943,663 Members | Top Members by Rank

Web Development > ASP.NET > Incorrect syntax near '='.
Ad:
  • ASP.NET Discussion Thread
  • Unsolved
  • Views: 2617
  • ASP.NET RSS
Permalink
Apr 30th, 2009
0

Incorrect syntax near '='.

Expand Post »
Hi there,

Im getting the error above, when i run my code.

         string myCommand = "SELECT * FROM Manager WHERE UserName=" + ID;

        SqlDataAdapter da = new SqlDataAdapter(myCommand, con);

        DataSet ds = new DataSet();

        try
        {
            con.Open();
            da.Fill(ds); // <- highlighting this part of the code..
        }
        finally
        {
            con.Close();
        }
        foreach (DataRow dr in ds.Tables[0].Rows)
        {
            txtUserName.Text = dr[1].ToString();

        }

    }
}

All i want to do is query the MS SQL database for data and extract row by row into an HTML table. This has proven to be a real pain in the neck. This simple function is sooo easy with PHP.

Please let me know if im on the right track, or if you can help with my error, i appreciate your help!

Thanks!
Last edited by RobertKramers; Apr 30th, 2009 at 10:37 am.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
RobertKramers is offline Offline
1 posts
since Apr 2009
Permalink
Apr 30th, 2009
0

Re: Incorrect syntax near '='.

try to change your code to :

string myCommand = "SELECT * FROM Manager WHERE UserName= ID";

it should work if it doesn't try more alternatives. [/I]
Reputation Points: 10
Solved Threads: 0
Newbie Poster
mrGee is offline Offline
6 posts
since Apr 2009
Permalink
Apr 30th, 2009
0

Re: Incorrect syntax near '='.

Try enclosing your ID value in single quotes.
ASP.NET Syntax (Toggle Plain Text)
  1. string myCommand = "SELECT * FROM Manager WHERE UserName='" + ID + "'";
Moderator
Featured Poster
Reputation Points: 3239
Solved Threads: 838
Posting Genius
Ezzaral is offline Offline
6,756 posts
since May 2007
Permalink
Apr 30th, 2009
0

Re: Incorrect syntax near '='.

you need a space before and after the "=" sign. That may help.

Only enlcose your ID value in single quotes if is a text value.
Reputation Points: 22
Solved Threads: 9
Junior Poster
ninjaimp is offline Offline
129 posts
since Apr 2008
Permalink
May 2nd, 2009
0

Re: Incorrect syntax near '='.

I would highly recommend against building your queries dynamically like this. You should use parameterized SQL for security and performance reasons, please see:
http://www.daniweb.com/forums/thread176306.html

Here is sample code for your situation:
ASP.NET Syntax (Toggle Plain Text)
  1. private void simpleButton1_Click(object sender, EventArgs e)
  2. {
  3. 	const string connStr = @"Data Source=apex2006sql;Initial Catalog=Leather;Integrated Security=True;";
  4. 	const string query = "Select * From Invoice Where InvNumber = @InvNumber";
  5. 	const int invNumber = 1100;
  6.  
  7. 	DataSet ds = new DataSet();
  8.  
  9. 	using (SqlConnection conn = new SqlConnection(connStr))
  10. 	{
  11. 		conn.Open();
  12. 		using (SqlCommand cmd = new SqlCommand(query, conn))
  13. 		{
  14. 			cmd.Parameters.Add("@InvNumber", SqlDbType.Int).Value = invNumber;
  15. 			using (SqlDataAdapter da = new SqlDataAdapter(cmd))
  16. 			{
  17. 				da.Fill(ds);
  18. 			}
  19. 		}
  20. 		conn.Close();
  21. 	}
  22. }
Featured Poster
Reputation Points: 1749
Solved Threads: 735
Senior Poster
sknake is offline Offline
3,948 posts
since Feb 2009
Permalink
May 2nd, 2009
1

Re: Incorrect syntax near '='.

CHECK THAT YOUR ID CONTAINS A VALUE OR NOT. I THINK YOUR ID DOES NOT CONTAIN VALUE... So THAT YOUR QUERY WILL BE LIKE WHERE ...= SO WHEN YOU EXECUTE THE QUERY GETS THIS ERROR.
Reputation Points: 26
Solved Threads: 44
Posting Whiz in Training
mail2saion is offline Offline
247 posts
since Apr 2009
Permalink
May 2nd, 2009
0

Re: Incorrect syntax near '='.

Click to Expand / Collapse  Quote originally posted by mail2saion ...
CHECK THAT YOUR ID CONTAINS A VALUE OR NOT. I THINK YOUR ID DOES NOT CONTAIN VALUE... So THAT YOUR QUERY WILL BE LIKE WHERE ...= SO WHEN YOU EXECUTE THE QUERY GETS THIS ERROR.
This also gives another reason why parameterized queries should be used, because in the case of a blank ID it would run the query looking for null.
Featured Poster
Reputation Points: 1749
Solved Threads: 735
Senior Poster
sknake is offline Offline
3,948 posts
since Feb 2009
Permalink
May 3rd, 2009
0

Re: Incorrect syntax near '='.

Totally agree with SKnake on this, any kind of attempt to use dynamic sql should include thorough checking for SQL injection attempts.

The solution is as stated that the parameter is text and should be enclosed in single quotes spaces around the equals will make no difference at all, if the parameter potentially could contain Unicode text like Japanese or Chinese characters it should also be prefixed with an N to let SQL server know that the contents could be of the NVARCHAR type.
Reputation Points: 68
Solved Threads: 9
Junior Poster
sedgey is offline Offline
130 posts
since Jan 2007
Permalink
Mar 27th, 2011
0
Re: Incorrect syntax near '='.
Click to Expand / Collapse  Quote originally posted by ninjaimp ...
you need a space before and after the "=" sign. That may help.

Only enlcose your ID value in single quotes if is a text value.
THANKYOU very much for this, it fixed my issue!!!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Kwad_Kore is offline Offline
1 posts
since Jan 2011

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in ASP.NET Forum Timeline: How to publish asp.net website in iis?
Next Thread in ASP.NET Forum Timeline: identification of row in table





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC