Click here to Skip to main content
13,139,569 members (53,121 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
SqlException (0x80131904): Incorrect syntax near '('.

string s11 = "update SessionItem(ItemName,Quantity,Price,Date,Month) set ItemName='" + TextBox7.Text + "',Quantity='" + nb + "',Price='" + TextBox9.Text + "',Date='" + dt1 + "',Month='" + month1 + "' where ItemName='" + TextBox7.Text + "' ";
 SqlCommand cmdh = new SqlCommand(s11, DbConnection.mCon);
 cmdh.ExecuteNonQuery();
Posted 17-Dec-12 0:26am
Updated 17-Dec-12 0:28am
v2
Comments
Kiran Susarla 17-Dec-12 6:30am
   
I am assuming SessionItem is your table name. Why are you specifying the column names after SessionItem?
vishnumca123 17-Dec-12 6:32am
   
string s11 = "update SessionItem set ItemName='" + TextBox7.Text + "',Quantity='" + nb + "',Price='" + TextBox9.Text + "',Date='" + dt1 + "',Month='" + month1 + "' where ItemName='" + TextBox7.Text + "' ";
SqlCommand cmdh = new SqlCommand(s11, DbConnection.mCon);
cmdh.ExecuteNonQuery();
ravuravu 17-Dec-12 6:36am
   
am specifying because of more fields in it,but am updating the selected fields so that am specifying the fields
ravuravu 17-Dec-12 6:41am
   
yes thats the correct way
ravuravu 17-Dec-12 6:42am
   
i correct it
thank u kiran and vishnumcal
Sanjay K. Gupta 17-Dec-12 6:53am
   
Hi ravuravu,
Please tell me who has taught you to pass SQL Parameters like this way???
I am searching for the person (or any source). Please.
ravuravu 18-Dec-12 6:17am
   
am a fresher am studying myself searching like net,books etc.its ma mistake,
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

The format of an UPDATE command is not the same as an INSERT:
UPDATE <table_name> SET <field>=<new value>,<field... WHERE ...


Having said that, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

[edit]Forgot to encode HTML, grr. - OriginalGriff[/edit]



"sir pls show an example for parameterized queries"


using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand com = new SqlCommand("UPDATE myTable SET myColumn1=@C1, myColumn2=@C2 WHERE Id=@ID", con))
        {
        com.Parameters.AddWithValue("@ID", id);
        com.Parameters.AddWithValue("@C1", myValueForColumn1);
        com.Parameters.AddWithValue("@C2", myValueForColumn2);
        com.ExecuteNonQuery();
        }
    }
  Permalink  
v4
Comments
ravuravu 17-Dec-12 6:37am
   
sir pls show an example for parameterized queries
OriginalGriff 17-Dec-12 6:42am
   
Answer updated
ravuravu 17-Dec-12 6:44am
   
thanks for sending the parameterized queries
OriginalGriff 17-Dec-12 6:49am
   
You're welcome!
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

string s11 = "update SessionItem set ItemName='" + TextBox7.Text + "',Quantity='" + nb + "',Price='" + TextBox9.Text + "',Date='" + dt1 + "',Month='" + month1 + "' where ItemName='" + TextBox7.Text + "' ";
 SqlCommand cmdh = new SqlCommand(s11, DbConnection.mCon);
 cmdh.ExecuteNonQuery();


Note: For better performance and security make a good habbit to use parameterized query.


Thanks
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy |
Web03 | 2.8.170915.1 | Last Updated 18 Dec 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100