urgent
-
hi please help me i have designed a form in asp.net with sqlserver. India US UK Canada SqlConnection con=new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"','"+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery(); con.Close(); i am getting this error Incorrect syntax near 'India' please help me
jai prakash
-
hi please help me i have designed a form in asp.net with sqlserver. India US UK Canada SqlConnection con=new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"','"+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery(); con.Close(); i am getting this error Incorrect syntax near 'India' please help me
jai prakash
Missing to enclose query ")" after coun Best Regard Pathan -- modified at 5:30 Friday 24th August, 2007
---------------------------------------------------
-
hi please help me i have designed a form in asp.net with sqlserver. India US UK Canada SqlConnection con=new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"','"+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery(); con.Close(); i am getting this error Incorrect syntax near 'India' please help me
jai prakash
-
hi please help me i have designed a form in asp.net with sqlserver. India US UK Canada SqlConnection con=new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"','"+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery(); con.Close(); i am getting this error Incorrect syntax near 'India' please help me
jai prakash
Hai, Just my small suggestion..This is a regular problem when using the SQl query in this way and is considered a bad programming practice.. You can make it better and free from error by doing it like below. SqlConenction con = new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd = new SqlCommand("insert into jai(name,age,genter,country) values(@name,@age,@genter,@country)",con); cmd.Parameters.Add("@name",SqlDbType.Char).Value = Txtname.Text; cmd.Parameters.Add("@age",SqlDbType.Int).Value = int.Parse(Txtage.Text); cmd.Parameters.Add("@genter",SqlDbType.Char).Value = txtgender.Text cmd.Parameters.Add("@country",SqlDbType.Char).Value = coun; cmd.ExecuteNonQuery(); This will help you a lot when doing queries with large number of parameters. Hope this helps Laddie
-
hi please help me i have designed a form in asp.net with sqlserver. India US UK Canada SqlConnection con=new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"','"+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery(); con.Close(); i am getting this error Incorrect syntax near 'India' please help me
jai prakash
jai aswitha wrote:
SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"',' "+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery();
If this example is only for some demonstration purpose, then this is ok. You can accept the suggestion given by first poster. But if you are using this in a online server, It looks like you are very closer to SQL Injection Attacks. You should never write queries like this, use parameterized queries or stored procedures. To know regarding the attacks check this[^] excellent article.
-
hi please help me i have designed a form in asp.net with sqlserver. India US UK Canada SqlConnection con=new SqlConnection("database=anand;server=sdiserver;uid=sa;pwd=sa"); con.Open(); SqlCommand cmd=new SqlCommand("Insert into jai(name,age,gender,conntry)values('"+Txtname.Text+"','"+Txtage.Text+"','"+txtgender.Text+"','"+coun+"'",con); cmd.ExecuteNonQuery(); con.Close(); i am getting this error Incorrect syntax near 'India' please help me
jai prakash
Amongst all syntax and semantic errors that I would like to guide you in this query, the first and foremost to suggest you is that you should take remedial steps to solve the aggressive SQLInjection vulnerability that is blatantly visible in this code snippet.:)
Vasudevan Deepak Kumar Personal Homepage Tech Gossips
-
Amongst all syntax and semantic errors that I would like to guide you in this query, the first and foremost to suggest you is that you should take remedial steps to solve the aggressive SQLInjection vulnerability that is blatantly visible in this code snippet.:)
Vasudevan Deepak Kumar Personal Homepage Tech Gossips
Amongst all syntax and semantic errors that I would like to guide you in this query, the first and foremost to suggest you is that you should take remedial steps to solve the aggressive SQLInjection vulnerability that is blatantly visible in this code snippet. ...not to say anything about the sa account name and password. :-D