Click here to Skip to main content
15,890,741 members
Search within:


how to fix this error in c# ?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
SQL
hi, i have a form on my program , it have name , year , director , quality , size ( all of this have text box ) when i write something to those text boxes and click on add i get this error :

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll

Additional information: Unclosed quotation mark after the character string '954MB)'.

i know that i have write it like this : '954MB')'. but i dont know how to do it on C# i just can write it on sql server. this is my code of that form :

C#
private void BtnٍEdit_Click(object sender, EventArgs e)
       {
           String sqlcon = "Data Source=desktop-nee5996\\shadow;Initial Catalog=Filelib;Integrated Security=True";
           SqlConnection cn = new SqlConnection(sqlcon);

           try
           {
               cn.Open();
               if (TxtName.Text == "")
               {
                   MessageBox.Show("Please Insert Name.", "Message", MessageBoxButtons.OK, MessageBoxIcon.Information);
               }
               else
               {
                   SqlStr = "insert into Filelib (Id_Files,";
                   SqlStr = SqlStr + " Name,";
                   SqlStr = SqlStr + " Year,";
                   SqlStr = SqlStr + " Director,";
                   SqlStr = SqlStr + " Quality,";
                   SqlStr = SqlStr + " Size) ";
                   SqlStr = SqlStr + " Values(";
                   SqlStr = SqlStr + "'" + TxtId_Files.Text + "',";
                   SqlStr = SqlStr + "'" + TxtName.Text + "',";
                   SqlStr = SqlStr + "'" + TxtYear.Text + "',";
                   SqlStr = SqlStr + "'" + TxtDirector.Text + "',";
                   SqlStr = SqlStr + "'" + TxtQuality.Text + "',";
                   SqlStr = SqlStr + "'" + TxtSize.Text + ")";
                   sqlcmd = new SqlCommand(SqlStr, cn);
                   sqlcmd.ExecuteNonQuery();
                   MessageBox.Show("Save Successefully.", "Message", MessageBoxButtons.OK, MessageBoxIcon.Information);
                   clear();


               }

           }
           finally
           {
               cn.Close();
           }

       }

       public void clear()
       {


           TxtName.Text = "";
           TxtYear.Text = "";
           TxtDirector.Text = "";
           TxtQuality.Text = "";
           TxtSize.Text = "";
       }


how can i fix it ? by the way english is my second language - excuse me if i type words wrong.
Posted
Add a Solution

1 solution

The immediate solution is to add the missing last quotation mark to the statement:
C#
SqlStr = SqlStr + "'" + TxtSize.Text + "')";

However, I suggest not concatenating the data from controls directly to the SQL statement. This leaves you wide open to SQL injections. Instead, use SQLParameter[^].

So in overall your code should look something like

C#
SqlStr = @"
INSERT INTO Filelib (Id_Files, Name, Year, Director, Quality, Size)
VALUES (@Id_Files, @Name, @Year, @Director, @Quality, @Size)";

using(sqlcmd = new SqlCommand(SqlStr, cn)) {
   sqlcmd.Parameters.AddWithValue("@Id_Files", TxtId_Files.Text);
   sqlcmd.Parameters.AddWithValue("@Name", TxtName.Text);
   sqlcmd.Parameters.AddWithValue("@Year", TxtYear.Text);
   sqlcmd.Parameters.AddWithValue("@Director", TxtDirector.Text);
   sqlcmd.Parameters.AddWithValue("@Quality", TxtQuality.Text);
   sqlcmd.Parameters.AddWithValue("@Size", TxtSize.Text);
   sqlcmd.ExecuteNonQuery();
}

Also it would be advisable to wrap the command into a using block that defines the connection.

For more discussion, have a look at Properly executing database operations[^]
 
Share this answer
 
Posted
Updated 4-Sep-15 20:33pm
v3
Comments
brandon1999 5-Sep-15 2:20am    
thank u so much but when i write :

SqlStr = @"
INSERT INTO Filelib (Id_Files, Name, Year, Director, Quality, Size)
VALUES (@Id_Files, @Name, @Year, @Director, @Quality, @Size))";

using(sqlcmd = new SqlCommand(SqlStr, cn)) {
sqlcmd.Parameters.AddWithValue("@Id_Files", TxtId_Files.Text);
sqlcmd.Parameters.AddWithValue("@Name", TxtName.Text);
sqlcmd.Parameters.AddWithValue("@Year", TxtYear.Text);
sqlcmd.Parameters.AddWithValue("@Director", TxtDirector.Text);
sqlcmd.Parameters.AddWithValue("@Quality", TxtQuality.Text);
sqlcmd.Parameters.AddWithValue("@Size", TxtSize.Text);
sqlcmd.ExecuteNonQuery();
}

it says Incorrect syntax near ')'. how to fix it ? thank u again
Wendelius 5-Sep-15 2:33am    
Sorry, there was an extra parenthesis in the end of the SQL statement. The example has now been modified.
brandon1999 5-Sep-15 2:37am    
it worked - thank u so much
Wendelius 5-Sep-15 2:38am    
You're welcome.
Sarath kumar.N 5-Sep-15 2:43am    
Pls accept the solution
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to fix template error?
How can I fix this error VS
How to fix this error?
Fix this error in java?
fix an error of WNDCLASSEX in c program
How to fix this code and pls reply after fixing this code
How can I fix this. Fatal error: uncaught mysqli_SQL_exception: you have an error in your SQL syntax; thrown in C:\xampp\kishanga apps\htdocs\DAMS\admin_dashboard.php on line 12
Fix my insert into mysqk
How can I fix this error
Fix makefile permissions in wsl

Advertise
Privacy
Cookies
Terms of Use
Last Updated 5 Sep 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900