CODEWITHSUNDEEP
sqlado.net
George Ian Guy Marsden
George Ian Guy Marsden

Reputation: 25

SQL line returning an syntax error

I'm trying to make a datagrid view that returns records for a certain user after today. The column names are correct. But it's giving me an error reading "incorrect syntax near '>'"

here is the code.

txtdate.Text = DateTime.Today.ToString("dd-MM-yyyy");
SqlConnection conn = Database.GetConnection();
SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime=>"+txtdate , conn);

Upvotes: 1

Views: 85

Answers (4)

Joachim Isaksson
Joachim Isaksson

Reputation: 181047

There are a few problems;

new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" +
                IDBox1.Text+"AND ScheduledDateTime=>"+txtdate , conn);

You forgot a space before AND, and the operator greater than or equal is >=, not =>;

new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" +
                IDBox1.Text+" AND ScheduledDateTime>="+txtdate , conn);

Also, you're not quoting the strings you're injecting into the SQL, you need to surround them by ';

new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID='" +
                IDBox1.Text+"' AND ScheduledDateTime>='"+txtdate+"'" , conn);

This query should run, but will still be vulnerable to SQL injection. You should really look into using parameters for your SQL commands instead of building SQL parameters as strings.

Upvotes: 2

Milen
Milen

Reputation: 8877

You've got the sequence wrong first > then = in you last where condition..

txtdate.Text = DateTime.Today.ToString("dd-MM-yyyy");


        SqlConnection conn = Database.GetConnection();
        SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime>="+txtdate , conn);

Upvotes: 0

Jonny
Jonny

Reputation: 2519

Do you want greater than or equals?

SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+"AND ScheduledDateTime>="+txtdate , conn);

Just put the equals and the greater than the other way around.

Upvotes: 0

valex
valex

Reputation: 24144

As soon ScheduledDateTime is a datetime field you should compare it with a for example a string constant so you should add ' around this constant.

And also change => to >=

SqlCommand cmd = new SqlCommand("SELECT * FROM HomeCareVisit WHERE MedicalStaffID=" + IDBox1.Text+" AND ScheduledDateTime>='"+txtdate+"'" , conn);

Upvotes: 1

Related Questions