how to avoid this error?
-
I am trying to add a record to MySql using C# and MySql .net connectors. The field is varchar and I am using this as sql command statement:
insert_command = "INSERT INTO cdr_log (cdr_raw) VALUES ('" + cdr_raw + "')";
but I am getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0')' at line 1 because sometimes my cdr_log will look like this: 09/11/11 07:18PM 299 02 19751002 00:00'04 so how can I avoid the error? Thanks, Jassim
-
I am trying to add a record to MySql using C# and MySql .net connectors. The field is varchar and I am using this as sql command statement:
insert_command = "INSERT INTO cdr_log (cdr_raw) VALUES ('" + cdr_raw + "')";
but I am getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0')' at line 1 because sometimes my cdr_log will look like this: 09/11/11 07:18PM 299 02 19751002 00:00'04 so how can I avoid the error? Thanks, Jassim
You can use parameters, something like this:
cmd.CommandText = "INSERT INTO cdr_log (cdr_row) values (?p_cdr_raw)";
cmd.Parameters.Add("p_cdr_raw", MySqlDbType.VarChar);...
cmd.Parameters["p_cdr_raw"].Value = cdr_raw; //suppose cdr_raw is the variable with the value you want to insert
cmd.ExecuteNonQuery();
-
I am trying to add a record to MySql using C# and MySql .net connectors. The field is varchar and I am using this as sql command statement:
insert_command = "INSERT INTO cdr_log (cdr_raw) VALUES ('" + cdr_raw + "')";
but I am getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0')' at line 1 because sometimes my cdr_log will look like this: 09/11/11 07:18PM 299 02 19751002 00:00'04 so how can I avoid the error? Thanks, Jassim
jrahma wrote:
so how can I avoid the error?
The tick is a special character. You are ignoring that possibility. That is the cause of the error. There can be other special characters as well. As noted in the other reply you should use parameter replacement, which many database APIs (different types, different programming languages) provide. If you absolutely cannot do that then you would need to either 1. Determine what special characters exist for your database and deal with them yourself. 2. Limit all input to a known safe set of characters and verify each input value FIRST before attempting to use it in SQL.