0

This code when used in MS-Access is running and updating in property, but when using through database it's giving syntax error

string item = dataGridView1.SelectedRows[0].Cells[0].Value.ToString();

string h="update Follow_Date set Current_Date='" + dateTimePicker1.Value.ToLongDateString() + "', Current_Time='" + dateTimePicker3.Value.ToLongTimeString() + "', Type='" +
                            comboBox1.SelectedItem.ToString() + "', Remarks='" +
                            textBox1.Text + "', Next_Follow_Date='" + dateTimePicker2.Value.ToLongDateString()+ "' where Follow_Id='" +
                            item.ToString() +"'";

OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\lernovo\Documents\JDB.mdb");

con.Open();

OleDbCommand cmd = new OleDbCommand(h, con);
cmd.ExecuteNonQuery();

Error is syntax error.

Improve this question
3
  • 1
    Try to use parameterized queries. Commented Jul 6, 2013 at 6:36
  • 1
    I would strongly advice you to move away from the approach of using string concatenation when creating sql queries. This is a sql injection disaster waiting to happen Commented Jul 6, 2013 at 6:37
  • What syntax error? What the error line says? Commented Jul 6, 2013 at 6:38

2 Answers 2

Reset to default
3 
string item = dataGridView1.SelectedRows[0].Cells[0].Value.ToString();

string h="update Follow_Date set @Current_Date, @Current_Time, @Type, @Remarks, @Next_Follow_Date where @Follow_Id";

try
{
Using (OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\lernovo\Documents\JDB.mdb"))
{
  con.Open();

  Using (OleDbCommand cmd = new OleDbCommand(h, con))
  {    
    cmd.Parameters.Add("Current_Date", dateTimePicker1.Value.ToLongDateString());
    cmd.Parameters.Add("Current_Time", dateTimePicker3.Value.ToLongTimeString());
    cmd.Parameters.Add("Remarks", textBox1.Text);
    cmd.Parameters.Add("Type", comboBox1.SelectedItem.ToString());
    cmd.Parameters.Add("Next_Follow_Date", dateTimePicker2.Value.ToLongDateString());
    cmd.Parameters.Add("Follow_Id", item.ToString());
    cmd.ExecuteNonQuery();
  }
}
}
catch(SQLException ex)
{
System.Console.WriteLine(ex.Message, ex.StackaTrace)
}

You're not closing your Database connection and try to use Parameter instead of concatenation(Probe to SQL Injection).

Catch your error message and it trace it using StackTrace. Try to use Using statement to dispose object properly.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Looks like a trivial mistake...

You must have to open the db connection before executing queries on it..

conn=new conn(db param);
try
{
  conn.open()
}
catch(Exception e)
{
  e.getMessage();
}
Improve this answer

2 Comments

Not downvoting but he have already opened the connection. See the question properly.
sir it's writtent con.Open()

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.