Click here to Skip to main content
15,902,891 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I'm currently facing a problem when trying to execute my database i get the following error

C#
Syntax error (missing operator) in query expression '2016/01/04 12:35:08 PM'.



For the following code:

C#
private static void Insert(ReadEmailEvent ReadEmailevent)
       {
           OleDbConnection conn = GetConnection();
           String MyString = @"INSERT INTO Table1( [TimeIn], [TypeOfRequest])
           VALUES(" + ReadEmailevent.ReadEmailTimeIn + ",'" + ReadEmailevent.TypeOfRequest + "')";
           OleDbCommand command = new OleDbCommand(MyString, conn);
           command.ExecuteNonQuery();
           conn.Close();
       }



In ReadEmailevent.ReadEmailTimeIn
Posted
Updated 4-Jan-16 23:23pm
v2

Never ever use string concatenation fro query creation. It enables SQL injection on your system...
How to: Execute a Parameterized Query[^]

As for your problem...
The time value passed as string but not enclosed in quotes and for that SQL try to interpret it as is and fails...
It is true that you can enclose it in quotes and solved your problem, but using parametrized query will do it better...
 
Share this answer
 
You need to quote your ReadEmailTimeIn value. Depending on the database, date values are either quoted as per text values (single quotes), or with hash symbols (#). As it stands, it is looking at it as an expression "2016 divided by 1 divided by 4 ...)

I would look at using OleDbParameter instead - much cleaner, safer, and you don't need to worry about the quoting - let the engine take care of that.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900