1

First let me tell you that i have searched at least a day long for awnsers, so i finally thought lets give this a try.

I am trying to create this shoppingcart for a schoolproject, but i am struggeling with the code. A teacher (sql) told me to check the database and there were some mistakes (not my fault). I fixed these small errors.

Now when i just do SELECT xxxx FROM xxx = no errors, everything show in the gridview. when i add the 2nd part i get a "Syntax error in FROM clause". adding the 3rd part and excluding 2nd part is same error.

Maybe the only thing i could come up with was this little thing in the database: Field properties General Indexed: Yes(No Duplicates)

its probably something minor, but it is driving me nuts, so any help is very much appreciated.

Here is the relevant code:

protected void Page_Load(object sender, EventArgs e)
        {
            if (Request.QueryString["add"] == null)
            {
                Response.Redirect("producten.aspx");
            }
            else
            {
                Label a = new Label();
                a.Text = Request.QueryString["add"];
                lbl_testing.Text = a.Text;

                OleDbConnection conn = new OleDbConnection();
                conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; "
                    + "Data Source=|DataDirectory|webwinkel.accdb";

                OleDbCommand cmd = new OleDbCommand();
                cmd.Connection = conn;
                cmd.CommandText = "SELECT prijs , product_id FROM Product" +
                                  "WHERE product_id ='" + lbl_testing.Text + "'";

                //"INSERT INTO Orderregels(prijsperstuk, product_id)" +

                try
                {
                    conn.Open();
                    OleDbDataReader reader = cmd.ExecuteReader();
                    Label1.Text = "";
                    GridView1.DataSource = reader;
                    GridView1.DataBind();
                    reader.Close();
                }
                catch (Exception exc)
                {
                    Label1.Text = exc.Message;
                }
                finally
                {
                    conn.Close();
                }
            }

        }
Improve this question

1 Answer 1

Reset to default
3

You have to add spaces between TableName and WHERE clause.

cmd.CommandText = "SELECT prijs , product_id FROM Product " 
                         + "WHERE product_id ='" + lbl_testing.Text + "'";

Use parameters to avoid such issues and SQL Injection.

  cmd.CommandText = "SELECT prijs , product_id FROM Product WHERE product_id=@productid";
  cmd.Parameters.Add("@productid",OleDbType.VarChar,10).Value=lbl_testing.Text;
  //if Id is `numeric` type then use
  //cmd.Parameters.Add("@productid",OleDbType.Integer.Value=lbl_testing.Text;
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

+1 Since you're using C#, use string literals to avoid annoyances like this. They can span multiple lines. @"select prijs ..."
You would benefit greatly from using parameters from the start. It's just a good habit and best practice.
@AVD , THANK YOU!!! i mean really you just relieved me from 2 days of stressing out. THANKS!!
@NinjaBomb they never teached us how. But yea, i will NOT forget the hard lesson learned

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.