Click here to Skip to main content
13,150,544 members (35,263 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
hi , iam using asp.net 4.0 with c# with mysql

iam passing this value for date column 1/23/2013 8:46:08 AM datetime column is giving error

incorrect syntax error.
table name is pack


CUSTOMER_PHONE VARCHAR(20)
IN_DATE datetime
STATE TINYINT
PACK_CODE VARCHAR(50)
FK_SIZE TINYINT
PAY_CODE VARCHAR(50)
OPEN_CODE VARCHAR(50)
SEND_CODE VARCHAR(50)


MySqlConnection con = new MySqlConnection(constring);
MySqlCommand cmd = new MySqlCommand("insert into pack(CUSTOMER_PHONE ,IN_DATE,STATE ,PACK_CODE ,FK_SIZE ,PAY_CODE ,OPEN_CODE,SEND_CODE)values('" + Convert.ToString(txtPhoneNo.Text) + "'," + Convert.ToDateTime(txtInDate.Text) + "," + Convert.ToInt16(0) + ",'" + Convert.ToString(txtPackCode.Text) + "'," + Convert.ToInt16(ddlSize.SelectedItem.Vlue) + ",'" + Convert.ToString(0) + "','" + Convert.ToString(txtopencode.Text) + "'")", con);
 
        if (cmd.ExecuteNonQuery() != 0)
        {
            con.Close();
 
            Label1.Text = "Stored Successfully..";
        }
        else { Label1.Text = "Error";
        }




please give me idea to solve this issue.
Posted 23-Jan-13 1:54am
Updated 19-Sep-17 4:35am
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

They will also help to solve your problem: Pass the DateTime value as a parameter and MySql will accept it directly - how you are doing is converting a text string to a DateTime, then converting that back to a string, then passing that to MySql - which doesn't like it much, because it contains a space.
MySqlCommand cmd = new MySqlCommand("insert into pack(CUSTOMER_PHONE ,IN_DATE,STATE ,PACK_CODE ,FK_SIZE ,PAY_CODE ,OPEN_CODE,SEND_CODE)values(@CPN, @IND, @STA, @PKC, @FKS, @PAY, @OPC, @SNC)", con);
cmd.Parameters.AddWithValue("@CPN", txtPhoneNo.Text);
cmd.Parameters.AddWithValue("@IND", Convert.ToDateTime(txtInDate.Text));
cmd.Parameters.AddWithValue("@STA", 0);
cmd.Parameters.AddWithValue("@PKC", txtPackCode.Text);
cmd.Parameters.AddWithValue("@FKS", Convert.ToInt16(ddlSize.SelectedItem.Vlue));
cmd.Parameters.AddWithValue("@PAY", 0);
cmd.Parameters.AddWithValue("@OPC", txtopencode.Text);
I also suspect that "Vlue" should be "Value" but that's up to you...
  Permalink  
Comments
developerit 26-Jan-13 6:17am
   
thank a lot for CodeProject Team finally it helped me......
OriginalGriff 26-Jan-13 6:23am
   
You're welcome!
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

MySQL:
In MySQL you need to pass DateTime in 24 hr format.
eg: if you want to update/insert "1/23/2013 8:46:08 AM".
you need to pass like "2013-01-23 08:46:08".
  Permalink  
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy |
Web03 | 2.8.170924.2 | Last Updated 19 Sep 2017
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100