CODEWITHSUNDEEP
c#oracle-database
Fatemeh Hojjati
Fatemeh Hojjati

Reputation: 59

error in c# :One Or More Error Messages Occurred During Processing Of Command

this is my code:

OleDbConnection con = new OleDbConnection();
con.ConnectionString = "Provider=MSDAORA;Data Source=data;Password=ss8_pakhsh;User ID=SHIFTS_N";
            con.Open();
int MAXID = 1175;
 MAXID++;
string sqlcommand = "INSERT INTO GROUPS(GROUP_ID, GROUP_NAME,DEPT_ID) " +
                              "VALUES(" + MAXID + ",'"
                              + textBox1.Text +
                             "', SELECT DEPT_ID FROM PERSONNEL_TEMP.DEPARTMENT WHERE DEPARTMENT_NAME="+comboBox1.Text;
 OleDbDataAdapter oda = new OleDbDataAdapter(sqlcommand, con);
            oda.Fill(dt);
            con.Close();

while i running it ,gets this error :

One or more errors occurred during processing of command.

i think my query has problem because when i enter it on TOAD editor(for oracle) gets me this error:

ORA-00936: missing expression

Upvotes: 1

Views: 938

Answers (2)

Nagaraj S
Nagaraj S

Reputation: 13474

You were missing quotes and paranthesis in your query.

SQL Injection Alert

To avoid this you should use Parameterized queries as like follows

string sqlcommand ="INSERT INTO GROUPS(GROUP_ID, GROUP_NAME,DEPT_ID)  
                           VALUES(?,?,SELECT DEPT_ID FROM PERSONNEL_TEMP.DEPARTMENT WHERE DEPARTMENT_NAME=?)";
OleDbConnection oledbConnection = new OleDbConnection(con);
OleDbCommand oledbCommand = new OleDbCommand(sqlcommand , oledbConnection);
oledbCommand.Parameters.AddWithValue("?", txtquotationno.Text);
oledbCommand.Parameters.AddWithValue("?", cmbjobcode.Text);
oledbCommand.Parameters.AddWithValue("?", comboBox1.Text);
OleDbDataAdapter oda  = new OleDbDataAdapter(oledbCommand);
DataTable dt= new DataTable();
oda.Fill(dt);

Upvotes: 2

Mairaj Ahmad
Mairaj Ahmad

Reputation: 14604

You need to put your select query in braces as you are selecting this from another table so this shoould be in (). Also Department_Name looks of type varcharso its value should be in single quotes. Change your query like this.

string sqlcommand = "INSERT INTO GROUPS(GROUP_ID, GROUP_NAME,DEPT_ID) " +
                              "VALUES(" + MAXID + ",'"
                              + textBox1.Text +
                             "',(SELECT DEPT_ID FROM PERSONNEL_TEMP.DEPARTMENT WHERE DEPARTMENT_NAME='"+comboBox1.Text+"'"));

Also use parameterized query to prevent sql injection.

Upvotes: 0

Related Questions