how i insert values from list of Data Grid View?

Question

it show me this error Incorrect syntax near the keyword 'Select' to make to clear Employee ID in this case is FK in the table (Attendance detail) and the other thing is i am using Data Grid View from another table(Employee information) to Show the list of the staff in my form. then i want to transfer each selected cell value from Data Grid View to attendance detail table. 10q

    private void time_in_Click(object sender, EventArgs e)
    {
        employee_InformationDataGridView.SelectedCells[0].Style.ForeColor = Color.Green;

            time_in.Enabled = false;
            time_out.Enabled = true;

            con = new SqlConnection(GlobalClass.conn);
            con.Open();
            SqlCommand cmd = new SqlCommand("Insert into Attendancedetail  Values(" + "Select from  EmployeeInformation(EmployeeID)" + ",'" + employee_InformationDataGridView.SelectedCells[0] + "','" + DateTime.Now.ToLongDateString() + "','" + null + "','" + null + "','" + DateTime.Now.ToLongTimeString() + "'," + null + ")", con);
            int i = cmd.ExecuteNonQuery();
            MessageBox.Show(i.ToString() + " record inserted");
    }

Answer 1

Consider using parameterized queries. Writing code like this will result in sql injection.

http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html

Answer 2

I agree with @Darin, but the full syntax is

Insert into Attendancedetail (columns list) select columns list from EmployeeInformation where employeeid = ' selected cells value'

The Values keyword is not used in such a statement. The 1st columns list is optional if the Select returns all needed columns.

See another question for more examples

Answer 3

The syntax of your SQL query is wrong. A SELECT statement requires you to specify the columns you want to return. For example:

SELECT EmployeeID FROM EmployeeInformation