Where is the error ?

Vector7

SqlCommand cmd = null; cmd = connDB.CreateCommand(); cmd.CommandText = "INSERT INTO MandantMC (" + "Mand, " + "MID, " + "VALUES " + "(?,?)"; cmd.Parameters.Add("Mand", txtBoxMandant.Text.ToString()); cmd.Parameters.Add("MID", txtBoxKürzel.Text.ToString()); cmd.ExecuteNonQuery(); The connDB works. But this code does not. I try to get data from textboxes to SQL DB. If I make hardcoded code like : ... VALUES ('W','Y') then it works. But if I want data from controls, there is an error while passing cmd.ExcecuteNonQuery(). Also if I insert the ' ( within an own string ) it doesn't work. Only ' works in CommandText. Any sols ?

Steven Campbell

The SqlClient uses named parameters, so you need to use @Mand and @MID instead of the ?'s in your sql string. In addition, you may need to specify @ when adding the parameters.

---

my blog

Heath Stewart

Yes, you do need to specify "@" before the parameter names when adding them to the SqlCommand.Parameters collection property. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles] [My Blog]

Vector7

SqlCommand cmd = null; cmd = connDB.CreateCommand(); cmd.CommandText = "INSERT INTO MandantMC (" + "Mand, " + "MID, " + "VALUES " + "(?,?)"; cmd.Parameters.Add(@"Mand", txtBoxMandant.Text.ToString()); cmd.Parameters.Add(@"MID", txtBoxKürzel.Text.ToString()); ??? I tested it, still doesn't work. Also placed it in CommandText and instead the ? with Parameter Names

Heath Stewart

You really should read the SqlParameter documentation. The solution is:

SqlCommand cmd = cmd.connDB.CreateCommand();
cmd.CommandText = @"INSERT INTO MandantMC (
Mand,
MID
VALUES (@Mand, @MID)";
cmd.Parameters.Add("@Mand", SqlDbType.NVarChar, 40).Value = txtBoxMandant.Text;
cmd.Parameters.Add("@MID", SqlDbType.NVarChar, 40).Value = txtBoxKürzel.Text;

Notice the placement of "@". These are used for the parameter names. Replace "NVarChar" with whatever string type you defined in your SQL Server table and "40" with whatever length you defined for each column. Also, why are you using Text.ToString()? The Control.Text (inheritted by every derivative of Control like TextBox) is already a string. You're wasting CPU time on unnecessary instructions. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles] [My Blog]

Vector7

Thank you ! Remember my first code ? Here the new CommandText cmd.CommandText = @"INSERT INTO MandantMC (Mand,MID) VALUES (@Mand,@MID)"; Only 1 Line used. My last code doesn't work in multiple lines seperated by "+". Don't understand it...maybe compiler has problems with translating. I never use toString on Textboxes. It was only for testing purpose while SQL Error occured. Also waste of typing ;)

Heath Stewart

You shouldn't use string concatentation and "@" together. The literal character, "@", is so that you don't have to escape special characters (like backslashes) or so that your text can span multiple lines. Both your original code and my example of using "@" (but honestly, such a short SQL command is easier to read as a single line) would compile. Your only problem is that in the first code you posted you had a comma after MID which may cause a SqlException to be thrown; it's an extraneous comma. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles] [My Blog]