hi all i m trying to insert in my datbase this query but it is giving error at the line myCommand.ExecuteNonQuery();
myConnection.Open();
String insertCmd = "insert into CRtable(@.CR_NO, @.Asset_Type, @.PortIDNew, @.SpecialRequest, @.MovePortFrom, @.MovePortTo, @.MoveHardware, @.MoveSoftware, @.AllSelected, @.SpecialSoftwarePort, @.SpecialSoftwares, @.OtherSoftwares, @.FolderName, @.FolderPurpose, @.FolderUserIds, @.FolderRetentionPeriod, @.SpecialAccessOnExistFolder, @.AcessType, @.ExistFolderUserId, @.SpecialAcessOnIntranet, @.InternetUserId, @.MailId, @.HeadSet, @.Requester, @.RequestDateTime, @.Dept, @.PurposeOfCrForm, @.RequestedPort, @.ecode, @.qty, @.process, @.cost_evaluation, @.capital_exp, @.tat)";
SqlCommand myCommand = new SqlCommand(insertCmd,myConnection);myCommand.Parameters.Add("@.CR_NO",crm1);
myCommand.Parameters.Add("@.Asset_Type",StrAssetType2+StrAssetType);
myCommand.Parameters.Add("@.PortIdNew",StrPorts);
myCommand.Parameters.Add("@.SpecialRequest",StrSpecialRequest);
myCommand.Parameters.Add("@.MovePortFrom",txtAssetMovementFrom);
myCommand.Parameters.Add("@.MovePortTo",txtAssetMovementTo);
myCommand.Parameters.Add("@.MoveHardware",StrAssetHardware);
myCommand.Parameters.Add("@.MoveSoftware",StrAssetSoftware);
myCommand.Parameters.Add("@.AllSelected", StrAssetStatus);
myCommand.Parameters.Add("@.SpecialSoftwarePort",StrSpecialSoftwarePort);
myCommand.Parameters.Add("@.SpecialSoftwares",StrSpecialSoftware);
myCommand.Parameters.Add("@.OtherSoftwares",StrOtherSoftware);
myCommand.Parameters.Add("@.FolderName",StrFolderName);
myCommand.Parameters.Add("@.FolderPurpose","");//
myCommand.Parameters.Add("@.FolderUserIds",StrFolderUserId);
myCommand.Parameters.Add("@.FolderRetentionPeriod",StrFolderRetentionDays);
myCommand.Parameters.Add("@.SpecialAccessOnExistFolder","");//
myCommand.Parameters.Add("@.AcessType",StrAcessType);
myCommand.Parameters.Add("@.ExistFolderUserId",StrExistFolderUserId);
myCommand.Parameters.Add("@.SpecialAcessOnIntranet","");//
myCommand.Parameters.Add("@.InternetUserId","");//
myCommand.Parameters.Add("@.MailId","");//
myCommand.Parameters.Add("@.HeadSet","");//
myCommand.Parameters.Add("@.Requester",StrRequest);
myCommand.Parameters.Add("@.RequestDateTime",time);
myCommand.Parameters.Add("@.Dept",StrDept);
myCommand.Parameters.Add("@.PurposeOfCrForm",StrPurpose);
myCommand.Parameters.Add("@.RequestedPort"," ");//
myCommand.Parameters.Add("@.ecode",ecode);
myCommand.Parameters.Add("@.qty",quantity);
myCommand.Parameters.Add("@.process",proces);
myCommand.Parameters.Add("@.cost_evaluation",cost);
myCommand.Parameters.Add("@.capital_exp"," ");//
myCommand.Parameters.Add("@.tat",tat);
try
{
myCommand.ExecuteNonQuery();
}
catch (SqlException er)
{
Response.Write(er.StackTrace);
}
myConnection.Close();
}
the error mwssage is following
Line 1: Incorrect syntax near ')'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Line 1: Incorrect syntax near ')'.
Source Error:
Line 182:// try
Line 183:// {
Line 184: myCommand.ExecuteNonQuery();
Line 185:// }
Line 186:// catch (SqlException er)
Source File: c:\inetpub\wwwroot\cr request form\crpreview1.aspx.cs Line: 184
why this is occuring?
The correct structure for an INSERT statement is like this:INSERT INTO someTable(column1, columns2)VALUES (@.param1, @.param2)|||hi thanks for ur response but there is another problem actully I am passing some values in a parameter as blank resulting in incorrect formation of my InsertString.
it is be getting build as
"insert ito table values('val1',val2',)
Resulting in Error.But I have to pass these null values depending upon the Requet.Querystring form another page.It can be any value or it can not have any value .what should i do for it?|||hi the command run properly but the values r not inserting in the table .
what will be there.my query is
string insertCmd="insert into CRtable('" + crm1 + "','" + StrAssetType2 + StrAssetType +"','" + StrPorts + "','" + StrSpecialRequest + "','" + txtAssetMovementFrom + "','" + txtAssetMovementTo + "','" + StrAssetHardware + "','" + StrAssetSoftware + "','" + StrAssetStatus + "','" + StrSpecialSoftwarePort + "','" + StrSpecialSoftware + "','" + StrOtherSoftware + "','" + StrFolderName + "','" + null + "','" + StrFolderUserId + "','" + StrFolderRetentionDays + "','" + null + "','" + StrAcessType + "','" + StrExistFolderUserId + "','" + null + "','" + null + "','" + null + "','" + null + "','" + StrRequest + "','" + time + "','" + StrDept + "','" + StrPurpose + "','" + null + "','" + ecode + "','" + quantity + "','" + proces + "','" + cost + "','" + null + "'," + tat + ")";
but no insertion in table.|||
I agree with tmorton , first please make sure you use correct T-SQL syntax in your query. For example if you want to insert a row with some null fields, you should use such query:
insert into mytable(column1,column2,column3) values('val1',null,'val3')
|||for those string variable, use ' ' for the value
www.cyberxforum.com
|||
ruchipunetha:
hi the command run properly but the values r not inserting in the table .
what will be there.my query is
string insertCmd="insert into CRtable('" + crm1 + "','" + StrAssetType2 + StrAssetType +"','" + StrPorts + "','" + StrSpecialRequest + "','" + txtAssetMovementFrom + "','" + txtAssetMovementTo + "','" + StrAssetHardware + "','" + StrAssetSoftware + "','" + StrAssetStatus + "','" + StrSpecialSoftwarePort + "','" + StrSpecialSoftware + "','" + StrOtherSoftware + "','" + StrFolderName + "','" + null + "','" + StrFolderUserId + "','" + StrFolderRetentionDays + "','" + null + "','" + StrAcessType + "','" + StrExistFolderUserId + "','" + null + "','" + null + "','" + null + "','" + null + "','" + StrRequest + "','" + time + "','" + StrDept + "','" + StrPurpose + "','" + null + "','" + ecode + "','" + quantity + "','" + proces + "','" + cost + "','" + null + "'," + tat + ")";but no insertion in table.
Again, the correct syntax is:
INSERT INTO someTable(column1, columns2)VALUES (@.param1, @.param2)Note that I used parameters, and note that there are 2 parts: column names and values to assign to those columns. Do not build a SQL statement like that, from data supplied by a UI. It is insecure.|||
i reckon that used parameters can prevent SQL injection hack..
www.cyberxforum.com
|||
i reckon that used parameters can prevent SQL injection hack..
Yes, that's correct.|||i agree with u but the crm1 are string variable not constant i cannot put them in single quoto.
No comments:
Post a Comment