SQL Insert Error Against Runtime Control Error in FLP

260 pts.
Tags:
C#
SQL 2000
SQL error messages
SQL Server
SQL Server 2000
am trying to insert into sql-2000 database my code is:



StringBuilder sb=null;

sb=new StringBuilders;

sb.Append("Insert into dummy(name,amount) values");

foreach(Control ctl in this.FlowLayoutPanel1.Controls)

{

if( ctls.Name.Contains("tb") && ctl is TextBox)

{

sb.Append(ctl.Text);

}

}

foreach(Control bbl in this.FlowLayoutPanel1.Controls)

{

if (bbl.Name.Contians("bb") && bb is TextBoxe)

{

sb.Append(bbl.Text);

}

}

SqlCommand cmd=new SqlCommand(sb.ToString(),con);

cmd.CommandType=CommandType.Text;

cmd.ExecuteNoneQuery();



I don't know what is wrong with this code but it's gives an Error Like

"Incorrect Syntax Near Values"

please help me.

 



Software/Hardware used:
C#, Visual Studio-2005,SQL-2000

Answer Wiki

Thanks. We'll let you know when a new response is added.

This is the syntax for the SQL INSERT statement:

<pre>INSERT INTO <table_name> [(<column list>)] VALUES (<values list>)</pre>

So, your INSERT string should look like this:

<pre>Insert into dummy(name,amount) values (“something”,some_value)</pre>

but it seems that you are constructing it like this:

<pre>insert into dummy(name,amount) values something some_value</pre>

To debug it, I would display the contents of the command text before running it.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Maheshwag
    thx sir, but the problem is how to rectify it in above foreach loop as the value arise from runtime controls please help me. and once again thx for feedback
    260 pointsBadges:
    report
  • carlosdl
    It could be something like this:
     StringBuilder sb = new StringBuilder();
     sb.Append("Insert into dummy(name,amount) values ('");
     foreach(Control ctl in this.FlowLayoutPanel1.Controls)
     {
     if( ctls.Name.Contains("tb") && ctl is TextBox)
     {
     sb.Append(ctl.Text + "',");
     }
     }
     foreach(Control bbl in this.FlowLayoutPanel1.Controls)
     {
     if (bbl.Name.Contians("bb") && bb is TextBoxe)
     {
     sb.Append(bbl.Text + ")");
     }
     }
     // to verify the constructed command
     MessageBox.Show(sb.ToString());
     SqlCommand cmd=new SqlCommand(sb.ToString(),con);
     cmd.CommandType=CommandType.Text;
     cmd.ExecuteNoneQuery();
    68,495 pointsBadges:
    report
  • carlosdl
    Btw, using dynamically created SQL commands could allow SQL injection attacks. You might want to investigate about parameterized commands.
    68,495 pointsBadges:
    report
  • Maheshwag
    thx sir for ur feedback I have develop the same in perameterized way. i don't know how to accept ur answer please tell me to how to accept ur answer for give to credit.
    260 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following