Syntax error in INSERT INTO statement in c# oledb?
I am having a table called SubMaster_Accounts, which contains 9 fields. In which I want to insert data to开发者_StackOverflow社区 some fields and i want to store some other fields as NULL. I tried to write the query using query string, The sql query works perfectly when i insert the data for all the fields, but when i insert data as NULL to some of the fields it shows syntax error in Insert command. The fields which i want to insert as NULL are not constraints.
How can i do it?
This is my query string.
insert into SubMaster_Account ([SMcode], [MSname], [Sname], [Openbalrs],
[Openbalrs1], [Openbalmet], [Openbalmet1], [Creditdays], [Sdesc])
values ('" + SMcode + "','" + MSname + "','" + Sname + "'," +
Openbalrs + ",'" + Openbalrs1 + "'," + Openbalmet + ",'" +
Openbalmet1 + "'," + Creditdays + ",'" + Sdesc + "')
You should change your query to use parameters instead of inline literals.
With your current approach, you migth be prone to SQL injection attacks, if any of those values from the user.
You are prone to SQL syntax errors, as you've experienced, if you try to use any values with single quotes in them, or whatnot.
These problems go away with parameters.
精彩评论