I am receiving an error in an SQL query in Windows Forms Application. But I don't understand where is the error in the query. It is even working in Visual Studio query script. I have attached important files below.
In my windows forms application, I am receiving an SQL error here is the screenshot.
The error is,
System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.'
Here is the function which attempts to create a row in the Alumni Table.
public void createAlumni(int id, string fname, string lname, string sid, string age, string pyear, string present_address, string permanent_address, string father, string mother, string work, string email, string password, string subtitle, string desc) {
string sql = string.Format("INSERT INTO Alumni (Id, FirstName,LastName, StudentID, Email, Password, Age, PassingYear, PresentAddress, PermanentAddress, FathersName, MothersName, WorkPlace, ProfileSubtitle, ProfileDescription, ProfilePicture, Verified) VALUES ({0}, '{1}', '{2}', '{3}', '{4}', '{5}', {6}, '{7}', '{8}', '{9}', '{10}', '{11}', '{12}', '{13}', '{14}', {15}, {16});", id, fname, lname, sid, email, password, Convert.ToInt32(age), pyear, present_address, permanent_address, father, mother, work, subtitle, desc, null, 0);
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Connection.Open();
int rowCount = cmd.ExecuteNonQuery();
if (rowCount == 0)
{
MessageBox.Show("Something went wrong");
}
else {
UpdateCount();
}
cmd.Connection.Close();
}
Argument index 15, ProfilePicture
, the value you're passing into it is null
, which is replaced by an empty space, so in your final query you have something like ..., , ...
.
Please don't use queries like this, it is always, without exception, wrong, even if you don't count SQL injection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.