sql command not properly ended in select - asp.net

I suffer the pbm while selecting data
t = Convert.ToString(DropDownList1.SelectedItem);
m=Convert.ToString(DropDownList2.SelectedItem);
n=Convert.ToString(DropDownList3.SelectedItem);
o=Convert.ToString(DropDownList4.SelectedItem);
{
//da = new OracleDataAdapter("select * from " + t + "where area= '"+ m + "'and type='" + n + "'and ctype='" + o+"'" , con);
cmd = new OracleCommand("select * from " + t + "where area='" + m + "'and type='" + n + "'and ctype='" + o+"'", con);
dr = cmd.ExecuteReader();

You need a space between t and where in select * from " + t + "where [..].
My recommendation is some coffee ;)

Add space between t and where
cmd = new OracleCommand("select * from " + t + "where area='" + m + "'and type='" + n + "'and ctype='" + o+"'", con);
It should be like this
cmd = new OracleCommand("select * from " + t + " where area='"+m+"' and type='"+n+"'and ctype='"+o+"'",con);
^^^^^^^^^^^^

You need a space between all concatenated value,
Please try my code instead of your code
cmd = new OracleCommand("select * from " + t + " where area='"+ m +"' and type='"+ n +"' and ctype='"+ o +"'",con);

Related

copy from html form and paste on outlook

I want to build an application in which when I fill up a form it will copy the data and on a button click it will paste some of the data in outlook email body
Thanks
I am about to finish my webform site
Issue : when I add small content (any type) to textarea and click on submit , it works !
But when i enter long multi line text in textarea it give me syntax error near s.
SqlConnection con = new SqlConnection("Data source=hidden; initial catalog=dsatdata; User id=sa; password=xxxxxx");
con.Open();
var query = "insert into escalationmatrix values ('" + lbl_case_number.Text + "','" + Request.Form["statust"].ToString() + "','" + Request.Form["status_summaryt"].ToString() + "', '" + Request.Form["impact_severityt"].ToString() + "', '" + Request.Form["next_stept"] + "', '" + Request.Form["root_causet"] + "','" + DateTime.Now + "')";
// SqlCommand cmd = new SqlCommand("UPDATE [escalation] SET [Status] = '" + Request.Form["statust"].ToString() + "', [status_summary] = '" + Request.Form["status_summaryt"].ToString() + "', [impact_severity] = '" + Request.Form["impact_severityt"].ToString() + "', [next_step] = '" + Request.Form["next_stept"] + "', [root_cause] = '" + Request.Form["root_causet"] + "' WHERE [Case_Number] = '" + lbl_case_number.Text + "'" , con);
SqlCommand cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();`

Increment in Android SQLite

I want to update the col_Item_Auto_ID column with +1 in each column
Like this: replace 10 with 11, 11 with 12, etc!!
Help me pls... here the code is,
public void updateMiddleTemp(int autoid) {
SQLiteDatabase db = this.getWritableDatabase();
int id=51;
ContentValues cv_temp1 = new ContentValues();
cv_temp1.put(col_Item_Auto_ID, col_Item_Auto_ID+1);
//ff
long stemp = db.updateWithOnConflict(Table_KOT_ITEMS_TEMP, cv_temp1,
col_Item_Auto_ID + " >= " + autoid, null,SQLiteDatabase.CONFLICT_IGNORE);
db.close();
}
Try this code, it works fine:
db.execSQL("UPDATE " + Table_KOT_ITEMS_TEMP + " SET "
+ col_Sl_No + " = " + col_Sl_No + " +1 WHERE "
+ col_Sl_No + " >" +into);
db.close();
You cannot do this with standard update method - you need to use execSql method instead:
String sql = "UPDATE " + Table_KOT_ITEMS_TEMP +
" SET " + col_Item_Auto_ID + "=" + col_ITEM_AUTO_ID + "+1" +
" WHERE " + col_ItemAutoID + " >= " + autoid;
db.execSql(sql);
This can be done with updateWithOnConflict().
The value provided for the value field in ContentValues is incorrect.
Resulting value should be "col_Item_Auto_ID + 1" and not "col_Item_Auto_ID1".
So try changing
cv_temp1.put(col_Item_Auto_ID, col_Item_Auto_ID+1);
to
cv_temp1.put(col_Item_Auto_ID, col_Item_Auto_ID+"+1");
This code worked for me:
String query = "UPDATE " + Constants.RecentChats.DB_RECENT_CHATS + " SET "
+ Constants.RecentChats.UNREAD_COUNT + " = "
+ Constants.RecentChats.UNREAD_COUNT +"+1"+ " WHERE "
+ Constants.RecentChats.JID + " =" + id;
db.execSQL(query);

incorrect syntax near the keyword 'Values'

this is my code.i want to save these values into database.And an error occured,
incorrect syntax near the keyword Values
foreach (GridViewRow gvr in GridView1.Rows)
{
string strcon1;
strcon1 = ConfigurationManager.ConnectionStrings["fwma_devConnectionString"].ConnectionString;
SqlConnection con1 = new SqlConnection(strcon1);
con1.Open();
SqlCommand com3 = new SqlCommand(strcon);
TextBox tb = (TextBox)gvr.FindControl("TextBox2");//value
string txt = tb.Text;
Label propertylabel = (Label)gvr.FindControl("Label4");//id-property
com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + " ), con1";
com3.Connection = con1;
com3.ExecuteNonQuery();
con1.Close();
use this
com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values('" + propertylabel.Text + "','" + B_id.Text + "','" + tb.Text + "')";
instead of
com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + " ), con1";
If you are using the reserved keywords ,you should specify delimited identifiers either quoted or bracketed.
example using bracketed
com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,[Values]) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + " ), con1";
Shouldn't this line be like this?
com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + ")";
and please use command parameters:
When should "SqlDbType" and "size" be used when adding SqlCommand Parameters?

System.Data.SqlClient.SqlException: Incorrect syntax near ''

cmd.Connection = con;
con.Open();
cmd.CommandText = "Update tiit.Enquiry Set Status='" + DropDownList4.SelectedValue + "', NextFollowup='" + TextBox8.Text + "', Remarks='" + TextBox9.Text + "', Name='" + TextBox1.Text + "', Email='" + TextBox2.Text + "', Phone='" + TextBox3.Text + "','','','','', City='" + TextBox4.Text + "', Country='" + TextBox5.Text + "', Course='" + TextBox6.Text + "', Comments='" + TextBox7.Text + "', Cost='" +TextBox14.Text+ "' where SN='" + HiddenField1.Value + "'";
int i = cmd.ExecuteNonQuery();
con.Close();
No, don't do this. Never use string concatenations (+ operator) when building your SQL queries. Use parametrized queries:
cmd.Connection = con;
con.Open();
cmd.CommandText = "UPDATE tiit.Enquiry Set Status=#Status, NextFollowup=#NextFollowup, ...";
cmd.Parameters.AddWithValue("#Status", DropDownList4.SelectedValue);
cmd.Parameters.AddWithValue("#NextFollowup", TextBox8.Text);
...
This way your code won't be vulnerable to SQL injection and you won't have any encoding problems.
In all probability this:
"Update tiit.Enquiry Set Status='"
is you problem. (I'm talking about the .)
I completely agree however - use parametrised queries.

How to connect mysql to DevExpress ASPxScheduler without SqlDataSource

I have an ASP.net project I'm looking at and they want to use MySQL. I'm used to SQL server but using mySQL shouldn't be a problem.
Normally the control would like a SqlDataSource to bind to but that's not available with MySQL (from other posts on this site).
What's the best way to connect MySQL and the DevExpress ASPxScheduler so that you can create appointments?
Why not an ObjectDataSource and write the data layer? Or use LLBLGen, I think it works just fine with MySQL. The one caveat I've seen is that the MySQL ODBC and ADO drivers have issues with metadata.
I did end up using the objectdatasource and the ObjectCreated method and wrote the datalayer to insert records into the mysql database. I've included my code just incase someone needs some help with some of the logic.
protected void appointmentsDataSource_ObjectCreated(object sender, ObjectDataSourceEventArgs e)
{
e.ObjectInstance = new CustomEventDataSource(GetCustomEvents());
}
public void InsertAppointment()
{
//need to reformat the dates
string tempStartDate;
string tempStartMinutes;
if (appointmentobject.Start.Minute.ToString().Length == 1)
{
tempStartMinutes = "0" + appointmentobject.Start.Minute.ToString();
}
else
{
tempStartMinutes = appointmentobject.Start.Minute.ToString();
}
tempStartDate = AppointmentObject.Start.Year + "-"
+ AppointmentObject.Start.Month + "-"
+ appointmentobject.Start.Day + " "
+ appointmentobject.Start.Hour + ":"
+ tempStartMinutes;
string tempEndDate;
string tempEndMinutes;
if (appointmentobject.End.Minute.ToString().Length == 1)
{
tempEndMinutes = "0" + appointmentobject.End.Minute.ToString();
}
else
{
tempEndMinutes = appointmentobject.End.Minute.ToString();
}
tempEndDate = AppointmentObject.End.Year + "-"
+ AppointmentObject.End.Month + "-"
+ appointmentobject.End.Day + " "
+ appointmentobject.End.Hour + ":"
+ tempEndMinutes;
//TODO Add CustomField : Need to add to this Insert Statement
//Change the appointment subject
string NewSubject = AppointmentObject.CustomFields["fldFirstName"]
+ ", " + AppointmentObject.CustomFields["fldLastName"]
+ ", " + AppointmentObject.CustomFields["fldClassID"]
+ ", " + AppointmentObject.CustomFields["fldPhoneNumberDay"];
string mySQLQueryString = #"INSERT INTO appointment (StartDate,EndDate,Subject,Status,Description,label,location,Type,FirstName,
LastName,PhoneNumberDay,PhoneNumberEvening,DriversLicenseNumber,Email,RentalCar,Payment,ConfirmationNumber,
PermitNumber,ClassID,CreateDate,CreateUser,NoticeToReport)
VALUES('" + tempStartDate + "','"
+ tempEndDate + "', '"
//+ AppointmentObject.Subject + "',"
+ NewSubject + "',"
+ AppointmentObject.StatusId + ",'"
+ AppointmentObject.Description + "',"
+ AppointmentObject.LabelId + ", '"
+ AppointmentObject.Location + "',"
+ "0, '" //type
+ AppointmentObject.CustomFields["fldFirstName"] + "','"
+ AppointmentObject.CustomFields["fldLastName"] + "','"
+ AppointmentObject.CustomFields["fldPhoneNumberDay"] + "','"
+ AppointmentObject.CustomFields["fldPhoneNumberEvening"] + "','"
+ AppointmentObject.CustomFields["fldDriversLicenseNumber"] + "','"
+ AppointmentObject.CustomFields["fldEmail"] + "',"
+ AppointmentObject.CustomFields["fldRentalCar"] + ","
+ AppointmentObject.CustomFields["fldPayment"] + ",'"
+ AppointmentObject.CustomFields["fldConfirmationNumber"] + "','"
+ AppointmentObject.CustomFields["fldPermitNumber"] + "',"
+ AppointmentObject.CustomFields["fldClassID"] + ", '"
//ignore create date for now.
//+ AppointmentObject.CustomFields["fldCreateDate"] + "', '"
+ "2009-01-01 12:00', '"
+ AppointmentObject.CustomFields["fldCreateUser"] + "', "
+ AppointmentObject.CustomFields["fldNoticeToReport"] + ")";
MySqlConnections test = new MySqlConnections();
test.InsertRow(mySQLQueryString);
}
public class MySqlConnections
{
private static string DriverConnectionString = "Database=driverexam;Data Source=localhost;User Id=ART;Password=art01";
public DataSet SelectRows(DataSet dataset, string query, string tablename)
{
MySqlConnection conn = new MySqlConnection(DriverConnectionString);
MySqlDataAdapter adapter = new MySqlDataAdapter();
adapter.SelectCommand = new MySqlCommand(query, conn);
adapter.Fill(dataset, tablename);
conn.Close();
return dataset;
}
public bool InsertRow(string query)
{
// MySqlConnection conn = new MySqlConnection(DriverConnectionString);
MySqlConnection conn = new MySqlConnection();
MySqlCommand cmd = new MySqlCommand();
conn.ConnectionString = DriverConnectionString;
try
{
conn.Open();
cmd.Connection = conn;
cmd.CommandText = query;
cmd.ExecuteNonQuery();
conn.Close();
Console.WriteLine("Success Occurred ");
} //end of try
catch(Exception ex)
{
Console.WriteLine("Error Occurred - " + ex.Message);
}
return true;
}
}

Resources