Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# ASP.NET
SqlException (0x80131904): Incorrect syntax near '('.
 
string s11 = "update SessionItem(ItemName,Quantity,Price,Date,Month) set ItemName='" + TextBox7.Text + "',Quantity='" + nb + "',Price='" + TextBox9.Text + "',Date='" + dt1 + "',Month='" + month1 + "' where ItemName='" + TextBox7.Text + "' ";
 SqlCommand cmdh = new SqlCommand(s11, DbConnection.mCon);
 cmdh.ExecuteNonQuery();
Posted 17-Dec-12 1:26am
Edited 17-Dec-12 1:28am
v2
Comments
Kiran Susarla at 17-Dec-12 6:30am
   
I am assuming SessionItem is your table name. Why are you specifying the column names after SessionItem?
vishnumca123 at 17-Dec-12 6:32am
   
string s11 = "update SessionItem set ItemName='" + TextBox7.Text + "',Quantity='" + nb + "',Price='" + TextBox9.Text + "',Date='" + dt1 + "',Month='" + month1 + "' where ItemName='" + TextBox7.Text + "' ";
SqlCommand cmdh = new SqlCommand(s11, DbConnection.mCon);
cmdh.ExecuteNonQuery();
ravuravu at 17-Dec-12 6:36am
   
am specifying because of more fields in it,but am updating the selected fields so that am specifying the fields
ravuravu at 17-Dec-12 6:41am
   
yes thats the correct way
ravuravu at 17-Dec-12 6:42am
   
i correct it
thank u kiran and vishnumcal
Sanjay K. Gupta at 17-Dec-12 6:53am
   
Hi ravuravu,
Please tell me who has taught you to pass SQL Parameters like this way???
I am searching for the person (or any source). Please.
ravuravu at 18-Dec-12 6:17am
   
am a fresher am studying myself searching like net,books etc.its ma mistake,
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The format of an UPDATE command is not the same as an INSERT:
UPDATE <table_name> SET <field>=<new value>,<field... WHERE ...
 
Having said that, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
 
[edit]Forgot to encode HTML, grr. - OriginalGriff[/edit]
 

 
"sir pls show an example for parameterized queries"
 

            using (SqlConnection con = new SqlConnection(strConnect))
                {
                con.Open();
                using (SqlCommand com = new SqlCommand("UPDATE myTable SET myColumn1=@C1, myColumn2=@C2 WHERE Id=@ID", con))
                    {
                    com.Parameters.AddWithValue("@ID", id);
                    com.Parameters.AddWithValue("@C1", myValueForColumn1);
                    com.Parameters.AddWithValue("@C2", myValueForColumn2);
                    com.ExecuteNonQuery();
                    }
                }
  Permalink  
v4
Comments
ravuravu at 17-Dec-12 6:37am
   
sir pls show an example for parameterized queries
OriginalGriff at 17-Dec-12 6:42am
   
Answer updated
ravuravu at 17-Dec-12 6:44am
   
thanks for sending the parameterized queries
OriginalGriff at 17-Dec-12 6:49am
   
You're welcome!
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

string s11 = "update SessionItem set ItemName='" + TextBox7.Text + "',Quantity='" + nb + "',Price='" + TextBox9.Text + "',Date='" + dt1 + "',Month='" + month1 + "' where ItemName='" + TextBox7.Text + "' ";
 SqlCommand cmdh = new SqlCommand(s11, DbConnection.mCon);
 cmdh.ExecuteNonQuery();
 
Note: For better performance and security make a good habbit to use parameterized query.
 

Thanks
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 476
1 Sergey Alexandrovich Kryukov 235
2 CHill60 195
3 Afzaal Ahmad Zeeshan 145
4 TheRealSteveJudge 120
0 Sergey Alexandrovich Kryukov 9,121
1 OriginalGriff 7,920
2 Peter Leow 4,774
3 Kornfeld Eliyahu Peter 3,210
4 Maciej Los 2,176


Advertise | Privacy | Mobile
Web04 | 2.8.150327.1 | Last Updated 18 Dec 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100