Exception details: system.data.sqlclient.sqlexception: incorrect syntax near '='.

Question

0.00/5 (No votes)

See more:

Hello, I'm receiving an error when publishing my code. Please help me identify what the problem may be. Thanks

C#

using System;
using System.Data.SqlClient;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Cart : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        List<string> SKUS = Convert.ToString(Session["DataTable"]).Split(',').ToList<string>();

        Session["ItemsInCart"] = SKUS.Count;

        var MultiSelect = new SqlCommand();

        string cmdString1;

        cmdString1 = "Select Manufacture, SKU, Name, Price From Product WHERE SKU = " + Session["CartTable"];

        var connection = new SqlConnection("Data Source=Omisbi3.niunt.niu.edu;Initial Catalog=675_z1626585;User ID=OMIS675FA;Password=Omis.675!");

        SqlDataReader sdr;

        Decimal Total = 0;

        //Creating the table

        var DT = new DataTable("CartDisplay");

        var column1 = new DataColumn("SKU");

        column1.DataType = System.Type.GetType("System.Int32");

        var column2 = new DataColumn("Manufacture");

        column2.DataType = System.Type.GetType("System.String");

        var column3 = new DataColumn("Name");

        column3.DataType = System.Type.GetType("System.String");

        var column4 = new DataColumn("Price");

        column4.DataType = System.Type.GetType("System.Decimal");

        DT.Columns.Add(column1);

        DT.Columns.Add(column2);

        DT.Columns.Add(column3);

        DT.Columns.Add(column4);

        for (int i = 0; i <= SKUS.Count - 1; i++)

        {

            MultiSelect.CommandText = "Select SKU, Manufacture, Name, Price From Products WHERE SKU =" + SKUS[i];

            MultiSelect.Connection = connection;

            MultiSelect.Connection.Open();

            sdr = MultiSelect.ExecuteReader();

            while (sdr.Read())

            {

                DataRow Row1;

                Row1 = DT.NewRow();

                Total = Total + sdr.GetDecimal(3);

                Row1["SKU"] = sdr.GetInt32(0);

                Row1["Manufacture"] = sdr.GetString(1);

                Row1["Name"] = sdr.GetString(2);

                Row1["Price"] = sdr.GetDecimal(3);

                DT.Rows.Add(Row1);

            }

            MultiSelect.Connection.Close();

            lblResults.Text = "Your total is $" + Total;

        }

        GridView1.DataSource = DT;

        GridView1.DataBind();
    }
}

What I have tried:

I tried to troubleshoot the error by seeing if I needed to add a space in the code.

Posted 14-Dec-17 11:46am

Member 13576953

Updated 14-Dec-17 14:05pm

PIEBALDconsult

v3

Add a Solution

Comments

PIEBALDconsult 14-Dec-17 18:02pm

It's probably here: WHERE SKU =" + SKUS[i];
Which is a big reason to use a parameterized statement rather than using string concatenation.

Member 13576953 14-Dec-17 18:29pm

I'm new to coding. How can I fix this?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

RossMW · Accepted Answer · 2017-12-14T14:05:00

Solution 1

Instead of

MultiSelect.CommandText = "Select SKU, Manufacture, Name, Price From Products WHERE SKU =" + SKUS[i];

try

MultiSelect.CommandText = "Select SKU, Manufacture, Name, Price From Products WHERE SKU = @SKUS";
MultiSelect.Parameters.Clear();
MultiSelect.Parameters.AddWithValue("@SKUS", SKUS[i]);

Ensure SKUS[i] is the same object type as the field SKU (ie numeric or string etc).

Also move what is not necessary out of the loop. (open, commandtext is the same for all interations and it will be open for the second loop so in the loop is only the parameters clearing/ setting and the execute.

Posted 14-Dec-17 14:05pm

RossMW

Updated 14-Dec-17 14:10pm

v2

Comments

PIEBALDconsult 14-Dec-17 22:33pm

Better not to clear and re-add the parameter; just set its Value in the loop.

RossMW 14-Dec-17 22:39pm

Good point. I tend to get a bit lazy and just use a simple solution. If the array not too big it should only have a very minor effect.

PIEBALDconsult 14-Dec-17 22:57pm

The lazy simple solution is to encapsulate it in a method rather than writing it over and over again.

RossMW 14-Dec-17 23:02pm

And depending on circumstances put it in a transaction...