Exception Details: System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement.
Source Error:
Line 168: comm.Parameters.Add(param);
Line 169:
Line 170: int totalCount = comm.ExecuteNonQuery();
Line 171: conn.Close();
Line 172:
I keep getting the error message "Syntax error in INSERT INTO statement" when the code run to the following method:
protected void makeOrder()
{
OleDbConnection conn = new OleDbConnection();
conn.ConnectionString = ConfigurationManager.ConnectionStrings["onlineStoreConnString"].ConnectionString;
conn.Open();
OleDbCommand comm = conn.CreateCommand();
comm.CommandText = "INSERT INTO Order (UserID, ProductID, OrderDate, ProductQty, IsCart) VALUES(?, ?, ?, ?, ?)";
OleDbParameter param;
param = comm.CreateParameter();
param.DbType = DbType.String;
param.Direction = ParameterDirection.Input;
param.Value = Int32.Parse(Session["LoggedInId"].ToString());
comm.Parameters.Add(param);
param = comm.CreateParameter();
param.DbType = DbType.String;
param.Direction = ParameterDirection.Input;
param.Value = Int32.Parse(Request.QueryString["id"].ToString());
comm.Parameters.Add(param);
param = comm.CreateParameter();
param.DbType = DbType.String;
param.Direction = ParameterDirection.Input;
param.Value = DateTime.Now.ToString();
comm.Parameters.Add(param);
param = comm.CreateParameter();
param.DbType = DbType.String;
param.Direction = ParameterDirection.Input;
param.Value = Int32.Parse(txtQty.Text);
comm.Parameters.Add(param);
param = comm.CreateParameter();
param.DbType = DbType.String;
param.Direction = ParameterDirection.Input;
param.Value = true;
comm.Parameters.Add(param);
int totalCount = comm.ExecuteNonQuery();
conn.Close();
}
The database is MS Access, and the data type of the attributes are UserID: Number,
ProductID: Number,
OrderDate: Long Text,
ProductQty: Number
IsCart: Yes/No
I have been sticking in this bug for couple hours, any can help me find it? Thanks.
Order
is very likely to be a reserved word in your database engine, since it's a keyword in SQL queries. You need to enclose your identifiers to prevent them from being mistaken as keywords. Depending on your database engine, it might be something like this:
INSERT INTO [Order] (UserID, ProductID, OrderDate, ProductQty, IsCart) VALUES(?, ?, ?, ?, ?)
or this:
INSERT INTO `Order` (UserID, ProductID, OrderDate, ProductQty, IsCart) VALUES(?, ?, ?, ?, ?)
or perhaps even something else (again, depending on your database).
Technically you can (and may even want to) enclose all of your identifiers, for a variety of reasons:
INSERT INTO [Order] ([UserID], [ProductID], [OrderDate], [ProductQty], [IsCart]) VALUES(?, ?, ?, ?, ?)
This could be for consistency, for protection against further ambiguity (unlikely, but possible), or even for a very slight performance improvement in the query parsing (which could be important in aggregate for high-volume situations).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.