Click here to Skip to main content
15,924,935 members
Search within:


Data Adding using sqlcommand
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
.NET3.5
.NET
Hi All,

I Used Three Data In DataBase like product,price,discount........i give default value off discount ...0.......I miss Default

field to enter input.. When I Run The Program . It Shows Error like(Incorrect Syntax Near ')'....Please Help Me For This

sql is
SQL
create table products(product nvarchar(max),
                  price numeric(18,2),
                  discount numeric(18,2) default 0)



used command is

C#
Com=New sqlcommand("insert into pro values('" & textbox1.text &"'," & textbox2.text &"," & textbox3.text &")",con)

Thanks
S.Priyan

[edit]Code blocks added - OriginalGriff[/edit]
Posted
Updated 8-Apr-11 23:39pm
v2
Add a Solution

4 solutions

First off, don't do it like that. Your code leave you open to a deliberate or accidental SQL Injection attack, which could easily destroy your whole database. Use Parametrized queries instead.
Secondly, please use sensible names for controls: You may have a good idea what data is in "textbox2" now, but I don't - and neither will you in a months time! Call it "tbAddress" or "tbProductDescription" and you code becomes much more readable.
Thirdly, your syntax for the SQL INSERT is wrong. You need to specify the columns in your table.

Putting these together, try this:

Com=New sqlcommand("INSERT INTO pro (Column1, Column2, Column3) VALUES(@C1, @C2, @C3)", con);
Com.Parameters.AddWithValue("@C1", textbox1.text);
Com.Parameters.AddWithValue("@C2", textbox2.text);
Com.Parameters.AddWithValue("@C3", textbox3.text);

Where "Column1", "Column2" etc. are the field names in your "pro" table. You may also with to change "@C1", "@C2" and "@C3" to use sensible names as well - I can't because I don't know what you fields contain...
 
Share this answer
 
Posted
Comments
Wendelius 9-Apr-11 5:45am    
Nice, you're much quicker in writing :) 5'd.
OriginalGriff 9-Apr-11 5:48am    
Practice, typing tutor program many years ago, and I have answered this question so many times! :laugh:
Wendelius 9-Apr-11 5:58am    
Yes it's seems to be repeated every now and then :)
Debug through your source code.
Put a debug point on the command line and try to have a look at the string.

Also look at all the text box values and make sure none of them are null.

Try running the query in the back end to see if the table has been created first (before running the insert).
 
Share this answer
 
Posted
First of all, never ever concatenate values to the SQL statement. Use SqlParameter[^].

After that your code could look something like:
C#
SqlCommand command = new SqlCommand();
command.CommandText = "INSERT INTO Products (Product, Price, Discount) VALUES (@p1, @p2, @p3)";
command.Connection = con;

SqlParameter parameter;
parameter = new SqlParameter("p1", System.Data.SqlDbType.VarChar, 2000);
parameter.Value = textbox1.Text;
command.Parameters.Add(parameter);

parameter = new SqlParameter("p2", System.Data.SqlDbType.Decimal);
parameter.Value = textbox2.Text;
command.Parameters.Add(parameter);

parameter = new SqlParameter("p2", System.Data.SqlDbType.Decimal);
parameter.Value = textbox3.Text;
command.Parameters.Add(parameter);

try {
   rowsAffected = command.ExecuteNonQuery()
} catch ...

Now you won't have problems with apostrophes, no SQL injections etc.
 
Share this answer
 
Posted
com = New SqlCommand("INSERT INTO products (product,price ,discount ) VALUES(@C1, @C2, @C3)", con)
com.Parameters.AddWithValue("@C1", TextBox1.Text)
com.Parameters.AddWithValue("@C2" TextBox2.Text)
com.Parameters.AddWithValue("@C3", TextBox3.Text)
com.ExecuteNonQuery()
MsgBox("added")


If i change coding like that it also shows error"Error converting data type nvarchar to numeric."

please Help Me For This....


Thanks...those who read & reply
S.Priyan
 
Share this answer
 
Posted
Comments
Wendelius 9-Apr-11 6:15am    
Instead of posting a new solution you can comment on the answers. The problem with your current version is that you don't define the data type of the parameter. See solution 4.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
when to use SqlDataAdapter and sqlcommand ?
Adding Parameters to sqlCommand
Both IN and Like clause use in Sqlcommand
Sqlcommand executenonquery throws exception system.invalidcast
The reason for using SqlCommand instead of DataTable and DataAdapter?
Insert null values in Sql Server2008 using SqlCommand parameters of C#.
SqlCommand with Entity Framework
get value of sqlcommand
SQLCommand question to view
Sqlcommand problem - parameter not provided

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 Apr 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-06-25:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900