954,580 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

Incorrect syntax near '='.

Hi there,

Im getting the error above, when i run my code.

string myCommand = "SELECT * FROM Manager WHERE UserName=" + ID;

        SqlDataAdapter da = new SqlDataAdapter(myCommand, con);

        DataSet ds = new DataSet();

        try
        {
            con.Open();
            da.Fill(ds); <strong>// <- highlighting this part of the code..</strong>
        }
        finally
        {
            con.Close();
        }
        foreach (DataRow dr in ds.Tables[0].Rows)
        {
            txtUserName.Text = dr[1].ToString();

        }

    }
}


All i want to do is query the MS SQL database for data and extract row by row into an HTML table. This has proven to be a real pain in the neck. This simple function is sooo easy with PHP.

Please let me know if im on the right track, or if you can help with my error, i appreciate your help!

Thanks!

RobertKramers
Newbie Poster
1 post since Apr 2009
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

try to change your code to :

string myCommand = "SELECT * FROM Manager WHERE UserName= ID";

it should work if it doesn't try more alternatives.:icon_cool: [/I]

mrGee
Newbie Poster
6 posts since Apr 2009
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Try enclosing your ID value in single quotes.

string myCommand = "SELECT * FROM Manager WHERE UserName='" + ID + "'";
Ezzaral
Posting Genius
Moderator
15,986 posts since May 2007
Reputation Points: 3,250
Solved Threads: 847
 
3 Years Ago
0

you need a space before and after the "=" sign. That may help.

Only enlcose your ID value in single quotes if is a text value.

ninjaimp
Junior Poster
130 posts since Apr 2008
Reputation Points: 22
Solved Threads: 9
 
3 Years Ago
0

I would highly recommend against building your queries dynamically like this. You should use parameterized SQL for security and performance reasons, please see:
http://www.daniweb.com/forums/thread176306.html

Here is sample code for your situation:

private void simpleButton1_Click(object sender, EventArgs e)
{
	const string connStr = @"Data Source=apex2006sql;Initial Catalog=Leather;Integrated Security=True;";
	const string query = "Select * From Invoice Where InvNumber = @InvNumber";
	const int invNumber = 1100;

	DataSet ds = new DataSet();

	using (SqlConnection conn = new SqlConnection(connStr))
	{
		conn.Open();
		using (SqlCommand cmd = new SqlCommand(query, conn))
		{
			cmd.Parameters.Add("@InvNumber", SqlDbType.Int).Value = invNumber;
			using (SqlDataAdapter da = new SqlDataAdapter(cmd))
			{
				da.Fill(ds);
			}
		}
		conn.Close();
	}
}
sknake
Industrious Poster
4,954 posts since Feb 2009
Reputation Points: 1,764
Solved Threads: 735
 
3 Years Ago
Show Comments
1

CHECK THAT YOUR ID CONTAINS A VALUE OR NOT. I THINK YOUR ID DOES NOT CONTAIN VALUE... So THAT YOUR QUERY WILL BE LIKE WHERE ...= SO WHEN YOU EXECUTE THE QUERY GETS THIS ERROR.

mail2saion
Posting Whiz in Training
247 posts since Apr 2009
Reputation Points: 26
Solved Threads: 44
 
3 Years Ago
0
CHECK THAT YOUR ID CONTAINS A VALUE OR NOT. I THINK YOUR ID DOES NOT CONTAIN VALUE... So THAT YOUR QUERY WILL BE LIKE WHERE ...= SO WHEN YOU EXECUTE THE QUERY GETS THIS ERROR.


This also gives another reason why parameterized queries should be used, because in the case of a blank ID it would run the query looking for null.

sknake
Industrious Poster
4,954 posts since Feb 2009
Reputation Points: 1,764
Solved Threads: 735
 
3 Years Ago
0

Totally agree with SKnake on this, any kind of attempt to use dynamic sql should include thorough checking for SQL injection attempts.

The solution is as stated that the parameter is text and should be enclosed in single quotes spaces around the equals will make no difference at all, if the parameter potentially could contain Unicode text like Japanese or Chinese characters it should also be prefixed with an N to let SQL server know that the contents could be of the NVARCHAR type.

sedgey
Junior Poster
131 posts since Jan 2007
Reputation Points: 68
Solved Threads: 9
 
1 Year Ago
0

you need a space before and after the "=" sign. That may help.

Only enlcose your ID value in single quotes if is a text value.

THANKYOU very much for this, it fixed my issue!!!

Kwad_Kore
Newbie Poster
1 post since Feb 2011
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed