Home > IT Answers > Development > SQL Insert Error Against Runtime Control Error in FLP
Maheshwag
260 pts.
 SQL Insert Error Against Runtime Control Error in FLP
C#, SQL 2000, SQL error messages, SQL Server, SQL Server 2000
am trying to insert into sql-2000 database my code is:



 StringBuilder sb=null;

 sb=new StringBuilders;

 sb.Append("Insert into dummy(name,amount) values");

 foreach(Control ctl in this.FlowLayoutPanel1.Controls)

 {

 if( ctls.Name.Contains("tb") && ctl is TextBox)

 {

 sb.Append(ctl.Text);

 }

 }

 foreach(Control bbl in this.FlowLayoutPanel1.Controls)

 {

 if (bbl.Name.Contians("bb") && bb is TextBoxe)

 {

 sb.Append(bbl.Text);

 }

 }

 SqlCommand cmd=new SqlCommand(sb.ToString(),con);

 cmd.CommandType=CommandType.Text;

 cmd.ExecuteNoneQuery();


I don't know what is wrong with this code but it's gives an Error Like

"Incorrect Syntax Near Values"

please help me.

 



Software/Hardware used:
C#, Visual Studio-2005,SQL-2000
ASKED: September 2, 2010  6:55 AM
UPDATED: September 3, 2010  8:28 AM
RELATED QUESTIONS
 
  Help
 Approved Answer - Chosen by MelanieYarbrough

It could be something like this:

 StringBuilder sb = new StringBuilder();
 sb.Append("Insert into dummy(name,amount) values ('");
 foreach(Control ctl in this.FlowLayoutPanel1.Controls)
 {
 if( ctls.Name.Contains("tb") && ctl is TextBox)
 {
 sb.Append(ctl.Text + "',");
 }
 }
 foreach(Control bbl in this.FlowLayoutPanel1.Controls)
 {
 if (bbl.Name.Contians("bb") && bb is TextBoxe)
 {
 sb.Append(bbl.Text + ")");
 }
 }
 // to verify the constructed command
 MessageBox.Show(sb.ToString());
 SqlCommand cmd=new SqlCommand(sb.ToString(),con);
 cmd.CommandType=CommandType.Text;
 cmd.ExecuteNoneQuery();
ANSWERED:  Sep 2, 2010  6:18 PM (GMT)  by MelanieYarbrough
 
Other Answers:

This is the syntax for the SQL INSERT statement:

<pre>INSERT INTO <table_name> [(<column list>)] VALUES (<values list>)</pre>

So, your INSERT string should look like this:

<pre>Insert into dummy(name,amount) values (“something”,some_value)</pre>

but it seems that you are constructing it like this:

<pre>insert into dummy(name,amount) values something some_value</pre>

To debug it, I would display the contents of the command text before running it.

Last Wiki Answer Submitted:  September 2, 2010  3:37 pm  by  carlosdl   63,535 pts.
Latest Answer Wiki Contributors:  carlosdl   63,535 pts.
To see other answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

thx sir, but the problem is how to rectify it in above foreach loop as the value arise from runtime controls please help me.
and once again thx for feedback

Maheshwag
 260 pts.
 

Btw, using dynamically created SQL commands could allow SQL injection attacks. You might want to investigate about parameterized commands.

carlosdl
 63,535 pts.
 

thx sir for ur feedback I have develop the same in perameterized way. i don’t know how to accept ur answer please tell me to how to accept ur answer for give to credit.

Maheshwag
 260 pts.