Update Syntax error in C#
Question
I want to update datebase with datagridview data here is my code:
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
SqlCommand cmd2 = new SqlCommand("UPDATE Pharmacy_Items Set Quantity= Quantity + " + dataGridView1.Rows[x].Cells[4].Value + " where ItemName='" + dataGridView1.Rows[x].Cells[1].Value + "'", mycon);
cmd2.ExecuteNonQuery();
x += 1;
}
it gives syntax error near where.
3 answers
solution1
3 2016-07-04 11:01:16
2 things are wrong :
tdataGridView1.Rows[x].Cells[4].Value might produce a value with a comma in it which is recognized by the database so a value of 10,4 is not seen as 10.4 but the 4 is seen as a new field
OR
some value you assign from your dataGridView is emptyUse parameters instead of building your query like this, not only is it safer but it will also fix your problem with the quantity field
example :
cmd2.CommandText = "UPDATE Pharmacy_Items Set Quantity = Quantity + @Quantity where ItemName = @ItemName";
cmd2.Parameters.AddWithValue(@Quantity, dataGridView1.Rows[x].Cells[4].Value);
cmd2.Parameters.AddWithValue(@ItemName, dataGridView1.Rows[x].Cells[1].Value);
cmd2.ExecuteNonQuery();
EDIT : the OP wants to increase the quantity field.
cmd2.CommandText = "UPDATE Pharmacy_Items Set Quantity = Quantity + @Quantity where ItemName = @ItemName";
cmd2.Parameters.AddWithValue(@Quantity, dataGridView1.Rows[x].Cells[4].Value);
cmd2.Parameters.AddWithValue(@ItemName, dataGridView1.Rows[x].Cells[1].Value);
cmd2.ExecuteNonQuery();
And if the cell can be empty you can replace the empty with 0 like this so that you just add 0 to quantity instead of getting an exception.
cmd2.CommandText = "UPDATE Pharmacy_Items Set Quantity = Quantity + @Quantity where ItemName = @ItemName";
cmd2.Parameters.AddWithValue(@Quantity, dataGridView1.Rows[x].Cells[4].Value ?? 0);
cmd2.Parameters.AddWithValue(@ItemName, dataGridView1.Rows[x].Cells[1].Value);
cmd2.ExecuteNonQuery();
solution2
0 2016-07-04 10:53:19
You should use parameters, appending strings in SQL queries is a very bad idea (SQL-Injection). Below should make the error clearer:
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
decimal qty = Convert.ToDecimal(dataGridView1.Rows[x].Cells[4].Value);
string itemName = dataGridView1.Rows[x].Cells[1].Value;
string commandText = "UPDATE Pharmacy_Items Set Quantity= Quantity + @p1 WHERE ItemName = @p2";
SqlCommand cmd2 = new SqlCommand(commandText, mycon);
cmd2.Parameters.AddWithValue("@p1", qty);
cmd2.Parameters.AddWithValue("@p2", itemName);
cmd2.ExecuteNonQuery();
}
solution3
0 2016-07-04 10:57:13
I'm going to assume that the syntax error is coming from the SQL concatenation. If so, parameterization should fix it. You can use tools like Dapper to make it trivial to parameterize correctly:
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
string itemName = (string)dataGridView1.Rows[x].Cells[1].Value;
// note: I don't know what the actual type is here; int? decimal?
int quantity = (int)dataGridView1.Rows[x].Cells[4].Value;
myCon.Execute(
"UPDATE Pharmacy_Items Set Quantity=Quantity+@quantity where ItemName=@itemName",
new { itemName, quantity });
x += 1;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.