Martin Hall
Reputation: 81
Ad-hoc query string causes syntax error
I've created a website and a syntax error in my login system keeps occurring.
conn.Open();
int amountOfUsers = (int)command.ExecuteScalar();
if (amountOfUsers == 1)
{
//User exists, check if the password match
query = string.Format("SELECT password FROM users WHERE name = '{0}", login);
command.CommandText = query;
string dbPassword = command.ExecuteScalar().ToString();
Upvotes: 0
Views: 132
Answers (1)
ttaaoossuu
Reputation: 7894
You haven't closed the string identifier {0} with apostrophe in format string:
query = string.Format("SELECT password FROM users WHERE name = '{0}'", login);
But I strongly advise you not to use format strings with SQL as it's a nice security hole for SQL injections!
Upvotes: 2
Related Questions
- Unexpected token when creating a string expression?
- Problem with Syntax Error in SQL statement
- Incorrect syntax near parameter (C# with SQL)
- SQL Syntax error in C# string
- Incorrect syntax near some keyword in c# / sql
- SQL line returning an syntax error
- Error executing sql expression ASP
- syntax error in query
- C# Ado.net, Error: "There was an error parsing the query."
- Syntax error (missing operator) in query expression