1

I'm trying to make a datagrid view that returns records for a certain user after today. The column names are correct. But it's giving me an error reading "incorrect syntax near '>'"

here is the code.

txtdate.Text = DateTime.Today.ToString("dd-MM-yyyy");
SqlConnection conn = Database.GetConnection();
SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime=>"+txtdate , conn);
Improve this question
4
  • try this ("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime>="+txtdate , conn) Commented Aug 16, 2013 at 10:59
  • technet.microsoft.com/en-us/library/ms174134(v=sql.105).aspx first > then = Commented Aug 16, 2013 at 11:00
  • You might want to read up on how to use parameters with SqlCommand: msdn.microsoft.com/en-us/library/… Commented Aug 16, 2013 at 11:05
  • with that the syntax error changed to "incorrect syntax near ','" Commented Aug 16, 2013 at 11:16

4 Answers 4

Reset to default
2

There are a few problems;

new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" +
                IDBox1.Text+"AND ScheduledDateTime=>"+txtdate , conn);

You forgot a space before AND, and the operator greater than or equal is >=, not =>;

new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" +
                IDBox1.Text+" AND ScheduledDateTime>="+txtdate , conn);

Also, you're not quoting the strings you're injecting into the SQL, you need to surround them by ';

new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID='" +
                IDBox1.Text+"' AND ScheduledDateTime>='"+txtdate+"'" , conn);

This query should run, but will still be vulnerable to SQL injection. You should really look into using parameters for your SQL commands instead of building SQL parameters as strings.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1 for pointing out the injection problem, was just about to post an answer about that as well but you beat me to it :)
it's not giving any errors, but it's not showing the results in the datagridview. The second i remove the ""' AND ScheduledDateTime>='"+txtdate+"'" " bit it shows the records in the datagride view. I don't know what's up with it. but you seem inteligent.
@GeorgeIanGuyMarsden The problem when building SQL queries as strings is that if the date format of the web server and the database differ, you may not get any hits comparing dates as strings. If you add the date as a parameter instead, that problem won't exist.
1

As soon ScheduledDateTime is a datetime field you should compare it with a for example a string constant so you should add ' around this constant.

And also change => to >=

SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+" AND ScheduledDateTime>='"+txtdate+"'" , conn);
Improve this answer

3 Comments

it's not giving any errors, but it's not showing the results in the datagridview
@GeorgeIanGuyMarsden: What DataBase you use? It's important when you use String->DateTime conversion to select "dd-MM-yyyy" format or another.
ok, well I changed for format, here are records. but some of these dates are before today. Where as the SQL command asks for only records of today and after. what can i do?
0

Do you want greater than or equals?

SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime>="+txtdate , conn);

Just put the equals and the greater than the other way around.

Improve this answer

1 Comment

it's not giving any errors, but it's not showing the results in the datagridview
0

You've got the sequence wrong first > then = in you last where condition..

txtdate.Text = DateTime.Today.ToString("dd-MM-yyyy");


        SqlConnection conn = Database.GetConnection();
        SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime>="+txtdate , conn);
Improve this answer

1 Comment

it's not giving any errors, but it's not showing the results in the datagridview

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.