Incorrect syntax near 'Ascending'.

Question

0.00/5 (No votes)

See more:

i am making a search page in which user can search books from database by fields name,author or category.here is my code

XML

<%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage2.master" AutoEventWireup="true" CodeFile="search.aspx.cs" Inherits="search" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <form id="form1" runat="server">
    <asp:Label ID="Label1" runat="server"
        style="z-index: 1; left: 397px; top: 355px; position: absolute; font-family: Georgia; font-weight: 700; font-size: medium; right: 421px">Keyword:</asp:Label>
    <asp:TextBox ID="txtkey" runat="server"
        style="z-index: 1; left: 489px; top: 352px; position: absolute; width: 177px"></asp:TextBox>
    <asp:Label ID="Label2" runat="server"
        style="font-family: Georgia; font-size: medium; font-weight: 700; z-index: 1; left: 400px; top: 418px; position: absolute; right: 421px"
        Text="OrderBy:"></asp:Label>
    <asp:DropDownList ID="ddlorderby" runat="server"
        style="z-index: 1; left: 489px; top: 417px; position: absolute">
        <asp:ListItem>Name</asp:ListItem>
        <asp:ListItem>Author</asp:ListItem>
        <asp:ListItem>Category</asp:ListItem>
    </asp:DropDownList>
    <asp:DropDownList ID="ddlorder" runat="server"
        style="z-index: 1; left: 570px; top: 417px; position: absolute">
        <asp:ListItem>ascending</asp:ListItem>
        <asp:ListItem>descending</asp:ListItem>
    </asp:DropDownList>
    <asp:Button ID="btnsearch" runat="server" onclick="btnsearch_Click"
        style="z-index: 1; left: 680px; top: 411px; position: absolute; right: 183px; height: 30px"
        Text="Search" />
    <asp:GridView ID="gvbooks" runat="server" BackColor="White"
        BorderColor="#336666" BorderStyle="Double" BorderWidth="3px" CellPadding="4"
        GridLines="Horizontal"
        style="z-index: 1; left: 404px; top: 486px; position: absolute; height: 184px; width: 381px">
        <FooterStyle BackColor="White" ForeColor="#333333" />
        <HeaderStyle BackColor="#336666" Font-Bold="True" ForeColor="White" />
        <PagerStyle BackColor="#336666" ForeColor="White" HorizontalAlign="Center" />
        <RowStyle BackColor="White" ForeColor="#333333" />
        <SelectedRowStyle BackColor="#339966" Font-Bold="True" ForeColor="White" />
        <SortedAscendingCellStyle BackColor="#F7F7F7" />
        <SortedAscendingHeaderStyle BackColor="#487575" />
        <SortedDescendingCellStyle BackColor="#E5E5E5" />
        <SortedDescendingHeaderStyle BackColor="#275353" />
    </asp:GridView>
    </form>
</asp:Content>

and here is code behind file:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Configuration;
using System.Data.SqlClient;
using System.Data;

public partial class search : System.Web.UI.Page
{
    SqlConnection sqlconpubs;
    SqlDataAdapter sqldasearch;
    DataSet dsetsearch;
    DataTable dtablesearch;
    string tablename;
    string searchfield;
    protected void Page_Load(object sender, EventArgs e)
    {
        try
        {
            sqlconpubs = new SqlConnection(WebConfigurationManager.ConnectionStrings["dbcon"].ConnectionString);
            sqlconpubs.Open();
            sqldasearch = new SqlDataAdapter();
            dsetsearch = new DataSet();
            tablename = "books";
            searchfield = ddlorderby.Text;
            Additems(tablename);
            gvbooks.DataSource = null;
            gvbooks.DataBind();
        }
        catch (Exception ex)
        {
            Response.Write("Error:" + ex.Message);
        }
    }
    protected void Additems(string table)
    {
        sqldasearch = new SqlDataAdapter("select * from " + table, sqlconpubs);
        sqldasearch.Fill(dsetsearch, table);
        ddlorderby.Items.Clear();
        dtablesearch = dsetsearch.Tables[table];
        ddlorderby.DataSource = dtablesearch.Columns;
        ddlorderby.DataBind();
    }
    protected void btnsearch_Click(object sender, EventArgs e)
    {
        try
        {
            string selectcommand;
            if (txtkey.Text == "")
                selectcommand = "select * from " + tablename + " order by " + searchfield + " " + ddlorder.SelectedItem.Value;
            else
                selectcommand = "select * from " + tablename + " where " + searchfield + " like '" + txtkey.Text + "%' order by " + searchfield + " " + ddlorder.SelectedItem.Value;
            sqldasearch = new SqlDataAdapter(selectcommand, sqlconpubs);
            dsetsearch.Clear();
            sqldasearch.Fill(dsetsearch, tablename);
            dtablesearch = dsetsearch.Tables[tablename];
            gvbooks.DataSource = dtablesearch;
            gvbooks.DataBind();
            ddlorderby.Text = searchfield;
        }
        catch (Exception ex)
        {
            Response.Write("error:" + ex.Message);
        }


    }
}

But i am getting error Incorrect syntax near 'Ascending'.please help

Posted 8-Nov-13 6:21am

Karn Singh

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ron Beyer · Accepted Answer · 2013-11-08T06:24:00

In SQL, Ascending is used in the abbreviated term ASC. So your query would look something like:

SQL

SELECT * FROM MyTable ORDER BY MyColumn ASC

Edit:

You should really avoid string concatenation as a method for constructing your SQL queries. If I were to type into your search box:

blah%'; DROP TABLE books; --

Your entire books table would be deleted. This is the easy scenario, the hacker could also get all of your user credentials, passwords, email addresses, etc, before deleting the entire database and leaving you wondering what the hell happened.

Learn to use the SqlCommand and the parameters, it will save you from a lot of headache. Good to get the right way to do things now, even if you are only using this as a practice project at home. No need to develop bad habits.