CODEWITHSUNDEEP
c#asp.netsql-server
emilios
emilios

Reputation: 375

SQL error in asp.net

if you please help me i am having a problem in sql code asp.net C#.

my error is:

System.Data.SqlClient.SqlException was unhandled by user code
Message=Incorrect syntax near ')'.

and my query code goes as follows:

string query = @"insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID,Deitails) 
                             values(" + 0 + "," + ListBox4.SelectedValue +"," + ListBox1.SelectedValue + "," + null + ")";

Upvotes: 0

Views: 152

Answers (5)

Daryl Wenman-Bateson
Daryl Wenman-Bateson

Reputation: 3964

Try putting the null within the speech marks so the end looks like ",null)";

Upvotes: 1

Icarus
Icarus

Reputation: 63972

Yes, as everybody else said already, you can't use null the way you are doing it but there are more serious issues than that:

  1. Your sql statement is prone to SQL Injection attacks because you are not parametrizing your query

  2. If you are not inserting a value into a column, simply don't list the column! This will work:

    string query = @"insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID) values(" + 0 + "," + ListBox4.SelectedValue +"," + ListBox1.SelectedValue +")";

Upvotes: 5

Jason Turan
Jason Turan

Reputation: 1352

What you are doing with this example is you are creating a SQL string that you plan on sending to the Database that will be executed there. When you are making your string the result of the string is something like...

"insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID,Deitails) values(0, someValueFromListbox4,someOtherValueFromListbox1,)"

You will notice that the final parameter is missing. To fix this try this...

string query = @"insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID,Deitails) 
                     values(" + 0 + "," + ListBox4.SelectedValue +"," + ListBox1.SelectedValue + ",NULL)";

Here is another example using string.format which I would reccommend

string query = String.format("Insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID,Deitails) Values(0,{0},{1},NULL)", ListBox4.SelectedValue, ListBox1.SelectedValue);

Upvotes: 1

Josh Darnell
Josh Darnell

Reputation: 11433

I think the null is probably making things angry:

string query = @"insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID,Deitails) 
                   values(0," + ListBox4.SelectedValue +"," + ListBox1.SelectedValue + ",null)";

You'll notice I made your 0 part of the string and made the null part of the string (instead of concatenating integer 0 and a NULL value with the string)

Upvotes: 1

KV Prajapati
KV Prajapati

Reputation: 94653

You can't insert null like that way. Use parameterized query.

string query = "insert into ReviewPaper(Overall_Rating,Paper_ID,Conference_Role_ID,Deitails)
                values (@overall_rating,@paper_id,@conference_role_id,@details)";

cmd=new SqlCommand(query,cn);
cmd.Parameters.AddWithValue("@overall_rating",0);
cmd.Parameters.AddWithVaule("@paper_id",ListBox2.SelectedValue);
cmd.Parameters.AddWithValue("@conference_role_id",Listbox1.SelectedValue);
cmd.Parameters.AddWithValue("@details",DBNull.Value);

Upvotes: 7

Related Questions