 20:33


















2














The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!



Use declared parameters instead.
See What's the best method to pass parameters to SQLCommand?






share|improve this answer






























    0














    Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.



    In your query you have placed ' in wrong place



    So just rewrite it as below:



    SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
     VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);


    Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.






    share|improve this answer

























    • @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

      – Vahid Farahmandian
      Jul 21 '18 at 12:51











    • @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

      – Vahid Farahmandian
      Jul 21 '18 at 12:56












    • @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

      – Vahid Farahmandian
      Jul 21 '18 at 12:58











    • @CetinBasoz I have updated my answer and put your note inside it

      – Vahid Farahmandian
      Jul 21 '18 at 13:00











    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51455962%2fin-sql-query-error-incorrect-syntax-near-0-in-c-sharp%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    3














    There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:



    using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
    using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
     ([ProductID]
     ,[ProductName]
     ,[SalePrice]
     ,[PurchasePrice]
     ,[Status])
    VALUES
     (@pid, @pname, @salePrice, @purPrice, @status)", con))

     cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
     cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
     cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
     cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
     cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;

     con.Open();
     cmd.ExecuteNonQuery();
     con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block






    share|improve this answer

























    • You should be using a using (....) .... block for the SqlCommand as well!

      – marc_s
      Jul 21 '18 at 12:43











    • @marc_s, right :)

      – Cetin Basoz
      Jul 21 '18 at 12:44











    • And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

      – Richardissimo
      Jul 21 '18 at 20:18











    • @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

      – Cetin Basoz
      Jul 21 '18 at 20:25











    • @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

      – Richardissimo
      Jul 21 '18 at 20:33















    3














    There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:



    using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
    using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
     ([ProductID]
     ,[ProductName]
     ,[SalePrice]
     ,[PurchasePrice]
     ,[Status])
    VALUES
     (@pid, @pname, @salePrice, @purPrice, @status)", con))

     cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
     cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
     cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
     cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
     cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;

     con.Open();
     cmd.ExecuteNonQuery();
     con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block






    share|improve this answer

























    • You should be using a using (....) .... block for the SqlCommand as well!

      – marc_s
      Jul 21 '18 at 12:43











    • @marc_s, right :)

      – Cetin Basoz
      Jul 21 '18 at 12:44











    • And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

      – Richardissimo
      Jul 21 '18 at 20:18











    • @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

      – Cetin Basoz
      Jul 21 '18 at 20:25











    • @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

      – Richardissimo
      Jul 21 '18 at 20:33













    3












    3








    3







    There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:



    using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
    using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
     ([ProductID]
     ,[ProductName]
     ,[SalePrice]
     ,[PurchasePrice]
     ,[Status])
    VALUES
     (@pid, @pname, @salePrice, @purPrice, @status)", con))

     cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
     cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
     cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
     cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
     cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;

     con.Open();
     cmd.ExecuteNonQuery();
     con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block






    share|improve this answer















    There wouldn't be such an error if you have used parameters, plus you would be protected from "SQL injection attack". ie:



    using (SqlConnection con = new SqlConnection(@"server=.SQLEXPRESS;Initial Catalog=StockManagement;Integrated Security=True"))
    using (SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product]
     ([ProductID]
     ,[ProductName]
     ,[SalePrice]
     ,[PurchasePrice]
     ,[Status])
    VALUES
     (@pid, @pname, @salePrice, @purPrice, @status)", con))

     cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pcodetxt.Text);
     cmd.Parameters.Add("@pname", SqlDbType.VarChar).Value = pnametxt.Text;
     cmd.Parameters.Add("@salePrice", SqlDbType.Money).Value = decimal.Parse(rtlpricetxt);
     cmd.Parameters.Add("@purPrice", SqlDbType.Money).Value = decimal.Parse(purpricetxt.Text);
     cmd.Parameters.Add("@status", SqlDbType.Int).Value = statuscbox.SelectedIndex;

     con.Open();
     cmd.ExecuteNonQuery();
     con.Close(); // This is not needed: it is done by the implicit Dispose when exiting the using block







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Jul 22 '18 at 4:32









    Richardissimo

    4,4752827




    4,4752827










    answered Jul 21 '18 at 12:33









    Cetin BasozCetin Basoz

    11.2k11629




    11.2k11629












    • You should be using a using (....) .... block for the SqlCommand as well!

      – marc_s
      Jul 21 '18 at 12:43











    • @marc_s, right :)

      – Cetin Basoz
      Jul 21 '18 at 12:44











    • And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

      – Richardissimo
      Jul 21 '18 at 20:18











    • @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

      – Cetin Basoz
      Jul 21 '18 at 20:25











    • @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

      – Richardissimo
      Jul 21 '18 at 20:33

















    • You should be using a using (....) .... block for the SqlCommand as well!

      – marc_s
      Jul 21 '18 at 12:43











    • @marc_s, right :)

      – Cetin Basoz
      Jul 21 '18 at 12:44











    • And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

      – Richardissimo
      Jul 21 '18 at 20:18











    • @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

      – Cetin Basoz
      Jul 21 '18 at 20:25











    • @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

      – Richardissimo
      Jul 21 '18 at 20:33
















    You should be using a using (....) .... block for the SqlCommand as well!

    – marc_s
    Jul 21 '18 at 12:43





    You should be using a using (....) .... block for the SqlCommand as well!

    – marc_s
    Jul 21 '18 at 12:43













    @marc_s, right :)

    – Cetin Basoz
    Jul 21 '18 at 12:44





    @marc_s, right :)

    – Cetin Basoz
    Jul 21 '18 at 12:44













    And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

    – Richardissimo
    Jul 21 '18 at 20:18





    And there's no need to close the connection, which is done by the implicit Dispose when exiting the using block. And you could probably help the OP by sticking with their connection string, to avoid them thinking there was something subtlely wrong with it.

    – Richardissimo
    Jul 21 '18 at 20:18













    @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

    – Cetin Basoz
    Jul 21 '18 at 20:25





    @Richardissimo, there was something subtlety wrong with it. It doesn't always work if you write it with machine name. Dot works.

    – Cetin Basoz
    Jul 21 '18 at 20:25













    @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

    – Richardissimo
    Jul 21 '18 at 20:33





    @CetinBasoz Thanks for explaining that... I haven't heard of that before. Maybe consider explaining that in your answer; but it's not a problem this user is suffering from.

    – Richardissimo
    Jul 21 '18 at 20:33













    2














    The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!



    Use declared parameters instead.
    See What's the best method to pass parameters to SQLCommand?






    share|improve this answer



























      2














      The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!



      Use declared parameters instead.
      See What's the best method to pass parameters to SQLCommand?






      share|improve this answer

























        2












        2








        2







        The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!



        Use declared parameters instead.
        See What's the best method to pass parameters to SQLCommand?






        share|improve this answer













        The error is because you're missing a closing quote in your sql statement, but you shouldnt be creating your statement manually with string manipulation in any case - this is very error prone, and extremely unsafe!



        Use declared parameters instead.
        See What's the best method to pass parameters to SQLCommand?







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jul 21 '18 at 12:18









        Steve LandSteve Land

        3,8792929




        3,8792929





















            0














            Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.



            In your query you have placed ' in wrong place



            So just rewrite it as below:



            SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
             VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);


            Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.






            share|improve this answer

























            • @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

              – Vahid Farahmandian
              Jul 21 '18 at 12:51











            • @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

              – Vahid Farahmandian
              Jul 21 '18 at 12:56












            • @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

              – Vahid Farahmandian
              Jul 21 '18 at 12:58











            • @CetinBasoz I have updated my answer and put your note inside it

              – Vahid Farahmandian
              Jul 21 '18 at 13:00















            0














            Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.



            In your query you have placed ' in wrong place



            So just rewrite it as below:



            SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
             VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);


            Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.






            share|improve this answer

























            • @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

              – Vahid Farahmandian
              Jul 21 '18 at 12:51











            • @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

              – Vahid Farahmandian
              Jul 21 '18 at 12:56












            • @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

              – Vahid Farahmandian
              Jul 21 '18 at 12:58











            • @CetinBasoz I have updated my answer and put your note inside it

              – Vahid Farahmandian
              Jul 21 '18 at 13:00













            0












            0








            0







            Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.



            In your query you have placed ' in wrong place



            So just rewrite it as below:



            SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
             VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);


            Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.






            share|improve this answer















            Incorrect Syntax near X, tries to show you that there is some thing wrong just before or after the X.



            In your query you have placed ' in wrong place



            So just rewrite it as below:



            SqlCommand cmd = new SqlCommand(@"INSERT INTO [StockManagement].[dbo].[Product] ([ProductID], [ProductName], [SalePrice], [PurchasePrice], [Status])
             VALUES ('" + pcodetxt.Text + "','" + pnametxt.Text + "','" + rtlpricetxt + "','" + purpricetxt.Text + "','" + statuscbox.SelectedIndex+"')",con);


            Note: Using following code you put your self in the scope of the SQL Injection vulnerability, so you should always try to write the code as @CetinBasoz posted or other similar methods that makes you secure against the similar vulnerabilities.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited May 22 at 5:55

























            answered Jul 21 '18 at 12:49









            Vahid FarahmandianVahid Farahmandian

            3,29832644




            3,29832644












            • @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

              – Vahid Farahmandian
              Jul 21 '18 at 12:51











            • @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

              – Vahid Farahmandian
              Jul 21 '18 at 12:56












            • @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

              – Vahid Farahmandian
              Jul 21 '18 at 12:58











            • @CetinBasoz I have updated my answer and put your note inside it

              – Vahid Farahmandian
              Jul 21 '18 at 13:00

















            • @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

              – Vahid Farahmandian
              Jul 21 '18 at 12:51











            • @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

              – Vahid Farahmandian
              Jul 21 '18 at 12:56












            • @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

              – Vahid Farahmandian
              Jul 21 '18 at 12:58











            • @CetinBasoz I have updated my answer and put your note inside it

              – Vahid Farahmandian
              Jul 21 '18 at 13:00
















            @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

            – Vahid Farahmandian
            Jul 21 '18 at 12:51





            @CetinBasoz problem is not with the coding style. If he/she asks about the right or secure code, we can pay attention to your comment, other wise your comment is out of the scope of the question

            – Vahid Farahmandian
            Jul 21 '18 at 12:51













            @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

            – Vahid Farahmandian
            Jul 21 '18 at 12:56






            @CetinBasoz you are 100% right and I DO agree with you. But I am trying to tell you that there is different options to solve the abovementioned problem. one is yours and the other is mine etc. Your code is secure and etc...And my code is in the form of the question and I've just tried not to change the code. I think there is no need to down vote!

            – Vahid Farahmandian
            Jul 21 '18 at 12:56














            @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

            – Vahid Farahmandian
            Jul 21 '18 at 12:58





            @CetinBasoz OK, you can mention it as a comment to the given code. Good Luck ;-)

            – Vahid Farahmandian
            Jul 21 '18 at 12:58













            @CetinBasoz I have updated my answer and put your note inside it

            – Vahid Farahmandian
            Jul 21 '18 at 13:00





            @CetinBasoz I have updated my answer and put your note inside it

            – Vahid Farahmandian
            Jul 21 '18 at 13:00

















            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51455962%2fin-sql-query-error-incorrect-syntax-near-0-in-c-sharp%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

            Image
            Pages using ISBN magic linksMbegu za lughaKamusiIsimu nenoKiarabukitabulughaKiswahilialfabetimaanaufafanuzimanenomuhtasarisarufividahizoalfabeti Kamusi Kutoka Wikipedia, kamusi elezo huru Jump to navigation Jump to search Kamusi za Kiswahili Kamusi ya Kiswahili-Kiswahili (kamusi wahidiya) Kamusi ya Kiswahili - Kiingereza (kamusi thania) Kamusi (kutoka neno la Kiarabu قاموس qamus ) ni kitabu ambacho kinaorodhesha maneno ya lugha yaliyokusanywa kutoka kwa watumiaji wa lugha fulani, kwa mfano lugha ya Kiswahili. Maneno hupangwa kwa mtindo wa alfabeti, hutoa maana, asili na ufafanuzi wa utumizi wa maneno na jinsi yanavyotumika au yanavyotamkwa. [1] Yaliyomo 1 Aina za kamusi 2 Muundo wa kamusi 2.1 1. Utangulizi wa kamusi 2.2 2. Matini ya kamusi 2.3 3. Sherehe ya kamusi 3 Faida za kamusi 4 Dhima ya picha katika kamusi 5 Marejeo 6 Tazama pia 7 Viungo vya nje Aina za kamusi | Kuna aina mbalimbali za kamusi ambazo ni: Kamusi wahidiya yaani ya l
            Read more

            Swift 4 - func physicsWorld not invoked on collision? The Next CEO of Stack OverflowHow to call Objective-C code from Swift#ifdef replacement in the Swift language@selector() in Swift?#pragma mark in Swift?Swift for loop: for index, element in array?dispatch_after - GCD in Swift?Swift Beta performance: sorting arraysSplit a String into an array in Swift?The use of Swift 3 @objc inference in Swift 4 mode is deprecated?How to optimize UITableViewCell, because my UITableView lags

            Image
            Strange use of "whether ... than ..." in official text Could a dragon use its wings to swim? Car headlights in a world without electricity How to avoid supervisors with prejudiced views? Is the offspring between a demon and a celestial possible? If so what is it called and is it in a book somewhere? Can I board the first leg of the flight without having final country's PR card? subequations: How to continue numbering within subequation? How do you define an element with an ID attribute using LWC? Relevant Part for a Badminton Serve What CSS properties can the br tag have? What are the unusually-enlarged wing sections on this P-38 Lightning? Why did early computer designers eschew integers? Is it a bad idea to plug the other end of ESD strap to wall ground? Magento 1.9 observer on only new product added ( no updated product ) Airplane gently rocking its wings during whole flight It is correct to match light sources with the same color temperat
            Read more

            Access current req object everywhere in Node.js ExpressWhy are global variables considered bad practice? (node.js)Using req & res across functionsHow do I get the path to the current script with Node.js?What is Node.js' Connect, Express and “middleware”?Node.js w/ express error handling in callbackHow to access the GET parameters after “?” in Express?Modify Node.js req object parametersAccess “app” variable inside of ExpressJS/ConnectJS middleware?Node.js Express app - request objectAngular Http Module considered middleware?Session variables in ExpressJSAdd properties to the req object in expressjs with Typescript

            Image
            What steps should I take to lawfully visit the United States as a tourist immediately after visiting on a B-1 visa? Would dual wielding daggers be a viable choice for a covert bodyguard? For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash? Using Newton's shell theorem to accelerate a spaceship Why doesn't sea level show seasonality? What prevents someone from claiming to be the murderer in order to get the real murderer off? Has anyone in space seen or photographed a simple laser pointer from Earth? What does (void *)1 mean Why does the U.S. tolerate foreign influence from Saudi Arabia and Israel on its domestic policies while not tolerating that from China or Russia? Modulus Operandi What's the point of having a RAID 1 configuration over incremental backups to a secondary drive? How to ask for a LinkedIn endorsement? Good resources for solving techniques (Metaheuristics, MILP, CP etc) How woul
            Read more