c# - Syntax error during inserting data using mysql -
c# - Syntax error during inserting data using mysql -
error:
incorrect syntax near 's'. unclosed quotation mark after charater string ');'.
the code:
private void btnadd_click(object sender, eventargs e) { sqlconnection cn = new sqlconnection(global::cimt.properties.settings.default.database2connectionstring); seek { string sql = "insert students(student_id,first_name,last_name,fathers_name,dob,mobile,address,post_code) values('"+this.txtid.text+"','"+this.txtfname.text+"','"+this.txtlname.text+"','"+this.txtfaname.text+"','"+this.txtdob.text+"','"+this.txtmob.text+"','"+this.txtaddress.text+"','"+this.txtpostcode.text+ "');"; sqlcommand exesql = new sqlcommand(sql, cn); cn.open(); exesql.executenonquery(); messagebox.show("add new record done !!" , "message" , messageboxbuttons.ok , messageboxicon.information); this.studentstableadapter.fill(this.database2dataset.students); } grab (exception ex) { messagebox.show(ex.message , "error", messageboxbuttons.ok, messageboxicon.error); } { cn.close(); } }
use parametrized queries guys told in comments, not avoids errors help avoid sql injection.
private void btnadd_click(object sender, eventargs e) { var cnstring = global::cimt.properties.settings.default.database2connectionstring; using (sqlconnection cn = new sqlconnection(cnstring)) { seek { cn.open(); using (var exesql = new sqlcommand( @"insert students(student_id ,first_name ,last_name ,fathers_name ,dob ,mobile ,address ,post_code) values(@student_id ,@first_name ,@last_name ,@fathers_name ,@dob ,@mobile ,@address ,@post_code);", cn)) { exesql.parameters.addwithvalue("@student_id", this.txtid.text); exesql.parameters.addwithvalue("@first_name", this.txtfname.text); exesql.parameters.addwithvalue("@last_name",this.txtlname.text ); exesql.parameters.addwithvalue("@fathers_name", this.txtfaname.text); exesql.parameters.addwithvalue("@dob", this.txtdob.text); exesql.parameters.addwithvalue("@mobile", this.txtmob.text); exesql.parameters.addwithvalue("@address", this.txtaddress.text); exesql.parameters.addwithvalue("@post_code", this.txtpostcode.text); exesql.executenonquery(); messagebox.show("add new record done !!" , "message" , messageboxbuttons.ok , messageboxicon.information); this.studentstableadapter.fill(this.database2dataset.students); } } grab (exception ex) { messagebox.show(ex.message , "error", messageboxbuttons.ok, messageboxicon.error); } } } read on sqlparameter class
c# mysql winforms
Comments
Post a Comment