Click here to Skip to main content
15,889,216 members
Search within:


Incorrect syntax near the keyword 'ORDER'
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#7.0
Incorrect syntax near the keyword 'ORDER'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'ORDER'.

Dear all,
I get the error same as the above but no idea how to solve it.
Here is my code:

public DataTable getINASecKeywordList(String Shortcode)
        {
            DataTable dt = new DataTable();
            Database dbCon = DatabaseFactory.CreateDatabase("InaPremium");
            string cmd = "";
             string keyword = "";

            try
            {
               
               if (Shortcode == "All" || Shortcode == "")
                {
                   cmd = "SELECT DISTINCT(seckeyword) FROM INA_Keyword ORDER BY seckeyword";
                }
                else
                {

                    cmd = "SELECT DISTINCT(seckeyword) FROM INA_Keyword WHERE shortcode = "+ Shortcode + " AND keyword = " + keyword + " ORDER BY seckeyword";
                }
                using (DbCommand dbcmd = dbCon.GetSqlStringCommand(cmd))
                {
                    dbcmd.CommandType = CommandType.Text;
                    dbcmd.CommandTimeout = 100;
                    dt = dbCon.ExecuteDataSet(dbcmd).Tables[0];
                }
                return dt;
            }
            catch (Exception ex)
            {
                Logger.LogToFile(ConfigurationManager.AppSettings.Get("errLogPath") + "INADAC.txt", ex);
                throw;
            }
        }


I have no idea to solving for the "Incorrect syntax near the keyword 'ORDER'.
Please help thank you.

What I have tried:

Trying to solve the error that incorrect syntax
Posted
Updated 8-May-17 22:57pm
Add a Solution
Comments
Jochen Arndt 9-May-17 4:47am    
What are Shortcode and keyword?
You should print out the created command to have a look at it. Such errors may for example occur when the parameters contain spaces. Then they must be embedded by quotes.

2 solutions

Use a debugger and look at cmd to see what is your real query.

Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[^]
SQL Injection[^]
 
Share this answer
 
Posted
Your query is wrong.

cmd = "SELECT DISTINCT(seckeyword) FROM INA_Keyword WHERE shortcode = "+ Shortcode + " AND keyword = " + keyword + " ORDER BY seckeyword";

It should be like this

cmd = "SELECT DISTINCT(seckeyword) FROM INA_Keyword WHERE shortcode = '"+ Shortcode + "' AND keyword = '" + keyword + "' ORDER BY seckeyword";

as other mentioned already this approach is vulnerable to sql injection attacks. Check OWASP guidelines.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Incorrect syntax near the keyword 'inner'.
Incorrect syntax near the keyword 'order'.
Incorrect syntax near keyword 'order'
Incorrect syntax near ', '.'
Incorrect syntax near the keyword 'ORDER' in function two
Incorrect syntax near 'LIMIT'.
Incorrect syntax near the keyword procedure
Incorrect syntax near the keyword and
Incorrect syntax near Keyword Group
Search the stidents from the inner join script "'incorrect syntax near the keyword 'where'.'

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 May 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900