I am getting this error:
Syntax error (missing operator) in query expression '10'
My code:
string MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age =" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
System.Data.OleDb.OleDbCommand o_command3 = new System.Data.OleDb.OleDbCommand(MySQL3, o_con);
o_con.Open();
o_command3.ExecuteNonQuery();
o_con.Close();
BTW I know my code is prone to SQL Injection attack, but this is for my school project so it doesn't really matter.
The problem is here
age =" + Request.Form["age"] + "+ "'
It should be
age =" + Request.Form["age"] + ", pass =
and
MySQL3 += " Where uName ='" + Session["uname"];
should be
MySQL3 += " Where uName ='" + Session["uname"] +"'";
String MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age ='" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
Just try above code.
Hope this will helps.
Related
Can Any one help me to write a query by which i can fetch a record with specific date having specific value of a column. this query given below giving records with specific value but not filtering the date.
sql = "Select * from solarleads where Phone = '" + c_id.Text + "' OR AgentName Like '" + c_id.Text + "%' OR CallStatus Like '%" + c_id.Text + "%' OR CenterId = '" + c_id.Text + "' And Date >= '" + date1.Text + "' AND Date <='" + date2.Text + "' ORDER BY Id DESC ;";
You need to bracket the set of ORed conditions.
sql = "Select * from solarleads
where ( Phone = '" + c_id.Text + "' OR AgentName Like '" + c_id.Text + "%'
OR CallStatus Like '%" + c_id.Text + "%'
OR CenterId = '" + c_id.Text + "' )
And Date >= '" + date1.Text + "' AND Date <='" + date2.Text + "'
ORDER BY Id DESC ;"
Separate and condition by parenthesis, like -
sql = "Select * from solarleads where " +
"(Phone = '" + c_id.Text + "' " +
"OR AgentName Like '" + c_id.Text + "%' " +
"OR CallStatus Like '%" + c_id.Text + "%' " +
"OR CenterId = '" + c_id.Text + "' ) " +
"(And Date >= '" + date1.Text + "' AND Date <='" + date2.Text + "' )" +
"ORDER BY Id DESC ;";
Also check - Mysql or/and precedence?
I want to insert data in two different table on button click. So there are 2 insert queries with different credentials. The first insert query working properly but second is not executing. Here what I tried.
Try
Dim str1 As String = "INSERT INTO yogaClasses (`yogaID`,`name`, `category`, `websiteName`, `email`, `phone1`, `phone2`, `mobileNumber`, `buildingName`, `streetName`, `landmark`, `areaName`, `city`, `State`, `zipCode`, `address`, slotTime1From, `slotTime1To`, `slotTime2From`, `slotTime2To`, fees, `overview`, `establishment`, `newBatchStart`, `yogaType`, `facilities`, payment, `status`, `username`, `password`) values ('" + ID + "','" + name + "', '" + businessCategory + "', '" + website + "', '" + email + "', '" + phoneNo1 + "', '" + phoneNo2 + "', '" + mobileNumber + "', '" + building + "', '" + street + "', '" + landpoint + "', '" + area + "', '" + city + "', '" + stateName + "', '" + zipCode + "', '" + fulladdress + "', '" + slot1A + "', '" + slot1B + "', '" + slot2A + "', '" + slot2B + "', '" + feesPay + "', '" + about + "', '" + foundYear + "', '" + startnewBatch + "', '" + selectedYoga + "', '" + selectedFacility + "', '" + payments + "', 'active', '" + mobileNumber + "', '" + membersAutoPassword.Text + "')"
Dim str2 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str1
command.Connection = con
adapter.SelectCommand = command
con.Open()
str2 = command.ExecuteReader
con.Close()
Response.Redirect("business-added.aspx")
Catch ex As Exception
Response.Write(ex)
End Try
Try
Dim str2 As String = "INSERT INTO yogaAgeGroup (`6-15`, `16-20`, `21-25`, `26-30`, `31-35`, `35+`, `yogaID`) values('" + ageup1.Text + "', '" + ageup2.Text + "', '" + ageup3.Text + "', '" + ageup4.Text + "', '" + ageup5.Text + "', '" + ageup6.Text + "', '" + TextId.Text + "')"
Dim str3 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str2
command.Connection = con
adapter.SelectCommand = command
con.Open()
str3 = command.ExecuteReader
con.Close()
Catch ex As Exception
Response.Write(ex)
End Try
The second query not executing. What I am doing wrong in this? Or Is it possible to execute both query in one?
Problem (in your 1st query)
con.Close()
Response.Redirect("business-added.aspx")
Move this line after second query con.Close()
Response.Redirect("business-added.aspx")
Because this line will redirect you to another page, so the rest of code won't be execute
i'm currently making a guide tool. i connected to my accdb file and all works fine.
Now i want wo select the Name of Monster who drops item XY.
the monster has 19 drop fields , namen from a_item_0 to a_item_19.
my query is:
string query = "SELECT a_name FROM waffen WHERE a_item_0= "
+ textBox21.Text + "' OR a_item_1= '" + textBox21.Text
+ "' OR a_item_2= '" + textBox21.Text + "' OR a_item_3 = '"
+ textBox21.Text + "' OR a_item_4= '" + textBox21.Text
+ "' OR a_item_5= '" + textBox21.Text + "' OR a_item_6= '"
+ textBox21.Text + "' OR a_item_7 = '"
+ textBox21.Text + "' OR a_item_8 = '" + textBox21.Text
+ "' OR a_item_9 = '" + textBox21.Text + "' OR a_item_10 = '"
+ textBox21.Text + "' OR a_item_11 = '" + textBox21.Text
+ "' OR a_item_12 = '" + textBox21.Text + "' OR a_item_13 = '"
+ textBox21.Text + "' OR a_item_14 = '" + textBox21.Text
+ "' OR a_item_15 = '" + textBox21.Text + "' OR a_item_16 = '"
+ textBox21.Text + "' OR a_item_17 = '" + textBox21.Text + "' OR a_item_18 = '"
+ textBox21.Text + "' OR a_item_19 = '" + textBox21.Text + ";";
Maybe someone sees the error i look for more than 2 hours now...
I think you've missed the first and last string delimiters
string query = "SELECT a_name FROM waffen WHERE a_item_0= '" + textBox21.Text
+ "' OR a_item_1= '" + textBox21.Text + "' OR a_item_2= '" + textBox21.Text
+ "' OR a_item_3 = '" + textBox21.Text + "' OR a_item_4= '" + textBox21.Text
+ "' OR a_item_5= '" + textBox21.Text + "' OR a_item_6= '" + textBox21.Text
+ "' OR a_item_7 = '" + textBox21.Text + "' OR a_item_8 = '" + textBox21.Text
+ "' OR a_item_9 = '" + textBox21.Text + "' OR a_item_10 = '" + textBox21.Text
+ "' OR a_item_11 = '" + textBox21.Text + "' OR a_item_12 = '" + textBox21.Text
+ "' OR a_item_13 = '" + textBox21.Text + "' OR a_item_14 = '" + textBox21.Text
+ "' OR a_item_15 = '" + textBox21.Text + "' OR a_item_16 = '" + textBox21.Text
+ "' OR a_item_17 = '" + textBox21.Text + "' OR a_item_18 = '" + textBox21.Text
+ "' OR a_item_19 = '" + textBox21.Text + "';";
Looks like you might be missing the very first singe-quote in your query string.
WHERE a_item_0= '" + textBox21.Text + "'
I'm getting the title error when attempting to execute the following:
sInsertInto = "INSERT INTO 5why (date, op_id, serial, why1, why2, why3, why4, why5, root_cause, lessons) VALUES (" + _
"'" + f_date + "', " + _
"'eccross', " + _
" '" + f_partnum + "', " + _
" '" + f_first + "', " + _
" '" + f_second + "', " + _
" '" + f_third + "', " + _
" '" + f_fourth + "', " + _
" '" + f_fifth + "', " + _
" '" + f_root + "'" + _
" '" + f_lessons + "'" + _
")"
The value count should be fine here; but its not for whatever reason and I cannot get this error to resolve.
You seem to be missing a comma, specifically after the f_root line. I would think this would be a syntax error due to the two strings 'f_root' 'f_lessons', but I guess not.
Your query is vulnerable to injection. You should be using parameterized queries with prepared statements. Depending upon the variable values, this may also be the problem.
Stuggling a bit here. Trying to develop the code to link user input into my database, in the form of a book record. for example the user would be asked to enter their name address etc. But the code I have used does not seem to execute because I continually get the same error.
Line 12: Dim con As New SqlConnection
Line 13: Dim inscmd As New SqlCommand
Line 14: con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("Database.My.MySettings.Database1ConnectionString1").ConnectionString
Line 15: con.Open()
Line 16: inscmd.CommandText = ("insert into booking values('" + txtfirstname.Text + "', " + txtSurname.Text + "', " + txtAddressline1.Text + "', " + txtAddressline2.Text + "', " + txtPostcode.Text + "', " + txtTime.Text + "', " + txtPeople.Text + "', " + txtDropoff1.Text + "', " + txtDropoff2.Text + "', " + txtDropoffpost.Text + "")
It is line 14 that contains the error but I dont know why. This is my code;
Protected Sub btnsubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnsubmit.Click
Dim con As New SqlConnection
Dim inscmd As New SqlCommand
con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("Database.My.MySettings.Database1ConnectionString1").ConnectionString
con.Open()
inscmd.CommandText = ("insert into booking values('" + txtfirstname.Text + "', " + txtSurname.Text + "', " + txtAddressline1.Text + "', " + txtAddressline2.Text + "', " + txtPostcode.Text + "', " + txtTime.Text + "', " + txtPeople.Text + "', " + txtDropoff1.Text + "', " + txtDropoff2.Text + "', " + txtDropoffpost.Text + "")
Print(inscmd.CommandText)
inscmd.Connection = con
inscmd.ExecuteNonQuery()
con.Close()
inscmd.Parameters.Clear()
MsgBox("Your booking has been successfully")
con.Close()
End Sub
Hopefully this will help you ( insert your code where need to )
Dim con As New SqlConnection
Dim myConString As String = getSQLString() ' GET YOUR CON String
' my function looks like this when returned
"Server=ServerExactLocationPath;Database=DataBase;User Id=UserName;Password=Password;"
Dim objcommand As SqlCommand = New SqlCommand
'con.ConnectionString = myConString
With objcommand
.Connection = con
Dim cmdText As String = ""
cmdText = "Insert into SitesStatus (SiteNumber,StatusName,Date,ByUser) values ('" & site & "','" & status & "','" & System.DateTime.Today.ToString("MM/dd/yyyy") & "','" & dbUiInitials & "')"
'PUT YOUR INSERT ABOVE
.CommandText = cmdText
End With
con.ConnectionString = myConString
con.Open()
objcommand.ExecuteNonQuery()
con.Close()
Catch ex As Exception
End Try
Return Nothing
insert into booking values('" + txtfirstname.Text + "', " + txtSurname.Text + "', " + txtAddressline1.Text + "', " + txtAddressline2.Text + "', " + txtPostcode.Text + "', " + txtTime.Text + "', " + txtPeople.Text + "', " + txtDropoff1.Text + "', " + txtDropoff2.Text + "', " + txtDropoffpost.Text + "
should be
insert into booking values('" + txtfirstname.Text + "', '" + txtSurname.Text + "', '" + txtAddressline1.Text + "', '" + txtAddressline2.Text + "', '" + txtPostcode.Text + "', " + txtTime.Text + "', '" + txtPeople.Text + "', '" + txtDropoff1.Text + "', '" + txtDropoff2.Text + "', '" + txtDropoffpost.Text + "')"
You should use the connection string wizard in the Project Settings window. Then try the test connection button, Make sure the type of the setting is ConnectionString
You should be able to get the connection string using this syntax if things are set up right.
con.ConnectionString = my.Settings.Database1ConnectionString1
strSQL = "INSERT INTO user_account_details" & _
"(lastname,firstname,middlename,usertype,reg_date_time,status)" & _
" VALUES ( " & _
" '" & txtLName.Text & "', " & _
" '" & txtFName.Text & "' , " & _
" '" & txtMName.Text & "' , " & _
" '" & cboUserType.Text & "' , " & _
" '#" & Now & "#', " & _
" 'Inactive' " & _
")"