I am doing project in VB.NET and backend is mysql
Can you please tell me where the error is occured
Public Sub ins()
con.Open()
Dim cmd1 As New OdbcCommand("insert into party values('" + pcode_txt.Text + "','" + Trim(UCase(name_txt.Text)) + "','" + Trim(UCase(addr_txt.Text)) + "','" + phone_txt.Text + "','" + combo_route.SelectedItem + "','" + combo_area.SelectedItem + "'", con)
cmd1.ExecuteNonQuery()
con.Close()
End Sub
The error i get is:
ERROR [42000] [MySQL][ODBC 3.51 Driver][mysqld-5.6.24]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
you miss the closing parenthesis for the values list:
Dim cmd1 As New OdbcCommand("insert into party values('" + pcode_txt.Text + "','" + Trim(UCase(name_txt.Text)) + "','" + Trim(UCase(addr_txt.Text)) + "','" + phone_txt.Text + "','" + combo_route.SelectedItem + "','" + combo_area.SelectedItem + "')", con)
My answer is perfectly fit to your question but as suggested in the comments have clear that string concatenation is not a dependable way to build queries.
A more secure solution is based on parameters. If possible avoid the creation of sql code in the application and rely upon server statements (stored procedures and/or views).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.