i am doing the application in asp.net in that when i insert that time i have error in sql query

Question

4.00/5 (1 vote)

See more:

Database Design as follows

FieldName Data Type
Name varchar
DOB Date time
Mobile Varchar
Email Varchar
Wedding day datetime
Activate Varchar

Code as follows for inserting the record.

SQL

con.Open();
sql command cmd = new sql command(" '" + txt_name.Text + "','" + txt_mobile.Text + "','" + txt_Email.Text + "','" + FromDate.SelectedDateValue + "','" + Todate.SelectedDateValue + "'  where Activate<>'D')");
cmd.ExecuteNonQuery();
con.Close();

when i run i have error in query. query as follows

sq

sql command cmd = new sql command(" '" + txt_name.Text + "','" + txt_mobile.Text + "','" + txt_Email.Text + "','" + FromDate.SelectedDateValue + "','" + Todate.SelectedDateValue + "'  where Activate<>'D')");

please help me.to get the solution for writing the correct for my above query.

/EDIT code format /EDIT

Posted 22-Dec-12 2:26am

Member 8054539

Updated 22-Dec-12 2:50am

Jibesh

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-12-22T02:33:00

Couple of things:
Firstly, an SQL query needs more than just the data you want to insert, or update - it needs to know what you want to do with it, where it is to go, and so forth.

C#

SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES ('data for column1', 'data for column2')");

The syntax for an UPDATE query is similar, but look here for details: w3Schools[^]

Secondly, you need to specify the connection before you execute the query, either by using the SqlCommand constructor overload that has an SqlConnection parameter, or by setting the Connection parameter of the SqlCommand.

Thirdly, doing it that was is extremely dangerous. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

[edit]Typos[/edit]

Arun kumar Gauttam · Answer 2 · 2012-12-22T02:34:00

Solution 2

When You insert date or integer value in data base:
then not insert like this '" + Todate.SelectedDateValue + "',

It is a string format,
so you try like this ' + Todate.SelectedDateValue + ' or this
" + Todate.SelectedDateValue + "
(One of these work)

second problem is inset data in proper serial, just like in data base, because you not give column name in sql query

Posted 22-Dec-12 2:34am

Arun kumar Gauttam

Updated 22-Dec-12 2:40am

v3

Comments

Jibesh 22-Dec-12 8:37am

why you want to keep the date column as string? this is not a good solution. date column must be kept in that same format so that query execution will be faster and query filter can be done without conversion overhead

Arun kumar Gauttam 22-Dec-12 8:43am

ya i know but i just want to suggest Diffrent solution of this question

Jibesh 22-Dec-12 8:46am

but its not a good solution so better avoid such solution in future and suggest what is best by all means so that OP wont be screwed at the end following us.

Arun kumar Gauttam 22-Dec-12 21:04pm

ok,i Am sorry for my mistake