{"Incorrect syntax near 'C'."}.....Error Debug
SqlConnection conn = new SqlConnection("Server=ILLUMINATI;" +
"Database=DB;Integrated Security= true");
SqlCommand comm = new SqlCommand(
"Insert into FileUpload ('FilePath','TypeId','UploadedBy','UploadedDate')
values (" + savePath + "," + typeid + "," + NAME + "," + DateTime.Now+ ")", conn);
conn.Open();
comm.ExecuteNonQuery();
conn.Close();
It's giving an error saying:
{"Inc开发者_开发技巧orrect syntax near 'C'."}
Can anybody tell me the error please.
You have to put single ''
quotes around the value strings not around the column names
try this
SqlCommand comm = new SqlCommand(
"Insert into FileUpload (FilePath,TypeId,UploadedBy,UploadedDate)
values ('" + savePath + "','" + typeid + "','" + NAME + "',"
assuming typeID
is string, if not dont put ''
around it
The reason it's giving the error is as Haris says - you're putting the single quotes in the wrong place.
However, it would be a very bad idea to "fix" this by just putting the quotes in different places. Instead, you should use a parameterized query:
SqlCommand comm = new SqlCommand
("Insert into FileUpload (FilePath, TypeId, UploadedBy, UploadedDate)" +
" values (@savePath, @typeid, @name, @now)", conn);
comm.Parameters.AddWithValue("@savePath", savePath);
comm.Parameters.AddWithValue("@typeid", typeid);
comm.Parameters.AddWithValue("@name", NAME);
comm.Parameters.AddWithValue("@now", DateTime.Now);
By expressing your data as data instead of as part of the "code" (the SQL) you avoid having to worry about conversions (e.g. date formats) and you avoid SQL injection attacks.
See the SqlCommand.Parameters
documentation for more details (or search for "parameterized queries").
Enclose the columns, who has varchar and datetime type,in a single quote.
SqlCommand comm = new SqlCommand(
"Insert into FileUpload ('FilePath','TypeId','UploadedBy','UploadedDate')
values ('" + savePath + "'," + typeid + ",'" + NAME + "','" + DateTime.Now+ "')",
conn);
精彩评论