-1

I keep getting the exception

System.Data.SQLite.SQLiteException: 'SQL logic error near "=": syntax error'

and I have no idea why or whats causing it :(

my code is as follows

SQLiteConnection c = new SQLiteConnection("Data Source = StuTchInfo.db");
SQLiteCommand cmd = new SQLiteCommand(c);
cmd.CommandText = "SELECT *" +
    "FROM tblTeachers" +
   $"WHERE teacherID = '{idField.Text.ToString()}'";
c.Open();
SQLiteDataReader r = cmd.ExecuteReader();

//code processing data from data reader

and the exception is thrown on the last line. idField.Text is a string value and I have already tried using idField.Text.ToString() but it still throws the same error. Any ideas?

Improve this question
3
  • 1
    There is no point calling ToString on a string Commented Aug 10, 2021 at 9:51
  • 1
    Does this answer your question? What are good ways to prevent SQL injection? and SqlCommand Parameters Add vs. AddWithValue Commented Aug 10, 2021 at 9:51
  • Besides not using string concatenation and bad formatting/indentation, here it is a typo: a space is missing before WHERE, thus write for example $" WHERE ...". Commented Aug 10, 2021 at 9:53

3 Answers 3

Reset to default
4

Your string concatenation is causing an sql that contains tblTeachersWHERE

If you want to keep a multi line format for readability, you can ditch the string concat by using an @string

cmd.CommandText = @"
  SELECT *
  FROM tblTeachers
  WHERE teacherID = @name";

//you'll need this too; gives a value to the above parameter
cmd.Parameters.AddWithValue("@name", idField.Text);

You can also investigate Resources facility (right click on project name and choose Properties, then Resources on the left, and "click there" if your project doesnt have one); it allows you to write long strings like huge SQLs and not clutter your code with them. Code would be like:

cmd.CommandText = Properties.Resources.SelectFromTeachersWhereNameIs;

and your designer for the Resources be like:

enter image description here

As a side note, investigate how to parametrize your queries (I did it above with @name), because even if you fix this your code will explode again as soon as someone enters a ' into the textbox, or worse

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You need to add space.

cmd.CommandText = "SELECT * " +
    "FROM tblTeachers " +
    $"WHERE teacherID = '{idField.Text.ToString()}'";
Improve this answer

4 Comments

oh wow that was really it idk how i forgot string concatenation doesn't automatically put a space
Sql won't care about SELECT *FROM, btw
@CaiusJard Good to know, but anyway it would be good to have this space for better readability.
Verbatim string is much easier, preface with @, then you can use newlines
1

You need to use some spaces in your string. Also, you can have one-liner code by using string interpolation.

cmd.CommandText = $"SELECT * FROM tblTeachers WHERE teacherID = '{idField.Text.ToString()}'";
Improve this answer

1 Comment

I'll probably try doing this from now on at least until i get more used to SQL commands considering I managed to forget string concatenation doesn't automatically add spaces

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.