Cmd.executenonquery(); throws "incorrect syntax near '/' " error

Question

1.00/5 (2 votes)

See more:

Developing a .net web application using C#.

When i use one alter query i am getting the above error.

home.global.mon- table name value getting from global variable.
tbl_col - name of the column to be added, taking from local variable.

What I have tried:

con.open();
sqlcommand cmd=new sqlcommand("Alter table "+home.global.mon+ "ADD" +tbl_col+ "varchar(50)",con );
cmd.executenonquery();
con.close();

con(connection) has already established at Begging.

Posted 24-Jul-18 11:28am

Member 13858616

Updated 25-Jul-18 1:19am

v2

Add a Solution

Comments

j snooze 24-Jul-18 17:39pm

I think if you debug and view what the value of home.global.mon or tbl_col is, you will see the issue. Also, other people will tell you this, but you should use command parameters instead of concatenating a string together. That leaves you open to sql injection attacks.

3 solutions

Solution 1

Quote:
Cmd.executenonquery(); throws "incorrect syntax near '/' " error

You are building the query by string concatenation with variables that we don't know, this make it impossible for us to know what is the real query.

you have to build the query in a variable so the can be printed or inspected in debugger.
-----
Your code do not behave the way you expect, or you don't understand why !

There is an almost universal solution: Run your code on debugger step by step, inspect variables.
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't know what your is supposed to do, it don't find bugs, it just help you to by showing you what is going on. When the code don't do what is expected, you are close to a bug.
To see what your code is doing: Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.
Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]
Debugging C# Code in Visual Studio - YouTube[^]
The debugger is here to only show you what your code is doing and your task is to compare with what it should do.

Posted 24-Jul-18 11:55am

Patrice T

Solution 2

First, you're building queries using string concatenation. That's a REALLY BAD IDEA!! ALWAYS use parameterized queries. Google for "C# parametrized queries" for examples.

Then you can Google for "SQL Injection Attack" for why what you're doing is so bad.

Now, having said that, you''re not paying attention to spaces when you build your query string. Your resulting query will look something like this:

Alter table homeglobalmonADDtblcolvarchar(50)

* Replace the italics text with the corresponding variable contents.

Build the query into a string variable first and then using string variable to new up the SqlCommand object AND USING THE DEBUGGER would have made diagnosing this problem very easy.

Posted 24-Jul-18 12:33pm

Dave Kreskowiak

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2018-07-25T01:20:00

"Alter table "+home.global.mon+ "ADD" +tbl_col+ "varchar(50)"

If your variables don't have leading\trailing spaces then the above will result in

"Alter table TableNameADDColumnNamevarchar(50)"

Is that valid SQL? You could see this yourself if you use the debugger to step through your code. Also the fact that you have a "/" in the error suggests there is a slash in one of your variables leaving to an invalid table or column name.

As others have said, we don't know what is in your inputs so we can't tell you what to do. Learn to debug your code though as that will help you cover the basics.