Im having an error System.Data.SqlClient.SqlException: Incorrect syntax near 'ProductID'.

Question

0.00/5 (No votes)

See more:

C#

protected void GridView2_RowCommand(object sender, GridViewCommandEventArgs e)
        {
            if (e.CommandName == "Select")
            {


                openConnection();
                SqlCommand cmd = new SqlCommand();
                cmd.Connection = cn;
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = "Insert into Cart values ProductID = @ProductID, ProductName = @ProductName, SellingPrice = @Price";

                cmd.ExecuteNonQuery();
                closeConnection();

Posted 28-Jul-11 18:36pm

thejowker

Updated 28-Jul-11 18:40pm

walterhevedeich

v2

Add a Solution

6 solutions

Solution 3

Troubleshoot these issues is to first assign the sql statement to string variable. Then set a breakpoint there and then troubleshoot the sql in management studio.Seems that Parameter is missing in your command. So add the parameter and try to execute it.

Posted 28-Jul-11 18:51pm

Asish Limbu

Solution 4

C#

Insert into Cart (ProductID ,ProductName ,SellingPrice )values (@ProductID, @ProductName,  @Price)

C#

cmd.Parameters.AddWithValue("@ProductID",[your value]);
cmd.Parameters.AddWithValue("@ProductName",[your value]);
cmd.Parameters.AddWithValue("@Price",[your value]);

change your query and start learning SQL Server Query

Posted 28-Jul-11 19:37pm

Mohd Wasif

Updated 29-Jul-11 9:28am

v2

Comments

walterhevedeich 29-Jul-11 2:44am

Good answer.

Wonde Tadesse 29-Jul-11 18:51pm

5+

Solution 7

All the above where right but i didnt understand that

u are writing

if (e.CommandName == "Select") and on select u are firing Insert Statement,,,

change it man....

Posted 31-Jul-11 20:18pm

S Saxena

Solution 5

Yes,need to add it :)

C#

Collapse
cmd.Parameters.AddWithValue("@ProductID",[your value]);
cmd.Parameters.AddWithValue("@ProductName",[your value]);
cmd.Parameters.AddWithValue("@Price",[your value])

Posted 28-Jul-11 19:40pm

Vishal Waman

Comments

walterhevedeich 29-Jul-11 2:44am

Good answer.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

walterhevedeich · Accepted Answer · 2011-07-28T18:41:00

Solution 1

There are obviously no parameters added on your data command, which might caused the error. Try adding the parameters first.

[Update]
Example:

C#

cmd.Parameters.AddWithValue("@ProductID",[your value]);
cmd.Parameters.AddWithValue("@ProductName",[your value]);
cmd.Parameters.AddWithValue("@Price",[your value]);

Posted 28-Jul-11 18:41pm

walterhevedeich

Updated 28-Jul-11 19:02pm

v2

Comments

thejowker 29-Jul-11 0:48am

can give some example? please

walterhevedeich 29-Jul-11 1:03am

See updated answer for example. Populate [your value] with the actual values.

thejowker 29-Jul-11 2:28am

Walter may I ask if its also applicable for Gridview? because the ProductID, ProductName and Price are inside the Gridview

walterhevedeich 29-Jul-11 2:44am

I can't seem to understand why you are asking that question. Have you understand the use of the parameters?

Uday P.Singh 29-Jul-11 12:00pm

correct my 5!

walterhevedeich 29-Jul-11 20:52pm

Thanks Uday

Wonde Tadesse 29-Jul-11 18:50pm

5+

walterhevedeich 29-Jul-11 20:52pm

Thanks Wonde.

Tech Code Freak · Accepted Answer · 2011-07-29T04:22:00

Your query has an error.
The correct query is:

string value1, value2, value3;
:
:
:
cmd.CommandText = "Insert into Cart (ProductID, ProductName, SellingPrice) values (@ProductID, @ProductName, @Price)";

Then set Parameters by:

cmd.Parameters.Add(new SqlParameter("@ProductID",value1));
cmd.Parameters.Add(new SqlParameter("@ProductName",value2));
cmd.Parameters.Add(new SqlParameter("@SellingPrice",value3));

or as a RISKY SHORTCUT, you can do this (or use only for localhost):

cmd.CommandText = "Insert into Cart (ProductID, ProductName, SellingPrice) values ('"+value1+"','"+value2+"','"+value3+"')";

You do this and there's no need of setting any Parameters. But at the same time will increase possibility of SQL injection attacks. So, code at your own RISK!

Good Luck for SQLing!!