0 
protected void DropDownServerName_SelectedIndexChanged(object sender, EventArgs e)
{
    SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["Database_Shared_NotebookConnectionString"].ConnectionString);

        conn.Open();

        string serverName = DropDownServerName.SelectedValue;

        string sqlquery = ("SELECT Architecture FROM tblServer WHERE (ServerName = " + serverName + ")");

        SqlCommand command = new SqlCommand(sqlquery, conn);

        txtUpdateArchitecture.Text = command.ExecuteScalar().ToString();

        conn.Close();
    }

The DropDownServerName aready connected to SQL Server using SqlDataSource to show list of values on ServerName column.

After I get select value called "Brad" and I want value from Architecture column from Brad to show up on textbox. However I got error say, Invalid column name "Brad". The column is suppose to be ServerName and Brad is just a value in ServerName column.

Improve this question

4 Answers 4

Reset to default
3

You need quote around your servername

string sqlquery = ("SELECT Architecture FROM tblServer WHERE (ServerName = '" + serverName + "')");

Or better still, use Parameterized query [it is safer, against SQL Injection and funny characters in string that can pollute your query]

string sqlquery = "SELECT Architecture FROM tblServer WHERE ServerName = @ServerName";

SqlCommand command = new SqlCommand(sqlquery, conn);
command.Parameters.AddWithValue("@ServerName", serverName);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Better yet, use parameters to avoid SQL injection.
nice , other are telling this guy to concatenate rather then telling him to use parameters
Maybe SO should have some algorithm to detect this and would redirect to stackoverflow.com/questions/601300/what-is-sql-injection or something similar :)
0

Try this instead. It should work with the single quotes.

string sqlquery = ("SELECT Architecture FROM tblServer WHERE ServerName = '" + serverName + "'");
Improve this answer

1 Comment

never concatenate like that , use paramaters
0

add ' ' around servername in the WHERE clause:

... WHERE ServerName = '" + serverName + "' ...
Improve this answer

1 Comment

never concatenate like that , use paramaters
0

You probably are missing single quotes around the variable. Try this

    protected void DropDownServerName_SelectedIndexChanged(object sender, EventArgs e)
{
    SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["Database_Shared_NotebookConnectionString"].ConnectionString);

        conn.Open();

        string serverName = DropDownServerName.SelectedValue;

        string sqlquery = ("SELECT Architecture FROM tblServer WHERE (ServerName = '" + serverName + "')");

        SqlCommand command = new SqlCommand(sqlquery, conn);

        txtUpdateArchitecture.Text = command.ExecuteScalar().ToString();

        conn.Close();
    }
Improve this answer

3 Comments

You have introduced more syntax error into that query with the wrong placement of the quotes. But I didn't downvote
@codingbiz thanks I have corrected it though my answer is not correct. Others have posted correct answer about using parameterized query instead of using single quotes in the same query.
Your answer is correct but is discouraged for security reason.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.