Invalid SQL syntax when trying to insert a row to the database
Question
I am getting this error: System.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near '12'.
The error occurs on the pbkDB.ExecuteNonQuery(dbCommand) line.
#region Enhancements_Update
private static bool Enhancements_Update(DataRow dr)
{
bool inserted = false;
DateTime dt;
Database pbkDB = DatabaseFactory.CreateDatabase("PbKConnectionString");
try
{
ChargeCode = dr["ChargeCode"].ToString().Trim();
NcicCode = dr["NcicCode"].ToString().Trim();
Description = String.IsNullOrEmpty(dr["Description"].ToString().Trim()) ? null : dr["Description"].ToString().Trim();
MachCr = String.IsNullOrEmpty(dr["MachCr"].ToString().Trim()) ? null : dr["MachCr"].ToString().Trim();
EnterUserId = String.IsNullOrEmpty(dr["EnterUserId"].ToString().Trim()) ? "KSCONV" : dr["EnterUserId"].ToString().Trim();
EnterDate = DateTime.TryParse(dr["EnterDate"].ToString(), out dt) ? dt : DateTime.Now;
UpdateUserId = String.IsNullOrEmpty(dr["UpdateUserId"].ToString().Trim()) ? "KSCONV" : dr["UpdateUserId"].ToString().Trim();
UpdateDate = DateTime.TryParse(dr["UpdateDate"].ToString(), out dt) ? dt : DateTime.Now;
EnactedDate = DateTime.TryParse(dr["EnactedDate"].ToString(), out dt) ? dt : DateTime.Now;
if (DateTime.TryParse(dr["RepealedDate"].ToString(), out dt))
RepealedDate = dt;
else
RepealedDate = null;
UsageType = String.IsNullOrEmpty(dr["UsageType"].ToString().Trim()) ? null : dr["UsageType"].ToString().Trim();
LanguageFile = String.IsNullOrEmpty(dr["LanguageFile"].ToString().Trim()) ? null : dr["LanguageFile"].ToString().Trim();
MachChar = String.IsNullOrEmpty(dr["MachCr"].ToString().Trim()) ? null : dr["MachChar"].ToString().Trim();
NotesOnUse = String.IsNullOrEmpty(dr["NotesOnUse"].ToString().Trim()) ? null : dr["NotesOnUse"].ToString().Trim();
SentenceSeverity = String.IsNullOrEmpty(dr["SentenceSeverity"].ToString().Trim()) ? null : dr["SentenceSeverity"].ToString().Trim();
DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format(@"Update tblCtStateChargeNcic set Description = '{2}', MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5}, UpdateUserId = '{6}', UpdateDate {7}, EnactedDate {8}, RepealedDate = {9}, UsageType = '{10}', LanguageFile = '{11}', MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}' where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode, NcicCode, Description, MachCr, EnterUserId, EnterDate, UpdateUserId, UpdateDate, EnactedDate, RepealedDate, UsageType, LanguageFile, MachChar, NotesOnUse, SentenceSeverity));
// error occurs here!
pbkDB.ExecuteNonQuery(dbCommand);
inserted = true;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
return inserted;
}
#endregion
4 answers
solution1
6 2013-10-28 20:09:10
You should use sql parameters instead of building the string yourself.
Any way, this is your error:
UpdateDate {7}, EnactedDate {8}
You are missing = :
UpdateDate = {7}, EnactedDate = {8}
solution2
3 ACCPTED 2013-10-28 20:07:18
你错过了= for UpdateDate {7},EnactedDate {8}
solution3
2 2013-10-28 20:22:49
The problem is that date values must be enclosed in quotes (apostrophes, most likely).
Your string is improperly formatted.
For the record, using strings to create SQL statements is a horrible idea. Use a parameterized query, and add the parameter values with the AddParameterWithValue method. This sort of string splicing is a prime candidate for a SQL injection attack.
solution4
1 2013-10-28 20:09:36
Change:
DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format
(@"Update tblCtStateChargeNcic set Description = '{2}',
MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5},
UpdateUserId = '{6}', UpdateDate {7}, EnactedDate {8},
RepealedDate = {9}, UsageType = '{10}', LanguageFile = '{11}',
MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}'
where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode,
NcicCode, Description, MachCr, EnterUserId, EnterDate,
UpdateUserId, UpdateDate, EnactedDate, RepealedDate,
UsageType, LanguageFile, MachChar, NotesOnUse,
SentenceSeverity));
To:
DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format
(@"Update tblCtStateChargeNcic set Description = '{2}',
MachCr = '{3}', EnterUserId = '{4}', EnterDate = {5},
UpdateUserId = '{6}', UpdateDate = {7}, EnactedDate = {8},
RepealedDate = {9}, UsageType = '{10}', LanguageFile = '{11}',
MachChar = '{12}', NotesOnUse = '{13}', SentenceSeverity = '{14}'
where ChargeCode = '{0}' AND NcicCode = '{1}')", ChargeCode,
NcicCode, Description, MachCr, EnterUserId, EnterDate,
UpdateUserId, UpdateDate, EnactedDate, RepealedDate,
UsageType, LanguageFile, MachChar, NotesOnUse,
SentenceSeverity));
You left out the '=' for UpdateDate and EnactedDate .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
“Invalid column name” when trying to insert data into database using SQL
Why am I getting an SQL Syntax error when trying to insert data into a row?
Catch SqlException throwing error invalid syntax when trying to add data to sql database through button click event
Invalid column name when trying to insert alphanumeric value into database
SQL Syntax error when trying to insert array values of a Datatable
SQL insert syntax, database not updating
Invalid column name when inserting a row to sql database
Open connection trouble when trying to insert data into SQL Server database
DataTimePicker and Checkbox insert to database - Error SQL Syntax
when insert dateTime object from C# code to Sql Server database the syntax format is change
Related Tags