Click here to Skip to main content
11,434,611 members (59,337 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C#
Database Design as follows

FieldName Data Type
Name varchar
DOB Date time
Mobile Varchar
Email Varchar
Wedding day datetime
Activate Varchar

Code as follows for inserting the record.
con.Open();
sql command cmd = new sql command(" '" + txt_name.Text + "','" + txt_mobile.Text + "','" + txt_Email.Text + "','" + FromDate.SelectedDateValue + "','" + Todate.SelectedDateValue + "'  where Activate<>'D')");
cmd.ExecuteNonQuery();
con.Close();
when i run i have error in query. query as follows
sql command cmd = new sql command(" '" + txt_name.Text + "','" + txt_mobile.Text + "','" + txt_Email.Text + "','" + FromDate.SelectedDateValue + "','" + Todate.SelectedDateValue + "'  where Activate<>'D')"); 
please help me.to get the solution for writing the correct for my above query.

/EDIT code format /EDIT
Posted 22-Dec-12 3:26am
Edited 22-Dec-12 3:50am
Jibesh16.8K
v2
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Couple of things:
Firstly, an SQL query needs more than just the data you want to insert, or update - it needs to know what you want to do with it, where it is to go, and so forth.
SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES ('data for column1', 'data for column2')");
The syntax for an UPDATE query is similar, but look here for details: w3Schools[^]

Secondly, you need to specify the connection before you execute the query, either by using the SqlCommand constructor overload that has an SqlConnection parameter, or by setting the Connection parameter of the SqlCommand.

Thirdly, doing it that was is extremely dangerous. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

[edit]Typos[/edit]
  Permalink  
v2
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

When You insert date or integer value in data base:
then not insert like this '" + Todate.SelectedDateValue + "',


It is a string format,
so you try like this ' + Todate.SelectedDateValue + ' or this
" + Todate.SelectedDateValue + "
(One of these work)

second problem is inset data in proper serial, just like in data base, because you not give column name in sql query
  Permalink  
v3
Comments
jibesh at 22-Dec-12 8:37am
   
why you want to keep the date column as string? this is not a good solution. date column must be kept in that same format so that query execution will be faster and query filter can be done without conversion overhead
Arun1990 at 22-Dec-12 8:43am
   
ya i know but i just want to suggest Diffrent solution of this question
jibesh at 22-Dec-12 8:46am
   
but its not a good solution so better avoid such solution in future and suggest what is best by all means so that OP wont be screwed at the end following us.
Arun1990 at 22-Dec-12 21:04pm
   
ok,i Am sorry for my mistake

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web01 | 2.8.150428.2 | Last Updated 22 Dec 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100