0

I'm trying to fix the code of an insert button. It's a button that inserts data into the database.

Here is my code :

 private void button2_Click(object sender, EventArgs e)
 {
        SqlConnection sqlCon = new SqlConnection(ConfigurationManager.ConnectionStrings["conn"].ConnectionString);

        SqlCommand cmd = new SqlCommand();

        SqlDataReader reader;

        sqlCon.Open();

        // string requete = "INSERT INTO [RECAP] VALUES ('" + textBox1.Text + "''" + textBox2.Text + "''" + comboBox2.SelectedValue + "''" + comboBox3.SelectedValue + "''" + textBox5.Text + "''" + textBox6.Text + "''" + Global.Global.GolbVar + "''" + DateTime.Now.ToShortDateString() + "');";
        string requete = "INSERT INTO dbo.RECAP(code_reseau, tot_dcl, mont_debou, gch_dep, typ_port, mois, annee, emt_dep, utilisateur, date_maj) VALUES ('" + textBox1.Text + "', " + textBox5.Text + "," + textBox6.Text + "," + comboBox2.SelectedValue + "," + comboBox3.SelectedValue + "," +0+ "," +0+ "," +0+ "," + 0 + "," + 0 + ")";

        cmd = new SqlCommand(requete, sqlCon);
        cmd.ExecuteNonQuery();

        MessageBox.Show("Ajouté !");
        sqlCon.Close();
}

Every time I try to run this it generates an exception that says

Incorrect syntax near ','

Improve this question
4
  • I believe your Values bracket syntax is where it went wrong. For example, VALUES ('" + should be VALUES ("'" + Commented Aug 31, 2016 at 1:45
  • @KeyurPATEL you're not looking at the full code. Your suggestion is wrong. Commented Aug 31, 2016 at 1:49
  • @Fatima, Console.WriteLine(requete); and make sure your query looks like what you think it should. It's possible that something in one of your textboxes is causing this error. You should also probably include single quotes ' around each value : ... + "', '" + ... Commented Aug 31, 2016 at 1:50
  • SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Aug 31, 2016 at 4:28

2 Answers 2

Reset to default
4

Try replacing 

string requete = "INSERT INTO dbo.RECAP(code_reseau,tot_dcl,mont_debou,gch_dep,typ_port,mois, annee, emt_dep,utilisateur,date_maj) VALUES ('" + textBox1.Text + "', " + textBox5.Text + "," + textBox6.Text + "," + comboBox2.SelectedValue + "," + comboBox3.SelectedValue + "," +0+ "," +0+ "," +0+ "," + 0 + "," + 0 + ")";

with

SqlCommand com = new SqlCommand("INSERT INTO RECAP (code_reseau, tot_dcl, mont_debou, gch_dep, typ_port,mois, annee, emt_dep, utilisateur, date_maj) VALUES(@txt1, @txt5, @txt6, ,@combo2, @combo3, 0, 0, 0, 0, 0)", sqlCon);
            com.Parameters.AddWithValue("@txt1", textBox1.Text);
            com.Parameters.AddWithValue("@txt5", textBox5.Text);
            com.Parameters.AddWithValue("@txt6", textBox6.Text);
            com.Parameters.AddWithValue("@combo2", comboBox2.SelectedValue);
            com.Parameters.AddWithValue("@combo3", comboBox3.SelectedValue);

and see if that works

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

actually it doesn't ...again an exception that says "ExecuteNonQuery: the Connection property has not been initialized."
0

Check if the below

  • textBox5.Text
  • textBox6.Text
  • comboBox2.SelectedValue
  • comboBox3.SelectedValue

are all numeric type.

As they are not passed in single quotes, so either their values should be convertible to a number (and the respective column is also of that type) or they are causing the error as some text is inserted in the SQL statement without any quotes around it.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.