Click here to Skip to main content
14,040,432 members
Rate this:
 
Please Sign up or sign in to vote.
I am write the update query in asp.net. when i update it shows the
Incorrect syntax near '@

error is here
Line 82:                 cmd.Parameters.AddWithValue("@repass", repass.Text);
Line 83:                 cmd.Parameters.AddWithValue("@imagelink", imagelink);
Line 84:                 cmd.ExecuteNonQuery();
Line 85:                 con.Close();
Line 86: 



my table definition is:
Regist_ID	numeric(18, 0)	Unchecked
Name	nvarchar(100)	Unchecked
ParentsName	nvarchar(100)	Checked
DOB	nvarchar(MAX)	Checked
Gender	nvarchar(MAX)	Checked
ContactsNo	nvarchar(50)	Checked
EmailID	nvarchar(100)	Checked
Address	nvarchar(MAX)	Checked
Hobbies	nvarchar(MAX)	Checked
Password	nvarchar(50)	Checked
Re_Password	nvarchar(50)	Checked
Profile_IMG	nvarchar(MAX)	Checked


What I have tried:

SqlConnection con = new SqlConnection(@"Data Source=Home-PC\SQLEXPRESS;Initial Catalog=KARATE-ACADEMY;Integrated Security=True");
               con.Open();
               String update = "update StdRegistration_db set Name= @name,ParentsName= @parentsname,DOB= @DOB,Gender=@Gender,ContactsNo= @contacts ,EmailID= @email,Address=address @,Hobbies= @activity,Password= @password,Re_Password= @repass ,Profile_IMG= @imagelink where  Name='" + Session["Name"].ToString() + "'";
               SqlCommand cmd = new SqlCommand(update, con);
               cmd.Parameters.AddWithValue("@name", name.Text);
               cmd.Parameters.AddWithValue("@parentsname", parentsname.Text);
               cmd.Parameters.AddWithValue("@DOB", DOB.Text);
               cmd.Parameters.AddWithValue("@Gender", Gender);
               cmd.Parameters.AddWithValue("@contacts", contacts.Text);
               cmd.Parameters.AddWithValue("@email", email.Text);
               cmd.Parameters.AddWithValue("@address", address.Text);
               cmd.Parameters.AddWithValue("@activity", activity);
               cmd.Parameters.AddWithValue("@password", password.Text);
               cmd.Parameters.AddWithValue("@repass", repass.Text);
               cmd.Parameters.AddWithValue("@imagelink", imagelink);
               cmd.ExecuteNonQuery();
               con.Close();
Posted
Updated 19-Feb-19 22:44pm
Comments
Richard MacCutchan 20-Feb-19 4:26am
   
I do not think you need the ‘@‘ characters in the parameter names. Check the documentation to be sure.
Member 14083059 20-Feb-19 4:49am
   
sir i write the same query its work well for inserting
Richard MacCutchan 20-Feb-19 5:44am
   
My mistake, but you did not explain which statement the error message referred to.
CHill60 20-Feb-19 5:49am
   
Having looked at the query again you appear to be storing passwords in plain text in your database. That is very bad practice. See these articles to understand why and what to do about it
Password Storage: How to do it.[^]
Salted Password Hashing - Doing it Right[^]
Richard Deeming 20-Feb-19 8:40am
   
Why are you using nvarchar(max) for the Gender column? Even if you want to be as inclusive as Facebook, and provide 71 options for the user to choose from, none of them will need 1 billion characters to describe them.

And assuming DOB is the user's date of birth, you should be storing that as a date, not a string. Not only will the proper data type take up less room, it will also avoid invalid or ambiguous dates from entering your database.
MadMyche 20-Feb-19 10:15am
   
Way too much nvarchar(max)

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

In your query you have
Address=address @,
That should read
Address=@address,
Whilst I commend you for using a parameterised query, why oh why do you go and ruin it by introducing a SQL Injection risk with
where  Name='" + Session["Name"].ToString() + "'";
That should be something like
where  Name=@SessionName";
and you will need
cmd.Parameters.AddWithValue("@sessionname", Session["Name"].ToString());
   
Comments
Member 14083059 20-Feb-19 5:08am
   
i have used above changes now it shows this error @CHill60

The parameterized query '(@name nvarchar(13),@parentsname nvarchar(4000),@DOB nvarchar(10' expects the parameter '@Gender', which was not supplied.
CHill60 20-Feb-19 5:45am
   
But you have the line of code
cmd.Parameters.AddWithValue("@Gender", Gender);
still there?
MadMyche 20-Feb-19 6:23am
   
This could be caused if Gender is null.
CHill60 20-Feb-19 7:57am
   
Good call!
Member 14083059 20-Feb-19 9:34am
   
i know sir and i used it for not null Gender
this code : protected void rdb1_CheckedChanged1(object sender, EventArgs e)
{
Gender = "Male";
}
protected void rdb2_CheckedChanged1(object sender, EventArgs e)
{
Gender = "Female";
}
public string Gender
{
get;
set;
}
but it still shows same error above.
MadMyche 20-Feb-19 9:46am
   
And if neither of those button events fire what is the value?
Maybe you should try
cmd.Parameters.AddWithValue("@Gender", Gender ?? "not checked");
Member 14083059 20-Feb-19 9:58am
   
Thank You sir now it is work well!!
@CHill60,@MadMyche
CHill60 20-Feb-19 11:02am
   
Nice one. Virtual 5

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web03 | 2.8.190425.1 | Last Updated 20 Feb 2019
Copyright © CodeProject, 1999-2019
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100