Reputation: 102
SQL with Visual C#: Incorrect syntax near ''
I keep on getting an sql exception error that states:
Incorrect syntax near 'Bsc.'.
This error happens at the line I have indicated with a comment.
'Bsc' is the value of val1 that has been parsed?
I have tried all means to resolve the error but I am not sure what's the problem,
public Marksheet(object val1, object val2, object val3, object val4)
{
InitializeComponent();
string connectionString = null;
SqlConnection conn;
connectionString = "Server=localhost\\SQLEXPRESS;Integrated security=SSPI;database=jms";
SqlDataAdapter sda = new SqlDataAdapter("Select s.course_abbreviation, s.course_name, s.month_of_admission, s.year_of_admission from students s where exists (select 1 from units_allocation ua where s.course_abbreviation=ua.'"+val1+"' and s.course_name=ua.'"+val2+"' and s.month_of_admission=ua.'"+val3 +"' and s.year_of_admission=ua.'"+val4+"'", connectionString);
conn = new SqlConnection(connectionString);
DataTable dt5 = new System.Data.DataTable();
sda.Fill(dt5); // Error occurs here
gridControl1.DataSource = dt5;
}
The sql query is an inner join between students table and units_allocated table.
I am fetching records from students table where the 4 fields are equal...
The above function is in different form and which is called by the following:
object val1;
object val2;
object val3;
object val4;
private void gridView1_RowClick(object sender, RowClickEventArgs e)
{
int rowHandle = e.RowHandle;
val1 = gridView1.GetRowCellValue(rowHandle, gridView1.Columns[2]);
val2 = gridView1.GetRowCellValue(rowHandle, gridView1.Columns[3]);
val3 = gridView1.GetRowCellValue(rowHandle, gridView1.Columns[4]);
val4 = gridView1.GetRowCellValue(rowHandle, gridView1.Columns[5]);
Marksheet marksheet = new Marksheet(val1, val2, val3, val4);
marksheet.Show();
}
I want to output a gridview/table in the second form with student records having 4 field values to the one I am clicking.
I am passing column values and expecting records from students table with fields registration_no, first_name, last_name, cat1_marks, cat2_marks, exam_marks and overall_marks.
Upvotes: 0
Views: 304
Answers (2)
Reputation: 49984
It seems you are trying to match on column names and your val variables contain the names of those columns, so you need to remove the single quotes - the quotes are only necessary if trying to match on an explicit value.
where s.course_abbreviation=ua."+val1+"
so your query will look like this:
SqlDataAdapter sda = new SqlDataAdapter(
"Select s.course_abbreviation, s.course_name, s.month_of_admission, s.year_of_admission " +
"from students s " +
"where exists (select 1 from units_allocation ua " +
"where s.course_abbreviation=ua."+val1+" and s.course_name=ua."+val2+" and s.month_of_admission=ua."+val3 +" and s.year_of_admission=ua."+val4+""
, connectionString);
Of course the usual "you should never inject SQL parameters that way!" warning applies.
Edit:
if my previous assumption was incorrect, then the other issue you have is the table alias in your where clause - just remove it. But if you do that then your inner select still looks really wrong*. If we distill it down to just a straight SQL statement we have:
select s.course_abbreviation, s.course_name, s.month_of_admission, s.year_of_admission
from students s
where exists (
select 1
from units_allocation ua
where s.course_abbreviation='val1'
and s.course_name='val2'
and s.month_of_admission='val3'
and s.year_of_admission='val4'
)
This is a bit of a funny way to try to do an inner join. Why would you select from the units_allocation table by comparing students columns to explicit values?
You may be stuck because there is no direct link from units_allocation back to students, - in this case you will need to join via other tables as well. Your inner join should look something like this:
select s.*, ua.*
from students s
inner join units_allocation ua
on ua.[foreign_key_column] = s.[primary_key_column]
where s.course_abbreviation='val1'
and s.course_name='val2'
...etc...
Using an exists could be counterproductive the way you have it - it will return all rows in the outer query if the exists condition is satisfied.
*I'm a SQL generalist, not a specialist. So this exists() syntax for achieving an inner join may be totally wrong, I don't know unless I try it - which I haven't (and I've never written a join in that way).
Upvotes: 2
Reputation: 385
where s.course_abbreviation=ua.'"+val1+"'
Remove the ua. and it should fix it.
using x. in front of a variable in SQL tries to find the defination of a column.
Upvotes: 0
Related Questions
- How can I prevent SQL injection in PHP?
- How to concatenate text from multiple rows into a single text string in SQL Server
- How to add a column with a default value to an existing table in SQL Server?
- Find all tables containing column with specified name
- Finding duplicate values in a SQL table
- How do I UPDATE from a SELECT in SQL Server?
- How do I perform an IF...THEN in an SQL SELECT?
- How can I do an UPDATE statement with JOIN in SQL Server?
- LEFT JOIN vs. LEFT OUTER JOIN in SQL Server
- How can I delete using INNER JOIN with SQL Server?