about ExecuteNonQuery in C#

Question

what happened to this code? when i run this its error below...

Server Error in '/WebSite5' Application.

Incorrect syntax near 's'.
Unclosed quotation mark after the character string ')'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near 's'.
Unclosed quotation mark after the character string ')'.

Source Error:

Line 62:         // SqlCommand  cm = new SqlCommand("insert into profile values('" +cls.Text +"','" +semester.Text +"')", con);
Line 63:         //con.Open();
Line 64:         cmd.ExecuteNonQuery();
Line 65:        //cm.ExecuteNonQuery();
Line 66:        // con.Close();

and my code is......

using System;

using System.Collections;

using System.Configuration;

using System.Data;

using System.Linq;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.HtmlControls;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Xml.Linq;

using System.Data.SqlClient;

public partial class courses : System.Web.UI.Page

{

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);

protected void Page_Load(object sender, EventArgs e)

{

con.Open();

}

protected void Button1_Click(object sender, EventArgs e)

{

SqlCommand cmd = new SqlCommand("insert into profile values('"+name.Text+ "','" +fname.Text+ "','"+ep.Text+ "','"+cls.Text+ "','"+semester.Text+ "')", con);

cmd.ExecuteNonQuery();

string s1 = string.Empty;

foreach (ListItem item in this.checkbox.Items)

{

if (item.Selected)

{

s1 = item.ToString();

SqlCommand com = new SqlCommand("Insert into profile(courseId) values('" + s1 + "')", con);

com.ExecuteNonQuery();

}

} Response.Write("Inserted Successfully");

}

romasha ali · Answer

here is my project kindly help me out as soon as possible...

Riddhi Valecha · Answer

HI... can you share your project ?? It will be easier to do modifications in it directly..

Jignesh Trivedi · Answer

hi I think there is problem with a data which was you are trying to inject. I means to say there is special character in your data such as single Quate ('). to avoid this you can use Parameterized Query or double quate instead of single. SqlCommand cmd = new SqlCommand(insert into profile values('+name.Text.Replace(' '')+ '' +fname.Text.Replace(' '')+ ''+ep.Text.Replace(' '')+ ''+cls.Text.Replace(' '')+ ''+semester.Text.Replace(' '')+ ') con); same as second query. Please refer for parameterized query. http://csharp-station.com/Tutorial/AdoDotNet/Lesson06 http://johnhforrest.com/2010/10/parameterized-sql-queries-in-c/ hope this will help you.

Riddhi Valecha · Answer

Hi... Take this code- ---- using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class courses : System.Web.UI.Page { SqlConnection con; protected void Page_Load(object sender EventArgs e) { con = new SQLConnection(); string s = ConfigurationManager.ConnectionStrings[ConnectionString].ConnectionString); con.Connection = s; con.Open(); } protected void Button1_Click(object sender EventArgs e) { string s1=insert into profile(column1 column2column3)values('+name.text.ToString()+''+fname.text.ToString()+' '+ep.text.ToString()+'); SqlCommand cmd = new SqlCommand(s1con); int i = cmd.ExecuteNonQuery(); if(i>0) { Response.Write(Inserted Successfully); con.Close(); } string s1 = string.Empty; foreach (ListItem item in this.checkbox.Items) { if (item.Selected) { s1 = item.ToString(); string s2 = update profile set courseId='+s2.ToString()+' where ID=max(ID); SqlCommand com = new SqlCommand(s2con); com.ExecuteNonQuery(); } } Response.Write(Inserted Successfully); } } ------------- The next query should be Update Query if you are inserting values in the same row. This code works well. Check it out.

about ExecuteNonQuery in C#

Server Error in '/WebSite5' Application.

Incorrect syntax near 's'.Unclosed quotation mark after the character string ')'.

Incorrect syntax near 's'.
Unclosed quotation mark after the character string ')'.