I'm having difficulties in retrieving and displaying records from a table in a database. I'm using a MySql database and VB.NET 2012.
I'm getting the following error message
"End of statement expected"
Remove the space between Form2 and _Load. Your SQL statement is also broken, the AND being in blue shows this. You have your single and double quotes confusing it, the statement is being ended before the AND due to incorrect syntax. In any case, you should, probably, be using
"SELECT * FROM bigregdb WHERE regID = '"1"' OR regID = '"2"'"
Related
Hello I'm trying to display data in vb.net using MySQL syntax here is my Mysql syntax
SELECT COUNT(status) as 'Number of Grade School for the Month of January'
FROM blhtraining.userinfo
Where survey_at='Talisay'
and status='College' and Month(member_since)='1' and
Year(member_since)='2021'
And this code works in Mysql but when i modify it like this in vb.net
Dim count_gradeSchool1 As String = "Select Case COUNT(status) As 'Members'
From training.userinfo
Where survey_at='" & txtmonthlylocation.Text & "'
And status ='College'
And Month(member_since)='" & monthly_reports & "'
And YEAR(member_since)='" & txtmyear.Text & "'
And Day(member_since)='11'"
da = New MySqlDataAdapter(count_gradeSchool1, mycon)
dt = New DataTable()
da.Fill(dt)
lblgs1.Text = dt.Rows(0)("Members")
I recieved this error
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'As 'Members'
From training.u' at line 1
I'm sure the syntax is correct is it the variable declared?
Your problems probably came about because you pasted the SQL into your code without starting a string first, so VB saw "select" and helped you out by adding "case". So, here is code that...
...has fixed SQL syntax
...uses parameters. Always use parameters. You've no idea how many times a day I say this, trying to stem the tide of future SQL injection hacks. Writing code that doesn't use parameters will get you fired, or you'll have to live with the consequences of writing hack prone code on your conscience. Don't ever skip on using parameters in your SQLs, even if it's "only an app to track your grandma's record collection"
...doesn't call functions on columns in the where clause - don't do it; it's a huge waste of resources and kills opportunities to use indexes. Always, always try to leave table data alone, untransformed. In 99% of cases there is another way to write the query
...uses executescalar - you only want one value, pointless using an adapter/table for it
...doesn't use column alises with spaces in - as noted in the comments - don't do it; it's not the database's job to format your column names, it's the front end's job.
Dim count_gradeSchool1 As String = "Select COUNT(*) as c
FROM training.userinfo
Where survey_at = #loc
And status = 'College'
And member_since = #ms"
Using c = New MySqlCommand(count_gradeSchool1, mycon)
c.Parameters.AddWithValue("#loc", txtmonthlylocation.Text)
c.Parameters.AddWithValue("#ms", new Date(CInt(txtmyear.Text), CInt(monthly_reports), 11)
c.Connection.Open() 'if it's not already open
lblgs1.Text = c.ExecuteScalar().ToString()
End Using
I have this websql script (http://pastebin.com/gvJseBAn) which doesn't perform correctly.
If I run the statement select * from news where id=0772348890 , I get the error The conversion of the varchar value ' 0017707787068' overflowed an int column.
If I run the statement select * from news where id='0772348890' , I get the error Incorrect syntax near '0772348890'.
If I run the statement select * from news where id="0772348890" , I get Invalid column name '0772348890'
Any other variation of '#0772348890#' or #0772348890# or "#0772348890#" I have tried gives the error "incorrect column" or "incorrect syntax near ..."
Any ideas on how to fix this error, or a better method of creating a simple websql query form?
A) the issue here is that db column will not under any conditions accept "0772348890" as a valid input because it is mismatched. The column is an "int" type (according to your first error), but your value has a padded 0 prependedto the front as in 0 772...
What is the purpose of this zero? Ordinarily prepended zeros appear in fixed length character fields where a space is not allowed. Should the value not be "772348890"?
B) Remember that ColdFusion will escape your single quotes in your query. In your second error example (where you use single quotes), this code:
<cfquery name="runsql" datasource="#Form.datasource#" timeout="30">
#Form.sql#
</cfquery>
Produces this SQL statement:
select * from news where id=''0772348890''
Which would give you your syntax error. If you wish to successfully test your second example you will need to alter your code to:
<cfquery name="runsql" datasource="#Form.datasource#" timeout="30">
#preservesinglequotes(Form.sql)#
</cfquery>
Preservesinglequotes() gets you past the second error issue and MSSQL's implicit conversion may strip off the prepended zero and allow the query to succeed - though I'm not sure will give you what you want.
C) Finally you should probably never do what you are trying to do - at least not in this fashion (sorry to be so direct!). Your opening up your DB to arbitrary queries from a web form. The resulting damage from even casual mistakes could be catastrophic to your data, let alone a malicious user bent on stealing or altering or using your site for malicious purposes. That's my take. :)
I have a database that stores teams. Each of these team names is unique. In the event that one is named Bob's Team. I have successfully managed to % encode the symbols when it is sent through the querystring to the next file. In this file I am getting an error with the SQL due to the apostrophe and I don't know how to fix it. Not quite sure about all this escaping stuff I'm reading. It's pretty confusing. Here is the line causing the problem:
strSQL = "SELECT * FROM Teams WHERE TeamName='" & TheTeamName & "'"
In the event that Bob's Team is the name of the team. The error I get is:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'TeamName='Bob's Team''.
/DeleteTeam.asp, line 35
I'd like to know what I have to do in order to make it properly delete a team with an apostrophe (and possibly other annoying symbols) in it.
To make your query work as is you can try the following:
Replace in TheTeamName the Single Quote ' by ''
Then use it in your query. (#least this works in MySQL not sure abt your DB engine but give it a try).
Note that it is better to use prepared statement to prevent SQL-Injection
I have the following issue, I trying to obtain data via linked server in sql server 2008 from BMC Remedy
Everything is fine with connection, but when I added WHERE
"Assigned Group" LIKE '*scri%'*, I get error in sql server because of apostrophes which I have to use because BMC Remedy demands it.
Do you know how to create correct syntax or force sql server to use quotation marks instead of apostrophes, or disable spell checking
SELECT *
FROM OPENQUERY(Remedy,
**'**
SELECT
Incident_Number
FROM
HPD_Help_Desk
WHERE
"Assigned Group" LIKE ' scri% '
**'**
)
When doing SQL queries from within Remedy, I usually create a new field and use workflow to build the SQL query.
Also the syntax of the where clause you specified isn't correct. Try this instead:
SELECT
Incident_Number
FROM
HPD_Help_Desk
WHERE
Assigned_Group LIKE 'scri%'
There maybe a white spaces that cause you a problems.
You can also try this one:
SELECT Incident_Number
FROM HPD_Help_Desk
WHERE Assigned_Group LIKE '%scri%'
Or you can try to run this one if you run sql on DB:
SELECT r.Incident_Number
FROM ARADMIN.HPD_Help_Desk as r
WHERE r.Assigned_Group LIKE '%scri%'
Because you're running OPENQUERY, maybe double apostrophes will be needed or double quotes instead of one quote (" intead of ').
Good Luck
I have a problem with a sql query. Through the query I am trying to search database for any occurrences of string (can be anything) in a column using the SQL LIKE command. The problem is that it works fine for most of the strings say john, jim, ji"m , but does not work when i include the following characters which are ( ' , { , } , and a single quotation mark). MYSQL query takes care of these special cases by putting them in [] block whenever user enters them .
But i am getting the following error when i go to query the database using the GetSelectCommand() in VB.NET
Exception Details:
System.ApplicationException: Number of
values provided must be equal to the
number of placeholders in query.
I have checked the query over and over again .. but its fine .
My database server is Sql Server 2008.
So my application throws the exception in this command:
Using reader As MustDisposeDataReader = _
pmSystem.DatabaseManager.GetSelectCommand(selectStatementBuilder.ToString(), New Object() {})
Where MustDisposeDataReader is an instance of a class in an internally developed library, which inherits from System.Object. pmSystem is an instance of the class PlanManagerSystem which implements the commandlayer. GetSelectCommand() takes the select command
Your single quotes are probably formatted incorrectly. Since it says the number of values are wrong it looks like your single quotes are off.