SqlDataAdapter.Fill() incorrect syntax near "=" C#

Question

I am getting this error

Incorrect syntax near "="

I am getting this error on the line

sda.Fill(dt); 

I can't figure out what mistake I have made. I went through many articles but none of them can help me with my problem.

SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\TECHNOGEEKZ\Desktop\USSv0.1\USSv0.1\USSv0.1\db\Database.mdf;Integrated Security=True");

con.Open();

SqlDataAdapter sda = new SqlDataAdapter("SELECT name FROM attachments WHERE idno = " + comboBox1.Text + "", con);

DataTable dt = new DataTable();
sda.Fill(dt);

comboBox2.DataSource = dt;
comboBox2.DisplayMember = "name";
comboBox2.ValueMember = "name";

Database table looks like

CREATE TABLE [dbo].[attachments] 
(
    [Id]       INT           IDENTITY (1, 1) NOT NULL,
    [idno]     INT           NULL,
    [name]     VARCHAR (MAX) NULL,
    [location] VARCHAR (MAX) NULL
);

Can somebody solve this error? Where exactly is the error in this code?

Answer 1

First, try to return comboBox1.Text, to see whether which value it returns. Let say it returns a empty, null value or not an integer number, your query will be wrong.

Second, instead of passing directly comboBox1.Text to your SQL query, you should use parameter.

It helps to reduce ridiculous error like you have currently, as well as preventing SQL injection.

Change your sda to:

SqlDataAdapter sda = new SqlDataAdapter("SELECT name FROM attachments WHERE idno = @idNo", con);

sda.SelectCommand.Parameters.AddWithValue("@idNo",comboBox1.Text);