Additional information: Incorrect syntax near 'Graneya'. Unclosed quotation mark after the character string ')'
Question
An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Incorrect syntax near 'Graneya'.
Unclosed quotation mark after the character string ')'.
When I executed my program it gives me such error;
This is my code:
private void btnKaydet_Click(object sender, EventArgs e) {
StringBuilder name = new StringBuilder();
foreach (Control cont in this.grpbxIstenenAnalizler.Controls) {
if (cont is CheckBox && ((CheckBox)cont).Checked == true) {
name.Append(((CheckBox)cont).Text.ToString() + " ");
}
}
sqlcon.Open();
SqlCommand sqlcmd = new SqlCommand("INSERT INTO TBL_NUMUNEKAYITDEFTERI(NUMUNEADI, NUMUNEGONDEREN) VALUES('" + cmbxNumuneCinsi.Text + "'" + cmbxGonderen.Text + "')", sqlcon);
sqlcmd.ExecuteNonQuery();
sqlcon.Close();
MessageBox.Show("Kayıt OK");
}
Please advise
3 answers
solution1
1 2015-05-04 13:18:36
Change
SqlCommand sqlcmd = new SqlCommand("INSERT INTO TBL_NUMUNEKAYITDEFTERI(NUMUNEADI, NUMUNEGONDEREN) VALUES('" + cmbxNumuneCinsi.Text + "'" + cmbxGonderen.Text + "')", sqlcon);
to
SqlCommand sqlcmd = new SqlCommand("INSERT INTO TBL_NUMUNEKAYITDEFTERI(NUMUNEADI, NUMUNEGONDEREN) VALUES('" + cmbxNumuneCinsi.Text + "','" + cmbxGonderen.Text + "')", sqlcon);
Note
VALUES('" + cmbxNumuneCinsi.Text + "','" + cmbxGonderen.Text + "')"
Also, to avoid SQL Injection , you should use parameterized queries , rather than string concatenation.
solution2
0 2015-05-04 13:19:05
I think you missed a comma that's why your values part will be only one character since you concatenate them.
('" + cmbxNumuneCinsi.Text + "'" + cmbxGonderen.Text + "')"
should be
('" + cmbxNumuneCinsi.Text + "', '" + cmbxGonderen.Text + "')"
But more important;
You should always use parameterized queries . This kind of string concatenations are open for SQL Injection attacks. Also use using statement to dispose your SqlConnection and SqlCommand auto instead of calling .Close() or .Dispose() methods manually.
I assume your columns are nvarchar , you can use;
using(var sqlcon = new SqlConnection(conString))
using(var sqlcmd = sqlcon.CreateCommand())
{
sqlcmd.CommandText = "INSERT INTO TBL_NUMUNEKAYITDEFTERI(NUMUNEADI, NUMUNEGONDEREN) VALUES(@ad, @gonderen)";
sqlcmd.Parameters.Add("@ad", SqlDbType.NVarChar).Value = cmbxNumuneCinsi.Text;
sqlcmd.Parameters.Add("@gonderen", SqlDbType.NVarChar).Value = cmbxGonderen.Text;
sqlcon.Open();
sqlcmd.ExecuteNonQuery();
}
solution3
0 2015-05-04 13:24:12
You should use parameters to reduce errors.
SqlCommand cmd = new SqlCommand(
"INSERT INTO TBL_NUMUNEKAYITDEFTERI(NUMUNEADI, NUMUNEGONDEREN) VALUES(@numuneCinsi, @numunegonderen)", sqlcon);
cmd.Parameters.Add(new SqlParameter("@numuneCinsi", "firstValue"));
cmd.Parameters.Add(new SqlParameter("@numunegonderen", "secondValue"));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.