query problm in Sql Server 2008

Question

2.00/5 (2 votes)

See more:

Here is my code:

SQL

SqlCommand cmda = new SqlCommand("Delete ID,DrugName,PurchasePrice,SellPrice,Stock from AddProduct where DrugName ='"+ comboBox1.SelectedItem +"' ",conn);
            cmda.Connection = conn;
            conn.Open();
            cmda.ExecuteNonQuery();
            conn.Close();

I click the delete button so error is occur. And Error is (Incorrect syntax near ',').

Please Help What shoulid i do then error is not occur?

Posted 17-Aug-12 15:04pm

Arsalaan Ahmed

Updated 17-Aug-12 15:07pm

RaisKazi

v2

Add a Solution

Comments

AspDotNetDev 17-Aug-12 21:11pm

Your code is vulnerable to SQL injection: http://xkcd.com/327/ . Use parameterized queries instead: http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx .

AspDotNetDev 19-Aug-12 0:07am

Ignore this comment. I am just testing if I get a notification when I reply to my own comment.

Arsalaan Ahmed 17-Aug-12 21:15pm

Thank u Problem Solved,,, Ap ke btane se phele,,,,

RaisKazi 17-Aug-12 21:21pm

Please do not use native language and be respectful to the forum which offering help to you.

Arsalaan Ahmed 13-Jul-13 5:59am

bhai kia negative language use ki hai... sirf yehi to kaha hai ke ap ke btanae se phele mera kam ho gya..
to is me mene kia galat bat ki hai

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

RaisKazi · Answer 1 · 2012-08-17T15:15:00

Remove colunm names from your "Delete" query. Using "Delete" statement you delete entire row of corresponding records, so it does not require column names.

Have a look at below link for proper syntax of "Delete" statement.
http://www.w3schools.com/sql/sql_delete.asp

I would recommend you to use parameterized queries instead of concatenating user-input to your plain sql query.

http://www.csharp-station.com/Tutorial/AdoDotNet/lesson06

AspDotNetDev · Answer 2 · 2012-08-17T15:16:00

You can't delete the values in specific rows of a table. You are deleting the entire row (if you want to erase specific fields, you'd need to do an UPDATE). Do this instead:

C#

SqlCommand cmd = new SqlCommand("DELETE FROM AddProduct WHERE DrugName = @DrugName", conn);
cmd.Parameters.AddWithValue("DrugName", comboBox1.SelectedItem);

Here are some other issues with your code:

When you don't use parameterized queries, you are opening your code up to SQL injection (that's bad).
You don't need to set the connection on the command if you pass the connection to the command via the constructor.

query problm in Sql Server 2008

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0