stackoom
  简体   繁体   中英

sql statement does not work on specific table

 原文  2014-08-20 21:26:21       c#/ sql/ ms-access

Question

I Have a website which creates new order and saves shopping bag items into database. The thing is that insert into,select,update,delete sentences are working in all my tables except one, i think i wrote the sentence perfectly but its still throw excption that says something wrong with the sentence. 

string OrderSql = string.Format(@"
    INSERT INTO Order ([UserID],[DayMonthYear],[PriceToPay],[StatusID],[AdressToSend]) 
    VALUES ({0},{1},{2},{3},'{4}')",
 UserId, DateTime.Now, Price, 1, Address);

at first i thought the problem may be found at the db so i copied my db into new once still doesnt working i would send the relationship between tables but i need 10 rep..

2 answers

solution1
 1 ACCPTED  2014-08-20 21:34:37

It looks like you have two issues. Firstly as @juergen points out in the comments order is a reserved word so you'll need to enclose it in square brackets. Secondly, you don't have the date enclosed in quotes. So your code should read: 

string OrderSql = string.Format(@"INSERT INTO [Order] ([UserID],[DayMonthYear],[PriceToPay],[StatusID],[AdressToSend]) 
VALUES ({0},'{1}',{2},{3},'{4}')", UserId, DateTime.Now, Price, 1, Address);

Note the square brackets around Order and the single quotes around {1} .

However , you are open to SQL Injection attacks using that code so I would strongly suggest you read up on using parameterized queries. @DJ KRAZE has added a link in the comments to this question which should point you in the right direction.

solution2
 1  2014-08-20 21:44:23

you can also create a method call it and do something like this. This would require that you create a stored procedure with the @Parameters shown in this example ** if this is Access then petelids Answer will be a great starting point if this is SQL Server then what I have posted would work for you 

private void InsertMyData(string UserId, DateTime DayMonthYear, double Price, string Address)
{ 
    using (SqlConnection connection = new SqlConnection(connectionString))
    {
        SqlCommand cmd = new SqlCommand("INSERT INTO [Order] ([UserID],[DayMonthYear],[PriceToPay],[StatusID],[AdressToSend]) 
                                         VALUES (@UserId, @DayMonthYear, @Price, 1, @Address)";
        cmd.CommandType = CommandType.Text;
        cmd.Connection = connection;
        cmd.Parameters.AddWithValue("@UserId", UserId);
        cmd.Parameters.AddWithValue("@DayMonthYear", DayMonthYear);
        cmd.Parameters.AddWithValue("@PriceToPay", Price);
        cmd.Parameters.AddWithValue("@StatusID", 1);
        cmd.Parameters.AddWithValue("@AdressToSend", Adress);
        connection.Open();
        cmd.ExecuteNonQuery();
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why this SQL insert into table statement does not work in C#? sql does not work for specific query c# Cassandra bulk insert statement does not work on specific machine How to iterate through SQL select statement results and update a specific table SQL Delete Statement does not work with selecting a row from a dataGridView if statement does not work in c# Why this lock statement does not work Update Statement in SQLCommand does not work Does threads work with an await statement? SQL (local) does not work
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM