i'm currently making a guide tool. i connected to my accdb file and all works fine.
Now i want wo select the Name of Monster who drops item XY.
the monster has 19 drop fields , namen from a_item_0 to a_item_19.
my query is:
string query = "SELECT a_name FROM waffen WHERE a_item_0= "
+ textBox21.Text + "' OR a_item_1= '" + textBox21.Text
+ "' OR a_item_2= '" + textBox21.Text + "' OR a_item_3 = '"
+ textBox21.Text + "' OR a_item_4= '" + textBox21.Text
+ "' OR a_item_5= '" + textBox21.Text + "' OR a_item_6= '"
+ textBox21.Text + "' OR a_item_7 = '"
+ textBox21.Text + "' OR a_item_8 = '" + textBox21.Text
+ "' OR a_item_9 = '" + textBox21.Text + "' OR a_item_10 = '"
+ textBox21.Text + "' OR a_item_11 = '" + textBox21.Text
+ "' OR a_item_12 = '" + textBox21.Text + "' OR a_item_13 = '"
+ textBox21.Text + "' OR a_item_14 = '" + textBox21.Text
+ "' OR a_item_15 = '" + textBox21.Text + "' OR a_item_16 = '"
+ textBox21.Text + "' OR a_item_17 = '" + textBox21.Text + "' OR a_item_18 = '"
+ textBox21.Text + "' OR a_item_19 = '" + textBox21.Text + ";";
Maybe someone sees the error i look for more than 2 hours now...
I think you've missed the first and last string delimiters
string query = "SELECT a_name FROM waffen WHERE a_item_0= '" + textBox21.Text
+ "' OR a_item_1= '" + textBox21.Text + "' OR a_item_2= '" + textBox21.Text
+ "' OR a_item_3 = '" + textBox21.Text + "' OR a_item_4= '" + textBox21.Text
+ "' OR a_item_5= '" + textBox21.Text + "' OR a_item_6= '" + textBox21.Text
+ "' OR a_item_7 = '" + textBox21.Text + "' OR a_item_8 = '" + textBox21.Text
+ "' OR a_item_9 = '" + textBox21.Text + "' OR a_item_10 = '" + textBox21.Text
+ "' OR a_item_11 = '" + textBox21.Text + "' OR a_item_12 = '" + textBox21.Text
+ "' OR a_item_13 = '" + textBox21.Text + "' OR a_item_14 = '" + textBox21.Text
+ "' OR a_item_15 = '" + textBox21.Text + "' OR a_item_16 = '" + textBox21.Text
+ "' OR a_item_17 = '" + textBox21.Text + "' OR a_item_18 = '" + textBox21.Text
+ "' OR a_item_19 = '" + textBox21.Text + "';";
Looks like you might be missing the very first singe-quote in your query string.
WHERE a_item_0= '" + textBox21.Text + "'
Related
I am getting this error:
Syntax error (missing operator) in query expression '10'
My code:
string MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age =" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
System.Data.OleDb.OleDbCommand o_command3 = new System.Data.OleDb.OleDbCommand(MySQL3, o_con);
o_con.Open();
o_command3.ExecuteNonQuery();
o_con.Close();
BTW I know my code is prone to SQL Injection attack, but this is for my school project so it doesn't really matter.
The problem is here
age =" + Request.Form["age"] + "+ "'
It should be
age =" + Request.Form["age"] + ", pass =
and
MySQL3 += " Where uName ='" + Session["uname"];
should be
MySQL3 += " Where uName ='" + Session["uname"] +"'";
String MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age ='" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
Just try above code.
Hope this will helps.
Can Any one help me to write a query by which i can fetch a record with specific date having specific value of a column. this query given below giving records with specific value but not filtering the date.
sql = "Select * from solarleads where Phone = '" + c_id.Text + "' OR AgentName Like '" + c_id.Text + "%' OR CallStatus Like '%" + c_id.Text + "%' OR CenterId = '" + c_id.Text + "' And Date >= '" + date1.Text + "' AND Date <='" + date2.Text + "' ORDER BY Id DESC ;";
You need to bracket the set of ORed conditions.
sql = "Select * from solarleads
where ( Phone = '" + c_id.Text + "' OR AgentName Like '" + c_id.Text + "%'
OR CallStatus Like '%" + c_id.Text + "%'
OR CenterId = '" + c_id.Text + "' )
And Date >= '" + date1.Text + "' AND Date <='" + date2.Text + "'
ORDER BY Id DESC ;"
Separate and condition by parenthesis, like -
sql = "Select * from solarleads where " +
"(Phone = '" + c_id.Text + "' " +
"OR AgentName Like '" + c_id.Text + "%' " +
"OR CallStatus Like '%" + c_id.Text + "%' " +
"OR CenterId = '" + c_id.Text + "' ) " +
"(And Date >= '" + date1.Text + "' AND Date <='" + date2.Text + "' )" +
"ORDER BY Id DESC ;";
Also check - Mysql or/and precedence?
I want to insert data in two different table on button click. So there are 2 insert queries with different credentials. The first insert query working properly but second is not executing. Here what I tried.
Try
Dim str1 As String = "INSERT INTO yogaClasses (`yogaID`,`name`, `category`, `websiteName`, `email`, `phone1`, `phone2`, `mobileNumber`, `buildingName`, `streetName`, `landmark`, `areaName`, `city`, `State`, `zipCode`, `address`, slotTime1From, `slotTime1To`, `slotTime2From`, `slotTime2To`, fees, `overview`, `establishment`, `newBatchStart`, `yogaType`, `facilities`, payment, `status`, `username`, `password`) values ('" + ID + "','" + name + "', '" + businessCategory + "', '" + website + "', '" + email + "', '" + phoneNo1 + "', '" + phoneNo2 + "', '" + mobileNumber + "', '" + building + "', '" + street + "', '" + landpoint + "', '" + area + "', '" + city + "', '" + stateName + "', '" + zipCode + "', '" + fulladdress + "', '" + slot1A + "', '" + slot1B + "', '" + slot2A + "', '" + slot2B + "', '" + feesPay + "', '" + about + "', '" + foundYear + "', '" + startnewBatch + "', '" + selectedYoga + "', '" + selectedFacility + "', '" + payments + "', 'active', '" + mobileNumber + "', '" + membersAutoPassword.Text + "')"
Dim str2 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str1
command.Connection = con
adapter.SelectCommand = command
con.Open()
str2 = command.ExecuteReader
con.Close()
Response.Redirect("business-added.aspx")
Catch ex As Exception
Response.Write(ex)
End Try
Try
Dim str2 As String = "INSERT INTO yogaAgeGroup (`6-15`, `16-20`, `21-25`, `26-30`, `31-35`, `35+`, `yogaID`) values('" + ageup1.Text + "', '" + ageup2.Text + "', '" + ageup3.Text + "', '" + ageup4.Text + "', '" + ageup5.Text + "', '" + ageup6.Text + "', '" + TextId.Text + "')"
Dim str3 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str2
command.Connection = con
adapter.SelectCommand = command
con.Open()
str3 = command.ExecuteReader
con.Close()
Catch ex As Exception
Response.Write(ex)
End Try
The second query not executing. What I am doing wrong in this? Or Is it possible to execute both query in one?
Problem (in your 1st query)
con.Close()
Response.Redirect("business-added.aspx")
Move this line after second query con.Close()
Response.Redirect("business-added.aspx")
Because this line will redirect you to another page, so the rest of code won't be execute
Well i have to do a series of updates and inserts.
I have this code on vb.net
Dim posicion_id As Integer = MysqlObj.ejecutarInsert("INSERT INTO posicion (dispositivoid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada, positiontype) VALUES (" + msj.dispositivoid + "," + msj.mensajeid + ",'" + msj.fechahora + "','" + msj.longitud + "','" + msj.latitud + "'," + msj.altura + "," + msj.velocidad + "," + msj.direccion + "," + msj.resultadoid + ",'" + msj.descripcion + "'," + msj.gpsweek + "," + msj.gpsseconds + "," + msj.notificacionenviada + "," + msj.positiontype + "); SELECT LAST_INSERT_ID()").ToString()
If (Integer.Parse(msj.mensajeid) > 0) Then
MysqlObj.ejecutarInsert("INSERT INTO mensajedescripcion (mensajeid, fechahora, dispositivoid, secuencia) VALUES (" + msj.mensajeid + ",'" + msj.fechahora + "'," + msj.dispositivoid + ",0)")
End If
MysqlObj.ejecutarUpdate("UPDATE dispositivo SET ultimoMensaje = '" + msj.fechahora + "', fechanotificacion = '" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "' WHERE dispositivoid = " + msj.dispositivoid)
If (MysqlObj.hasRows("SELECT * FROM posicion_current WHERE dispositivoid = " + msj.dispositivoid)) Then
MysqlObj.ejecutarUpdate("UPDATE posicion_current SET posicionid = " + posicion_id.ToString() + ", mensajeid = " + msj.mensajeid + ", fechahora = '" + msj.fechahora + "', longitud = '" +
msj.longitud + "', latitud = '" + msj.latitud + "', altura = " + msj.altura + ", velocidad = " + msj.velocidad + ", direccion = " + msj.direccion + ", resultadoid = " + msj.resultadoid + ", descripcion = '" + msj.descripcion +
"', gpsweek = " + msj.gpsweek + ", gpsseconds = " + msj.gpsseconds + ", notificacionenviada = " + msj.notificacionenviada + " WHERE dispositivoid = " + msj.dispositivoid)
Else
MysqlObj.ejecutarInsert("INSERT INTO posicion_current (posicionid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada) VALUES (" + posicion_id + "," + msj.mensajeid + ",'" + msj.fechahora + "','" + msj.longitud + "','" + msj.latitud +
"'," + msj.altura + "," + msj.velocidad + "," + msj.direccion + "," + msj.resultadoid + ",'" + msj.descripcion + "'," + msj.gpsweek + "," + msj.gpsseconds + "," + msj.notificacionenviada + ")")
Is it better for performance to do it like that or a single stored procedure that receives all data and does each insert update
DECLARE existss INT DEFAULT 0;
INSERT INTO posicion (dispositivoid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada, positiontype)
VALUES (_dipositivoid, _mensajeid, _fechahora, _longitud, _latitud, _altura, _velocidad, _direccion, 0, _descripcion, 0, 0, 1, 4219724);
SELECT COUNT(*) INTO #existss FROM posicion_current WHERE dispositivoid = _dispositivoid
IF (#existss > 0) THEN
UPDATE posicion_current SET posicionid = LAST_INSERT_ID(), mensajeid = _mensajeid, fechahora = _fechahora, longitud = _longitud, latitud = _latitud,
altura = _altura, velocidad = _velocidad, direccion = _direccion, resultadoid = 0, descripcion = _descripcion, gpsweek = 0, gpsseconds = 0, notificacionenviada = 1
WHERE dispositivoid = _dispositivoid;
ELSE
INSERT INTO posicion_current (dispositivoid, mensajeid, fechahora, longitud, latitud, altura, velocidad, direccion, resultadoid, descripcion, gpsweek, gpsseconds, notificacionenviada)
VALUES (_dipositivoid, _mensajeid, _fechahora, _longitud, _latitud, _altura, _velocidad, _direccion, 0, _descripcion, 0, 0, 1);
END IF;
UPDATE dispositivo SET ultimoMensaje = _fechahora, fechanotificacion = NOW() WHERE dispositivoid = _dispositivoid;
INSERT INTO mensajedescripcion (mensajeid, fechahora, dispositivoid, secuencia) VALUES (_mensajeid, _fechahora, _dispositivoid, 0);
Change the COUNT(*)...IF...UPDATE...ELSE...INSERT into
INSERT ... ON DUPLICATE KEY UPDATE ...
That will be faster and simpler.
I'm getting the title error when attempting to execute the following:
sInsertInto = "INSERT INTO 5why (date, op_id, serial, why1, why2, why3, why4, why5, root_cause, lessons) VALUES (" + _
"'" + f_date + "', " + _
"'eccross', " + _
" '" + f_partnum + "', " + _
" '" + f_first + "', " + _
" '" + f_second + "', " + _
" '" + f_third + "', " + _
" '" + f_fourth + "', " + _
" '" + f_fifth + "', " + _
" '" + f_root + "'" + _
" '" + f_lessons + "'" + _
")"
The value count should be fine here; but its not for whatever reason and I cannot get this error to resolve.
You seem to be missing a comma, specifically after the f_root line. I would think this would be a syntax error due to the two strings 'f_root' 'f_lessons', but I guess not.
Your query is vulnerable to injection. You should be using parameterized queries with prepared statements. Depending upon the variable values, this may also be the problem.