I have this code in VB.Net but I get the error you have an error in your sql syntax check the manual that corresponds to your mysql server to use near...
How can I fix it?
cmd.CommandText = "INSERT INTO isu_mod_alertare (nr_rap_ext_aler, mod,
forte, procedee, cmd_fuct, nume_cmd) VALUES ('" + nrraport.Text + "', '"
+ MODT.Text + "', '" + fortet.Text + "', '" + procst.Text + "', '"
+ cdtt.Text + "', '" + numecdt.Text + "')"
cmd.ExecuteNonQuery()
MOD is a reserved word in mysql so put a quote in your mod field like 'mod'
See documentation
Related
I am getting this error:
Syntax error (missing operator) in query expression '10'
My code:
string MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age =" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
System.Data.OleDb.OleDbCommand o_command3 = new System.Data.OleDb.OleDbCommand(MySQL3, o_con);
o_con.Open();
o_command3.ExecuteNonQuery();
o_con.Close();
BTW I know my code is prone to SQL Injection attack, but this is for my school project so it doesn't really matter.
The problem is here
age =" + Request.Form["age"] + "+ "'
It should be
age =" + Request.Form["age"] + ", pass =
and
MySQL3 += " Where uName ='" + Session["uname"];
should be
MySQL3 += " Where uName ='" + Session["uname"] +"'";
String MySQL3 = "Update RegisterDatabase Set ";
MySQL3 += "uName ='" + Request.Form["uname"] + "', pName ='" + Request.Form["pname"] + "', idNumber ='" + Request.Form["id"] + "', age ='" + Request.Form["age"] + "', pass ='" + Request.Form["pass"] + "', email ='" + Request.Form["email"] + "'";
MySQL3 += " Where uName ='" + Session["uname"];
Just try above code.
Hope this will helps.
I want to insert data in two different table on button click. So there are 2 insert queries with different credentials. The first insert query working properly but second is not executing. Here what I tried.
Try
Dim str1 As String = "INSERT INTO yogaClasses (`yogaID`,`name`, `category`, `websiteName`, `email`, `phone1`, `phone2`, `mobileNumber`, `buildingName`, `streetName`, `landmark`, `areaName`, `city`, `State`, `zipCode`, `address`, slotTime1From, `slotTime1To`, `slotTime2From`, `slotTime2To`, fees, `overview`, `establishment`, `newBatchStart`, `yogaType`, `facilities`, payment, `status`, `username`, `password`) values ('" + ID + "','" + name + "', '" + businessCategory + "', '" + website + "', '" + email + "', '" + phoneNo1 + "', '" + phoneNo2 + "', '" + mobileNumber + "', '" + building + "', '" + street + "', '" + landpoint + "', '" + area + "', '" + city + "', '" + stateName + "', '" + zipCode + "', '" + fulladdress + "', '" + slot1A + "', '" + slot1B + "', '" + slot2A + "', '" + slot2B + "', '" + feesPay + "', '" + about + "', '" + foundYear + "', '" + startnewBatch + "', '" + selectedYoga + "', '" + selectedFacility + "', '" + payments + "', 'active', '" + mobileNumber + "', '" + membersAutoPassword.Text + "')"
Dim str2 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str1
command.Connection = con
adapter.SelectCommand = command
con.Open()
str2 = command.ExecuteReader
con.Close()
Response.Redirect("business-added.aspx")
Catch ex As Exception
Response.Write(ex)
End Try
Try
Dim str2 As String = "INSERT INTO yogaAgeGroup (`6-15`, `16-20`, `21-25`, `26-30`, `31-35`, `35+`, `yogaID`) values('" + ageup1.Text + "', '" + ageup2.Text + "', '" + ageup3.Text + "', '" + ageup4.Text + "', '" + ageup5.Text + "', '" + ageup6.Text + "', '" + TextId.Text + "')"
Dim str3 As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = str2
command.Connection = con
adapter.SelectCommand = command
con.Open()
str3 = command.ExecuteReader
con.Close()
Catch ex As Exception
Response.Write(ex)
End Try
The second query not executing. What I am doing wrong in this? Or Is it possible to execute both query in one?
Problem (in your 1st query)
con.Close()
Response.Redirect("business-added.aspx")
Move this line after second query con.Close()
Response.Redirect("business-added.aspx")
Because this line will redirect you to another page, so the rest of code won't be execute
Can someone help me with the problem that I'm having now?
I have a set of question(survey). When the user done the survey, it will insert to my database.
However, right now, when I submit the survey, it doesn't insert the result into my database.
here is my code:
try {
//Process - Query from SQL
String strSqlnsert = "INSERT INTO Customers (MembershipID, Contact, Email, Address, SurveyStatus, Subscription) VALUES"
+ " ('"+ member_ID + "', " + contact_num + ", '" + email_add + "', '" + mail_add + "' , " + radio_group + "," + receive_info + ")";
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/customers", "root", "password");
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(strSqlnsert);
I've also add in the library for the JDBC in the library folder.
It seems the non numeric values aren't quoted
Instead of
" + email_add + ",
try
'" + email_add + "',
In the below insert statement
INSERT INTO table (field1, field2) VALUES ( 5, 'this is a string');
the 'this is a string' is wrapped in quotes, because field2 is of type VARCHAR. field1 is INT so the value assigned to it (5) doesn't need quoting.
The VALUES list must be in braces too and again, non numeric values must be quoted:
String strSqlnsert = "INSERT INTO Customers (MembershipID, Contact, Email, Address, SurveyStatus, Subscription) VALUES (" + member_ID + ", " + contact_num + ", '" + email_add + "', '" + mail_add + "', '" + radio_group + "', '" + receive_info + "')";
Try to make a prepared statement where you can call setInt or setString method of preparedStatement class . so it will automatically remove string or numeric confusion at all.
BTW preparedStatement is the best way to pass parameter in sql query.don't use Statement class for parameter sql query.
So I'm writing a web app in vb.net and I've found myself a bit conceptually stumped with a particular database issue.
Essentially, I have 2 different "templates" for a form. In one, the user fills in a bunch of text fields and submits it, and it's all shipped off to the database. The second template is identical, except it tracks some additional information, so it submits more to the database. Rather than have a pair of tables with a lot of duplicate columns or a single table with a bunch of nulls, I made 1 table that tracks all the information shared by both templates and another table that stores all the "extra stuff" the 2nd template has.
The problem this has created is I need a way to pair the data from the two back together in order to search for the form and then pull the information out of the database. The collective forms are identified by a surrogate auto-incrementing key which is the primary key of the "shared" table. I attempted to set up a foreign key relationship with the "extra stuff" table, but doing so raised an issue on the application side where I'm not sure how to handle a foreign key that references an auto-increment in my insert statement.
To give a code example:
Dim sInsertInto As String
sInsertInto = "INSERT INTO 5why (date, op_id, serial, why1, why2, why3, why4, why5, root_cause, other_notes, lessons, define, template) VALUES (" + _
"'" + f_date + "', " + _
" '" + f_usr + "', " + _
" '" + f_partnum + "', " + _
" '" + f_first + "', " + _
" '" + f_second + "', " + _
" '" + f_third + "', " + _
" '" + f_fourth + "', " + _
" '" + f_fifth + "', " + _
" '" + f_root + "', " + _
" '" + f_notes + "', " + _
" '" + f_lessons + "', " + _
" '" + f_define + "', " + _
" '" + f_temp + "'" + _
")"
Dim sInsertInto2 As String
sInsertInto2 = "INSERT INTO 5why_mbusi (countermeasure, containment, check_it, standardize_counter, point_cause, method_procedure, group_leader, engineer, shop_am, shop_manager) VALUES (" + _
"'" + f_counter + "', " + _
" '" + f_containment + "', " + _
" '" + f_check + "', " + _
" '" + f_standardCounter + "', " + _
" '" + f_pointOfCause + "', " + _
" '" + f_methodAndProc + "', " + _
" '" + f_groupLeader + "', " + _
" '" + f_engineer + "', " + _
" '" + f_shop_A_M + "', " + _
" '" + f_shopManager + ", '" + _
")"
In the first insert statement I'm inserting all the shared information into the "shared" table. I don't have to worry about the auto-increment here because it's all being handled by the database. The second insert statement ships all the extras into the "extra stuff" table, but I can't insert all those things without figuring out something to put into the foreign key, as it can't be null for the purposes of establishing a relationship between the two sets of data. I'm operating under the impression that just setting the foreign key to AI as well would just start it back over at "1," it wouldn't match the AI being generated by the "shared" table.
Any ideas out there on how to handle it? This was kind of tricky to word, so if you need clarification about anything, let me know and I'll do my best to clear it up.
The standard way to handle this is for the second table to not declare its primary key as auto-increment. Instead, you must specify the value of the primary key in your INSERT statement.
If you insert into the second table immediately after the first table, you can use the special function LAST_INSERT_ID() as the value.
Example:
INSERT INTO table1 (foo) VALUES (1234); -- generates a new `id`
INSERT INTO table2 (id, bar) VALUES (LAST_INSERT_ID(), 'abcd');
The LAST_INSERT_ID() function returns the most recently generated auto-increment value by a prior INSERT statement in the same session. There is no chance that other people doing their own inserts in other sessions will compromise this.
PS: This is a separate issue from your original question, but FWIW you should learn to use query parameters instead of stringing together form fields with string concatenation. Using parameters is easier, faster, and more secure.
I'm getting the title error when attempting to execute the following:
sInsertInto = "INSERT INTO 5why (date, op_id, serial, why1, why2, why3, why4, why5, root_cause, lessons) VALUES (" + _
"'" + f_date + "', " + _
"'eccross', " + _
" '" + f_partnum + "', " + _
" '" + f_first + "', " + _
" '" + f_second + "', " + _
" '" + f_third + "', " + _
" '" + f_fourth + "', " + _
" '" + f_fifth + "', " + _
" '" + f_root + "'" + _
" '" + f_lessons + "'" + _
")"
The value count should be fine here; but its not for whatever reason and I cannot get this error to resolve.
You seem to be missing a comma, specifically after the f_root line. I would think this would be a syntax error due to the two strings 'f_root' 'f_lessons', but I guess not.
Your query is vulnerable to injection. You should be using parameterized queries with prepared statements. Depending upon the variable values, this may also be the problem.