MySqlCommand command = new MySqlCommand(selectCmd, myConnection);
command.CommandText = "SELECT idtolistsubsoorten FROM `vogelsoort` WHERE id= MAX (id)and vogelsoort.naam =#vogelsoortnam";
command.Parameters.Add("#vogelsoortnaam", MySqlDbType.VarChar).Value = vogel.Soortnaam;
reader = command.ExecuteReader();
reader.Read();
while (reader.Read())
{
string idpape = reader.;
subid = Convert.ToInt64(idpape);
}
the reader keeps returning an null value
Your SQL query has a mistake: There are two FROM commands:
SELECT idtolistsubsoorten
FROM `vogelsoort`
WHERE id= MAX (id)
FROM `vogelsoort`
and vogelsoort.naam = #vogelsoortnam
Try using this one instead:
SELECT idtolistsubsoorten
FROM `vogelsoort`
WHERE id= MAX (id)
and vogelsoort.naam = #vogelsoortnam
Also, you can try executing the query in your dbms before running it in PHP, this way you will have an error message with more verbose.
are you mistaking in query you should write single or double quotas when you use string
command.CommandText = "SELECT idtolistsubsoorten FROM `vogelsoort` WHERE id= MAX (id) and vogelsoort.naam =#vogelsoortnam";
Related
When I run this code:
string MySQL = "Select * From RegisterDatabase Where uName = '" + Request.Form["username"] +"'";
It didn't work for me, so I tried to see what the problem was and it turns out there's a comma in MySQL.
Select * From RegisterDatabase Where uName = 'Test,'
How do I fix this?
Your code is prone to SQL Injection attack.
You want to parameterized query like this -
string query = "Select * From RegisterDatabase Where uName = #username";
// Remove "," from username
string username = Request.Form["username"].ToString().Replace(",", "");
MySqlCommand command = new MySqlCommand(query);
command.Parameters.AddWithValue("#username", username);
Or some use ?username instead of #username.
Use following
Request.Form["username"].ToString().Replace(',',' ').Trim();
enter code here string customerName = Request.Form[txtSearch.UniqueID];
string customerId = Request.Form[hfCustomerId.UniqueID];
Label1.Enabled = true;
Label1.Text = customerName;
DataRow dr = GetData("SELECT * FROM actor where first_name = " +txtSearch.Text.ToString() ).Rows[0];
Document document = new Document(PageSize.A4, 88f, 88f, 10f, 10f);
Font NormalFont = FontFactory.GetFont("Arial", 12, Font.NORMAL, Color.BLACK);
Is there any problem with mysql syntax?
Correct me if i am going wrong.
While i am searching with a specified value, this runs perfectly. But creating problem when trying to pass a value.
try this:
DataRow dr = GetData("SELECT * FROM actor where first_name = '" +txtSearch.Text+"' ).Rows[0];
I created a 8 column table in SQL Server 2008. I entered data into 1st 2 column of the table and remaining columns I left allow nulls.
I am trying to add data to remaining 6 columns based on the data entered in 1st 2 columns, but I'm not able to add the data. Was leaving another 6 columns into "Allow nulls" caused this problem.
If yes, is there any solution for this?
Thanks.
string str = (#"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
try
{
String sql = "(insert into usn (firstname, lastname, password, address, bloodgrp, contactnum, email) values (#st1, #st2, #st3, #st4, #st5, #st6, #st7) WHERE usn = '" + omd + "' )";
SqlConnection conn = new SqlConnection(str);
conn.Open();
SqlCommand cmd = new SqlCommand(sql, conn);
{
cmd.Parameters.AddWithValue("#st1", TextBox1.Text);
cmd.Parameters.AddWithValue("#st2", TextBox2.Text);
cmd.Parameters.AddWithValue("#st3", TextBox3.Text);
cmd.Parameters.AddWithValue("#st4", TextBox10.Text);
cmd.Parameters.AddWithValue("#st5", TextBox6.Text);
cmd.Parameters.AddWithValue("#st6", TextBox7.Text);
cmd.Parameters.AddWithValue("#st7", TextBox8.Text);
cmd.ExecuteNonQuery();
Response.Redirect("accountcreated.aspx");
conn.Close();
}
If you already have records in your table, you need to use UPDATE, not INSERT.
So, your query should be something like
UPDATE usn
SET firstname = #st1,
lastname = #st2,
password = #st3,
address = #st4,
bloodgrp = #st5,
contactnum = #st6,
email = #st7
WHERE usn = ...
You can't INSERT into a column, you use INSERT only to put data into a table (creating a record).
So, your sql String should look something like this.
String sql = "(UPDATE usn SET firstname = #st1, lastname = #st2, password = #st3, address = #st4, bloodgrp = #st5, contactnum = #st6, email = #st7 WHERE usn = '" + omd + "' )";
im working in mvc and use sql command to insert data to my
database.
what i try to do is insert into 2 tables which one of them
have the foreign key from the other.
how can i build my sql query to make a condition on insert
into the table Image, insert the id in the foreignkey column
in the table Content.
using (SqlConnection cn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
{
SqlCommand cmd;
System.Text.StringBuilder sql = new System.Text.StringBuilder();
sql.Append("insert into Image(FileName)");
sql.Append("values (#FileName)");
SqlCommand cmd2;
System.Text.StringBuilder sql2 = new System.Text.StringBuilder();
sql.Append("insert into Code(Html,JsCode,Id_Img)");
sql.Append("values (#Html, #JsCode, #Id_Img)");
cn.Open();
cmd = new SqlCommand(sql.ToString(), cn);
cmd.Parameters.Add("#FileName", SqlDbType.VarChar).Value = myfilename;
int FileId = (int)cmd.ExecuteScalar();
cmd2 = new SqlCommand(sql2.ToString(), cn);
cmd2.Parameters.Add("#Html", SqlDbType.VarChar).Value = mydiv;
cmd2.Parameters.Add("#JsCode", SqlDbType.VarChar).Value = DBNull.Value;
cmd2.Parameters.Add("#Id_Img", SqlDbType.Int).Value = FileId;
cmd2.ExecuteNonQuery();
cn.Close();
}
I think you can use ExecuteScalar() instead ExecuteNonQuery() to get the Scope_identity() value from the server like below and add that FileId to the second query.
using (SqlConnection cn = new SqlConnection("your_connection_string"))
{
string sql1 = "insert into Image(FileName) values (#FileName); " +
"SELECT CAST(scope_identity() AS int)";
string sql2 = "insert into Code(Html,JsCode,Id_Img) values (#Html, #JsCode, #Id_Img)";
int FileId = 0;
using (SqlCommand cmd = new SqlCommand(sql1,cn))
{
cmd.Parameters.AddWithValue("#fileName", myfilename);
cn.Open();
FileId= (int)cmd.ExecuteScalar();
}
}
I don't get it!
I'm doing a simple insert in an access db.
static void EcrireDansBD()
{
//Connection a la BD
string connectionString = "Provider=Microsoft.ACE.OLEDB.12.0;data source=me.mdb";
OleDbConnection conn = new OleDbConnection(connectionString);
//works
string sql = "INSERT INTO HQ_POINTS (NORD,EST,ELEV) VALUES (1,2,3)";
//Syntax error in INSERT INTO statement
string sql = "INSERT INTO HQ_POINTS (NORD,EST,ELEV,DESC) VALUES (1,2,3,'ok')";
//Syntax error in INSERT INTO statement
string sql = "INSERT INTO HQ_POINTS (NORD,EST,ELEV,DESC) VALUES (1,2,3,ok)";
//Syntax error in INSERT INTO statement
string sql = "INSERT INTO HQ_POINTS (NORD,EST,ELEV,DESC) VALUES (1,2,3,\"ok\")";
OleDbCommand cmd = new OleDbCommand(sql, conn);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
Here is the table:
alt text http://img1.imagilive.com/0810/Capturee43.PNG
Help?
DESC is a reserved keyword which is used for ordering (ORDER BY column ASC/DESC).
you have to quote it: use [DESC] instead