Invalid operation exception

Question

1.00/5 (1 vote)

See more:

i am using below code. system is generating invalid operation exception at line

com.ExecuteNonQuery();

please suggest

SqlConnection con = new SqlConnection();
con.ConnectionString = "Data Source=.\\SQLEXPRESS;Initial Catalog=master";
string q = "insert into category_name(category_name) values('" + TextBox1.Text + "')";
SqlCommand com = new SqlCommand(q, con);
com.ExecuteNonQuery();
Response.Write("alert('Category successfully registered')");
con.Close();

What I have tried:

SqlConnection con = new SqlConnection();
        con.ConnectionString = "Data Source=.\\SQLEXPRESS;Initial Catalog=master";
        string q = "insert into category_name(category_name) values('" + TextBox1.Text + "')";
        SqlCommand com = new SqlCommand(q, con);
        com.ExecuteNonQuery();
        Response.Write("<script>alert('Category successfully registered')</script>");
        con.Close();

Posted 22-Jul-17 7:30am

Member 12950401

Updated 22-Jul-17 16:09pm

Add a Solution

Comments

Graeme_Grant 22-Jul-17 22:14pm

Is there an InnerException?

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2017-07-22T07:46:00

Solution 1

Don't do it like that! Never concatenate strings to form an SQL command - always use Parameterized queries instead or you are at risk of SQL Injection which lets users damage or destroy your database just by typing in a textbox.

Fix that in the code you show - and everywhere else in your app - and your problem will probably go away at the same time.

Posted 22-Jul-17 7:46am

OriginalGriff

Comments

Member 12950401 22-Jul-17 13:50pm

sir..i am new to this..how to write parameterized queries

Atlapure Ambrish · Answer 2 · 2017-07-22T16:02:00

In your code I see you are using 'master' database, this is is a system database. I don't think you are intentionally using this. Change the database to the one in which you have created category_name table. Also make the query parameterized instead of injecting values directly as this is vulnerable to sql injection attack. For parameterized query you can do like this..

string strQuery;

SqlCommand cmd;

strQuery = "insert into customers (CustomerID, CompanyName) values(@CustomerID, @CompanyName)";

cmd = new SqlCommand(strQuery);

cmd.Parameters.AddWithValue("@CustomerID", "A234");

cmd.Parameters.AddWithValue("@CompanyName", "DCB");

Patrice T · Answer 3 · 2017-07-22T16:09:00

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]

Invalid operation exception

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0