I have a Incorrect syntax near '='.

Question

0.00/5 (No votes)

See more:

I am working on this project and when I go to view in browser I get this error:
Incorrect syntax near '='.

Here is the error:

C#

Server Error in '/' Application.
Incorrect syntax near '='.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '='.

Source Error:


Line 34:         SqlCommand scmd2 = new SqlCommand("Select INST_ID, INSTRUCTIO, RESEARCH, PUBLIC_SER, ACADEMIC_S, STUDENT_SE, INSTITUTIO, PHYSICAL_P, SCHOLARSHI, AUXILIARY_, HOSPITALS, INDEPENDEN, OTHEREXP, TOTASSETS, TOTLIABILITY, NoNEXPPERMRESASSETS, UNRNETASSETS, TOTALREV, TUITFEES, CURRDEBT, LONGTERMDEBT from TableFIN2012 where INST_ID = " + TextBoxSchool.Text.ToString(), con2);
Line 35:         SqlDataReader dr = scmd.ExecuteReader();
Line 36:         SqlDataReader dr2 = scmd2.ExecuteReader();
Line 37: 
Line 38:         if (dr.Read())

Here is the code:

C#

using System;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Text;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Configuration;
using System.Drawing.Printing;

public partial class FinancialProfileFormA : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {
        ButtonPrint.Attributes.Add("onclick", "window.print(); return false");

        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PasswordConnectionString"].ConnectionString);
        con.Open();

        SqlConnection con2 = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PasswordConnectionString"].ConnectionString);
        con2.Open();


        SqlCommand scmd = new SqlCommand("Select INST_ID,LongName from TableCOCINST where INST_ID = LongName" + TextBoxSchool.Text.ToString(), con);
        SqlCommand scmd2 = new SqlCommand("Select INST_ID, INSTRUCTIO, RESEARCH, PUBLIC_SER, ACADEMIC_S, STUDENT_SE, INSTITUTIO, PHYSICAL_P, SCHOLARSHI, AUXILIARY_, HOSPITALS, INDEPENDEN, OTHEREXP, TOTASSETS, TOTLIABILITY, NoNEXPPERMRESASSETS, UNRNETASSETS, TOTALREV, TUITFEES, CURRDEBT, LONGTERMDEBT from TableFIN2012 where INST_ID = " + TextBoxSchool.Text.ToString(), con2);
        SqlDataReader dr = scmd.ExecuteReader();
        SqlDataReader dr2 = scmd2.ExecuteReader();

        if (dr.Read())
        if (dr2.Read())
            {
                TextBoxSchool.Text = dr["LongName"].ToString();
                TextBoxLYInstr.Text = dr2["INSTRUCTIO"].ToString();
                TextBoxLYRes.Text = dr2["RESEARCH"].ToString();
                TextBoxLYPubS.Text = dr2["PUBLIC_SER"].ToString();
                TextBoxLYAcad.Text = dr2["ACADEMIC_S"].ToString();
                TextBoxLYStudS.Text = dr2["STUDENT_SE"].ToString();
                TextBoxLYInstiS.Text = dr2["INSTITUTIO"].ToString();
                TextBoxLYOperM.Text = dr2["PHYSICAL_P"].ToString();
                TextBoxLYSFEDA.Text = dr2["SCHOLARSHI"].ToString();
                TextBoxLYAuxE.Text = dr2["AUXILIARY_"].ToString();
                TextBoxLYHosS.Text = dr2["HOSPITALS"].ToString();
                TextBoxLYIndeO.Text = dr2["INDEPENDEN"].ToString();
                TextBoxLYOED.Text = dr2["OTHEREXP"].ToString();
                TextBoxLYTA.Text = dr2["TOTASSETS"].ToString();
                TextBoxLYTL.Text = dr2["TOTLIABILITY"].ToString();
                TextBoxLYNPRNA.Text = dr2["NoNEXPPERMRESASSETS"].ToString();
                TextBoxLYTUNA.Text = dr2["UNRNETASSETS"].ToString();
                TextBoxLYTR.Text = dr2["TOTALREV"].ToString();
                TextBoxLYTFN.Text = dr2["TUITFEES"].ToString();
                TextBoxLYCD.Text = dr2["CURRDEBT"].ToString();
                TextBoxLYLTD.Text = dr2["LONGTERMDEBT"].ToString();
                TextBoxINST_ID.Text = dr["INST_ID"].ToString();

            }
        dr.Close();
        con.Close();
        dr2.Close();
        con2.Close();

    }

    protected void ButtonSubmit_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PasswordConnectionString"].ConnectionString);
        con.Open();


        SqlCommand cmd = new SqlCommand("Insert into TableFIN2013 (INST_ID, TOTAL_REVE, INSTRUCTIO, RESEARCH, PUBLIC_SER, ACADEMIC_S, STUDENT_SE, INSTITUTIO, PHYSICAL_P, SCHOLARSHI, AUXILIARY_, HOSPITALS, INDEPENDEN, OTHEREXP, TOTASSETS, TOTLIABILITY, NoNEXPPERMRESASSETS, EXPENDABLE, UNRNETASSETS, TOTALREV, TUITFEES, CURRDEBT, LONGTERMDEBT) values (@INST_ID, @TOTAL_REVE, @INSTRUCTIO, @RESEARCH, @PUBLIC_SER, @ACADEMIC_S, @STUDENT_SE, @INSTITUTIO, @PHYSICAL_P, @SCHOLARSHI, @AUXILIARY_, @HOSPITALS, @INDEPENDEN, @OTHEREXP, @TOTASSETS, @TOTLIABILITY, @NoNEXPPERMRESASSETS, @EXPENDABLE, @UNRNETASSETS, @TOTALREV, @TUITFEES, @CURRDEBT, @LONGTERMDEBT)", con);
        con.Open();

        cmd.CommandType = CommandType.Text;

        cmd.Parameters.AddWithValue("@INST_ID", TextBoxINST_ID.Text);
        cmd.Parameters.AddWithValue("@TOTAL_REVE", TextBoxTROA.Text);
        cmd.Parameters.AddWithValue("@INSTRUCTIO", TextBoxInstr.Text);
        cmd.Parameters.AddWithValue("@RESEARCH", TextBoxRes.Text);
        cmd.Parameters.AddWithValue("@PUBLIC_SER", TextBoxPubS.Text);
        cmd.Parameters.AddWithValue("@ACADEMIC_S", TextBoxAcad.Text);
        cmd.Parameters.AddWithValue("@STUDENT_SE", TextBoxStudS.Text);
        cmd.Parameters.AddWithValue("@INSTITUTIO", TextBoxInstiS.Text);
        cmd.Parameters.AddWithValue("@PHYSICAL_P", TextBoxOperM.Text);
        cmd.Parameters.AddWithValue("@SCHOLARSHI", TextBoxSFEDA.Text);
        cmd.Parameters.AddWithValue("@AUXILIARY_", TextBoxAuxE.Text);
        cmd.Parameters.AddWithValue("@HOSPITALS", TextBoxHosS.Text);
        cmd.Parameters.AddWithValue("@INDEPENDEN", TextBoxIndeO.Text);
        cmd.Parameters.AddWithValue("@OTHEREXP", TextBoxOED.Text);
        cmd.Parameters.AddWithValue("@TOTASSETS", TextBoxTA.Text);
        cmd.Parameters.AddWithValue("@TOTLIABILITY", TextBoxTL.Text);
        cmd.Parameters.AddWithValue("@NoNEXPPERMRESASSETS", TextBoxNPRNA.Text);
        cmd.Parameters.AddWithValue("@EXPENDABLE", TextBoxETRNA.Text);
        cmd.Parameters.AddWithValue("@UNRNETASSETS", TextBoxTUNA.Text);
        cmd.Parameters.AddWithValue("@TOTALREV", TextBoxTR.Text);
        cmd.Parameters.AddWithValue("@TUITFEES", TextBoxTFN.Text);
        cmd.Parameters.AddWithValue("@CURRDEBT", TextBoxCD.Text);
        cmd.Parameters.AddWithValue("@LONGTERMDEBT", TextBoxLTD.Text);


        cmd.ExecuteNonQuery();
        con.Close();
    }
}

Any idea why this is happening?

Posted 8-Oct-13 7:42am

Computer Wiz99

Updated 8-Oct-13 7:48am

Thomas Daniels

v2

Add a Solution

Comments

Azee 8-Oct-13 13:48pm

what value does TextBoxSchool.Text return?

Computer Wiz99 8-Oct-13 13:54pm

Just the name of the school.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

mgoad99 · Accepted Answer · 2013-10-08T07:49:00

Solution 1

You need to add quotes to the SQL

Something like this should help:

C#

SqlCommand scmd2 = new SqlCommand("Select INST_ID, INSTRUCTIO, RESEARCH, PUBLIC_SER, ACADEMIC_S, STUDENT_SE, INSTITUTIO, PHYSICAL_P, SCHOLARSHI, AUXILIARY_, HOSPITALS, INDEPENDEN, OTHEREXP, TOTASSETS, TOTLIABILITY, NoNEXPPERMRESASSETS, UNRNETASSETS, TOTALREV, TUITFEES, CURRDEBT, LONGTERMDEBT from TableFIN2012 where INST_ID = '" + TextBoxSchool.Text.ToString() + "'", con2);

Posted 8-Oct-13 7:49am

mgoad99

Updated 8-Oct-13 10:24am

v3

Comments

Computer Wiz99 8-Oct-13 13:55pm

mgoad99, I did what you suggested but now I am getting this error:

Conversion failed when converting the nvarchar value 'Abilene Christian University ' to data type int.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Conversion failed when converting the nvarchar value 'Abilene Christian University ' to data type int.

Source Error:

Line 36: SqlDataReader dr2 = scmd2.ExecuteReader();
Line 37:
Line 38: if (dr.Read())
Line 39: if (dr2.Read())
Line 40: {

Source File: C:\Users\khopkins\Documents\Visual Studio 2010\Projects\SACSCOCLogin1.1\SACSCOCLogin1.1\FinancialProfileFormA.aspx.cs Line: 38

mgoad99 8-Oct-13 14:13pm

I can only guess by looking at the names of the database field in the SQL statement... but i would say that INST_ID is an integer (primary key for a school?) and you are using the textboxschool.text.tostring, which is the schools name. I hope that helps.

Thomas Daniels · Accepted Answer · 2013-10-08T07:55:00

You need to surround the value that TextBoxSchool.Text.ToString() returns with single quotes. It's also not necessary to use .ToString() on TextBoxSchool.Text, because it is already a string:

C#

SqlCommand scmd2 = new SqlCommand("Select INST_ID, INSTRUCTIO, RESEARCH, PUBLIC_SER, ACADEMIC_S, STUDENT_SE, INSTITUTIO, PHYSICAL_P, SCHOLARSHI, AUXILIARY_, HOSPITALS, INDEPENDEN, OTHEREXP, TOTASSETS, TOTLIABILITY, NoNEXPPERMRESASSETS, UNRNETASSETS, TOTALREV, TUITFEES, CURRDEBT, LONGTERMDEBT from TableFIN2012 where INST_ID = '" + TextBoxSchool.Text + "'", con2);

But it's better to use parameterized queries for this (to avoid SQL Injecton[^]):

C#

SqlCommand scmd2 = new SqlCommand("Select INST_ID, INSTRUCTIO, RESEARCH, PUBLIC_SER, ACADEMIC_S, STUDENT_SE, INSTITUTIO, PHYSICAL_P, SCHOLARSHI, AUXILIARY_, HOSPITALS, INDEPENDEN, OTHEREXP, TOTASSETS, TOTLIABILITY, NoNEXPPERMRESASSETS, UNRNETASSETS, TOTALREV, TUITFEES, CURRDEBT, LONGTERMDEBT from TableFIN2012 where INST_ID = @INST_ID", con2);
scmd2.Parameters.AddWithValue("@INST_ID", TextBoxSchool.Text);

When using parameters, you don't need to surround @INST_ID with single quotes.

Mike Meinz · Accepted Answer · 2013-10-08T07:57:00

When you use a text (string) value in a SQL statement, it must be surrounded by apostrophes (').

C#

...
...
 ...  where INST_ID = '" + TextBoxSchool.Text.ToString() + "';"

That said, it is not a best practice to embed string values from user input (textboxes) directly into SQL statements. Doing that enables SQL Injection Attacks. A best practice is to use the SQLParameter Class to pass parameters to the SQLCommand object.

Example using SQLParameter

C#

scmd2.Parameters.AddWithValue(@instid,TextBoxSchool.Text);
...
...
 ...  where INST_ID = @instid;"

I have a Incorrect syntax near '='.

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0