0

Might be an easy question, but I'm very new to ASP.net and I keep getting the exception

There was an error parsing the query. [ Token line number = 1,Token line offset = 142,Token in error = ]

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlServerCe.SqlCeException: There was an error parsing the query. [ Token line number = 1,Token line offset = 142,Token in error = ]

All I'm trying to do is get my grid view to only display results that are similar to whatever the user puts in the text box.

protected void Button1_Click(object sender, EventArgs e)
{
   string query = TextBox1.Text;
   string sql = "SELECT [Username], [Job Description] AS Job_Description, [Hours Worked] AS Hours_Worked, [Date], [ID] FROM [TimeData]"; // this one works fine 

   string sql2 = "SELECT [Username], [Job Description] AS Job_Description, [Hours Worked] AS Hours_Worked, [ID], [Date] FROM [TimeData] WHERE ([Username] == '" +query + "'";
   Response.Write("done");
   SqlDataSource1.SelectCommand = sql2;
}

I'm using a datasource from a local .SDF file.

Thanks in advance

Improve this question
2
  • 1
    You are open to SQL injection, so you need to use parameters in that second query. There are plenty of answers about that on SO. Also, your query is wrong. You can remove the ( from your WHERE clause and it will be = not ==. Commented Feb 8, 2013 at 20:42
  • Thanks I'll look into once I figure out how to update the selected attribute in the gridview . Commented Feb 8, 2013 at 20:58

2 Answers 2

Reset to default
3

Looks like you're missing a closing parentheses at the end of sql2

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yeah I had to remove the = and add a ). I feel dumb. Thanks
2

As @Adam states your are missing a closing parenthesis. Also, change "==" to "=" for SQL.

However, adding the username (query var) directly into the SQL opens your appklication to a SQL injection attack. You should use SQL parameters, see the http://www.dotnetperls.com/sqlparameter example.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.