Click here to Skip to main content
14,634,077 members
Rate this:
Please Sign up or sign in to vote.
See more:
I am updating my record by taking the value from label9 but i am getting an error "Incorrect syntax near '(' ". I have checked each and every line of code but unfortunately failed to solve this problem. I don't know where the problem is.following is my code.

SqlCommand insertingbill = new SqlCommand();
               insertingbill.CommandText = "Update customerdetails set(bill)value('"+label9.Text+"') where contactnumber='" + textBox2.Text + "'";
               insertingbill.Connection = con;
               insertingbill.ExecuteNonQuery();
Posted
Rate this:
Please Sign up or sign in to vote.

Solution 1

Your update statement is incorrect, see below.

Also, concatenating string values is a dangerous way to run a query. You are leaving yourself open to Sql injection[^]. Use parameterized queries[^] instead.

SqlCommand insertingbill = new SqlCommand();
               insertingbill.CommandText = "Update customerdetails set bill =@bill where contactnumber=@contactNumber";
               insertingbill.Parameters.AddWithValue("@contactNumber",textBox2.Text);
               insertingbill.Parameters.AddWithValue("@bill",label9.Text);
               insertingbill.Connection = con;
               insertingbill.ExecuteNonQuery();
   
v3
Comments
Sergey Alexandrovich Kryukov 28-Mar-14 18:15pm
   
Sure, 5ed.
—SA
Richard C Bishop 28-Mar-14 18:22pm
   
Thank you Sergey.
Rate this:
Please Sign up or sign in to vote.

Solution 2

Your query formatting is incorrect.
Assuming the field value is bill, use
insertingbill.CommandText = "Update customerdetails set bill = ('"+label9.Text+"') where contactnumber='" + textBox2.Text + "'";
   
v2
Comments
Syed Daniyal Ali 28-Mar-14 14:10pm
   
Ok Abhinav S... Thanks alot
PIEBALDconsult 28-Mar-14 15:21pm
   
Richard's answer is better in the long run.
Rate this:
Please Sign up or sign in to vote.

Solution 3

insertingbill.CommandText = "Update customerdetails set bill='"+label9.Text+"' where contactnumber='" + textBox2.Text + "'";
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100