in this code sytax errror is occur when sc.excecute non query line is debng what is the probs any one can help me

Question

1.00/5 (1 vote)

See more:

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.Sql;
using System.Data.SqlClient;

namespace Demo
{
   public partial class Form1 : Form
   {
      public Form1()
      {
         InitializeComponent();
      }

      private void button4_Click(object sender, EventArgs e)
      {
         SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename= C:\Users\Sharoon\Documents\Visual Studio 2010\Projects\Demo\Demo\bin\Debug\Demo.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
         con.Open();
         SqlCommand sc = new SqlCommand("INSERT INTO Company VALUES('" + textBox2.Text + ",'" + textBox3.Text + ",'" + textBox4.Text + ",'" + textBox5.Text + ",'" + textBox6.Text + ",'" + textBox7.Text + ",'" + textBox8.Text + ",'" + textBox9.Text + ",'" + textBox10.Text + ",'" + textBox11.Text + ",'" + textBox12.Text + ",'" + textBox13.Text + ",'" + textBox14.Text + ",'" + textBox15.Text + ", );", con);
         sc.ExecuteNonQuery();
         MessageBox.Show(" Data successfully saved ");
         con.Close();
      }
   }
}

Posted 22-Apr-14 22:42pm

Er Aslam Khan

Updated 22-Apr-14 22:50pm

phil.o

v2

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2014-04-22T22:51:00

Loads and loads of candidates there...

But the one problem you have noticed is probably lack of matching quotes, and teh comma before the closing bracket of the SQL query...

But don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. It'll make your code safer, easier to read, and get rid of your problem, all in one fell swoop.

C#

SqlCommand sc = new SqlCommand(" insert into Company Values(@C1, @C2, @C3...)", con);
sc.Parameters.AddWithValue("@C1", textBox2.Text);
sc.Parameters.AddWithValue("@C2", textBox3.Text);
sc.Parameters.AddWithValue("@C3", textBox4.Text);
...

Replace the C1, C2 etc. with sensible mnemonics for your column names.

And please, don't use VS default names for everything - it makes code hard to read and unreliable: if you call "textBox2" "tbUsername" or whatever then your code becomes more self documenting.
It's also a very good idea to name the columns you are trying to INSERT into SQL - it makes it work better even if your DB gets changed.

phil.o · Answer 2 · 2014-04-22T23:06:00

There are several things wrong with your SQL query:

- An INSERT query should be:

SQL

INSERT INTO [Table] (Column1, Column2, .., ColumnN) VALUES (..)

Obviously, you forgot to mention which columns you want to populate.

- Construction a SQL statement by concatenating strings obtained from user inputs is really a bad habit that you should get rid of as soon as possible; because it leaves your code opened to SQL injection attacks.

- You should give your variables some meaningful names instead of the default ones. That would make your code easier to read, understand and debug.

Regarding these two points, your code should more be like:

C#

private void button4_Click(object sender, EventArgs e)
{
   using (SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename= C:\Users\Sharoon\Documents\Visual Studio 2010\Projects\Demo\Demo\bin\Debug\Demo.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"))
   {
      con.Open();
      using (SqlCommand sc = new SqlCommand("INSERT INTO Company(Column1, Column2, Comun3, Column4, Column5, Column6, Column7, Colmun8, Column9, Column10, Column11, Column12, Column13, Column14) VALUES (@column1, @column2, @column3, @column4, @column5, @column6, @column7, @column8, @column9, @column10, @column11, @column12, @column13, @column14)"))
      {
         cmd.Parameters.AddWithValue("@column1", textBox2.Text);
         cmd.Parameters.AddWithValue("@column2", textBox3.Text);
         cmd.Parameters.AddWithValue("@column3", textBox4.Text);
         cmd.Parameters.AddWithValue("@column4", textBox5.Text);
         cmd.Parameters.AddWithValue("@column5", textBox6.Text);
         cmd.Parameters.AddWithValue("@column6", textBox7.Text);
         cmd.Parameters.AddWithValue("@column7", textBox8.Text);
         cmd.Parameters.AddWithValue("@column8", textBox9.Text);
         cmd.Parameters.AddWithValue("@column9", textBox10.Text);
         cmd.Parameters.AddWithValue("@column10", textBox11.Text);
         cmd.Parameters.AddWithValue("@column11", textBox12.Text);
         cmd.Parameters.AddWithValue("@column12", textBox13.Text);
         cmd.Parameters.AddWithValue("@column13", textBox14.Text);
         cmd.Parameters.AddWithValue("@column14", textBox15.Text);
         sc.ExecuteNonQuery();
         MessageBox.Show(" Data successfully saved ");
      }
   }
}

But be careful! Some of the columns may not hold string values, but integers, or datetimes, instead.
Then you have to make sure the corresponding text value in the textbox is convertible to the type of the column in the database, and convert it before passing it to the AddWithValue method.

For an integer value, for example, this would give something like:

C#

int result;
if (int.TryParse(textBox2.Text, out result)) {
   // TextBox text is convertible to Int32, so go on
   cmd.Parameters.AddWithValue("@column1", result);
}
else {
   // TextBox text is not convertible to Int32, so you have to handle it
   // Usually exit the method with a relevant error message
}

Hope this helps. Good luck!

neeraj_ · Answer 3 · 2014-04-22T22:52:00

namespace Demo
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}

private void button4_Click(object sender, EventArgs e)
{
SqlConnection con= new SqlConnection
con=(@"Data Source=.\SQLEXPRESS;AttachDbFilename= C:\Users\Sharoon\Documents\Visual Studio 2010\Projects\Demo\Demo\bin\Debug\Demo.mdf ;Integrated Security=True;Connect Timeout=30;User Instance=True");
con.Open();
SqlCommand sc = new SqlCommand(" insert into Company Values('" + textBox2.Text + ",'" + textBox3.Text + ",'" + textBox4.Text + ",'" + textBox5.Text + ",'" + textBox6.Text + ",'" + textBox7.Text + ",'" + textBox8.Text + ",'" + textBox9.Text + ",'" + textBox10.Text + ",'" + textBox11.Text + ",'" + textBox12.Text + ",'" + textBox13.Text + ",'" + textBox14.Text + ",'" + textBox15.Text + ", );", con);
sc.ExecuteNonQuery();
MessageBox.Show(" Data successfully saved ");
con.Close();
}
}

try this

in this code sytax errror is occur when sc.excecute non query line is debng what is the probs any one can help me

3 solutions

Solution 1

Solution 3

Solution 2

Add your solution here

Preview 0