Mostafa Mohamed Mansy
Reputation: 1
What is the error in this code?
I want to delplay the row in the richtextbox
private void button1_Click(object sender, EventArgs e) {
SqlConnection con = new SqlConnection("Data Source=MOSTAFA\\SQLEXPRESS;Initial Catalog=company;Integrated Security=True");
SqlCommand com = new SqlCommand("select * from data where id='"+textBox1.Text+"')",con);
con.Open();
SqlDataReader read = com.ExecuteReader();
if (read.Read())
richTextBox1.Text = "id" + read[0].ToString();
else
label3.Text=("The client didn't found");
}
Upvotes: 0
Views: 47
Answers (2)
user596075
Reputation:
You have an extra parenthesis in that SQL statement.
But more importantly, you are leaving yourself wide open for SQL Injection. To get around this devastating and easily avoidable issue is to use parameterized queries.
Upvotes: 0
squillman
Reputation: 13641
There's an error in your generated query. You have a closing parenthesis without an opening one. The line as you have it would produce:
select * from data where id='sometest')
which will yield a syntax error from SQL Server.
Try this instead:
SqlCommand com = new SqlCommand("select * from data where id='"+textBox1.Text+"'",con);
Upvotes: 2
Related Questions
- Can anyone help me with this SQL code error?
- SQL query error not working
- SQL what is wrong with the syntax here?
- SQL coding error
- Is this a syntax error?
- Not understanding why I am getting this error
- Error in query sql server 2005
- SQL Server : Getting the query raising an error
- What is wrong with the following statement?
- What is wrong with the code below