Reputation: 1
Runtime Exception Incorrect Syntax Near '='
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="postreplyadmin.aspx.cs" Inherits="postreplay" MasterPageFile="~/AdminMaster.master" Title="Post-Reply Page"%>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<asp:Content ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
<%
String postid = Request.QueryString["id"];
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["civilRegDB"].ConnectionString);
con.Open();
String sql = "select * from Forumthread where PostID=" + postid;
SqlDataAdapter da=new SqlDataAdapter(sql,con);
DataSet ds=new DataSet();
da.Fill(ds);
DataRow drow = ds.Tables[0].Rows[0];
String name = drow["Name"].ToString();
String desc = drow["Description"].ToString();
DateTime dt = Convert.ToDateTime(drow["PostDate"].ToString());
String postdate = dt.ToString("dd/MM/yyyy",System.Globalization.CultureInfo.InvariantCulture );
String mailid = drow["Email"].ToString();
%>
</asp:content>
I'm getting a sqlexception while i'm trying to Reply to post. The error: Incorrect syntax near '='. I've looked around to find other questions similar to mine, but I can't find anything worth to me.
I'm getting Error on "da.fill(ds);". Anyone can help me out on this...:(
Upvotes: 0
Views: 262
Answers (3)
Reputation: 10020
Have u tried following as suggested in one of the answers
Replace String sql = "select * from Forumthread where PostID=" + postid;
with String sql = "select * from Forumthread where PostID='" + postid + "'";
OR:
If it does not work, then may be you will have to use int directly in query. For this, just get your queryString value in integer variable. Like:
int postid = Convert.ToInt32(Request.QueryString["id"]);
and
String sql = "select * from Forumthread where PostID=" + postid;
Upvotes: 0
Reputation: 223237
Your postid is a string it should be enclosed with single quotes '
String sql = "select * from Forumthread where PostID='" + postid +"'";
But better if you use SqlParameter to save yourself from SQL Injection.
Like:
String postid = Request.QueryString["id"];
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["civilRegDB"].ConnectionString);
con.Open();
String sql = "select * from Forumthread where PostID=@postID"; //parameter
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.AddWithValue("postID", postid);
SqlDataAdapter da = new SqlDataAdapter(cmd); // pass command to adapter
DataSet ds = new DataSet();
da.Fill(ds);
DataRow drow = ds.Tables[0].Rows[0];
String name = drow["Name"].ToString();
String desc = drow["Description"].ToString();
DateTime dt = Convert.ToDateTime(drow["PostDate"].ToString());
String postdate = dt.ToString("dd/MM/yyyy", System.Globalization.CultureInfo.InvariantCulture);
String mailid = drow["Email"].ToString();
Upvotes: 2
Reputation: 19407
postid from the query string probably does not have a value, and as a result the TSQL statement is invalid.
Add a check for whether the query string value is provided.
Also verify that it's value is in the range you expect and consider using prepared statements/parameters - Your current method is leaving you open to sql injection.
Upvotes: 1
Related Questions
- Syntax error: Missing operand before '=' operator
- Incorrect syntax near '='.
- error Incorrect syntax near
- Incorrect Syntax Near
- What's The Error In this code
- why am I getting this syntax error
- "Incorrect syntax near '='" runtime error c# asp.net
- Error in asp.net c# code
- System.Exception: Incorrect syntax I can't find the problem
- Runtime error