Invalid column name sql error
I am trying to enter data into my database, but it is giving me the following error:
Invalid column name
Here\'s my code
<-
You problem is that your string are unquoted. Which mean that they are interpreted by your database engine as a column name.
You need to create parameters in order to pass your value to the query.
cmd.CommandText = "INSERT INTO Data (Name, PhoneNo, Address) VALUES (@Name, @PhoneNo, @Address);"; cmd.Parameters.AddWithValue("@Name", txtName.Text); cmd.Parameters.AddWithValue("@PhoneNo", txtPhone.Text); cmd.Parameters.AddWithValue("@Address", txtAddress.Text);讨论(0) -
You should never write code that concatenates SQL and parameters as string - this opens up your code to SQL injection which is a really serious security problem.
Use bind params - for a nice howto see here...
讨论(0) -
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows; using System.Windows.Controls; using System.Windows.Data; using System.Windows.Documents; using System.Windows.Input; using System.Windows.Media; using System.Windows.Media.Imaging; using System.Windows.Navigation; using System.Windows.Shapes; using System.Data.SqlClient; using System.Data; namespace WpfApplication1 { /// <summary> /// Interaction logic for MainWindow.xaml /// </summary> public partial class MainWindow : Window { public MainWindow() { InitializeComponent(); } private void btnAdd_Click(object sender, RoutedEventArgs e) { SqlConnection conn = new SqlConnection(@"Data Source=WKS09\SQLEXPRESS;Initial Catalog = StudentManagementSystem;Integrated Security=True"); SqlCommand insert = new SqlCommand("insert into dbo.StudentRegistration(ID, Name,Age,DateOfBirth,Email,Comment) values(@ID, @Name,@Age,@DateOfBirth,@mail,@comment)", conn); insert.Parameters.AddWithValue("@ID", textBox1.Text); insert.Parameters.AddWithValue("@Name", textBox2.Text); insert.Parameters.AddWithValue("@Age", textBox3.Text); insert.Parameters.AddWithValue("@DateOfBirth", textBox4.Text); insert.Parameters.AddWithValue("@mail", textBox5.Text); insert.Parameters.AddWithValue("@comment", textBox6.Text); if (textBox1.Text == string.Empty) { MessageBox.Show("ID Cannot be Null"); return; } else if (textBox2.Text == string.Empty) { MessageBox.Show("Name Cannot be Null"); return; } try { conn.Open(); insert.ExecuteNonQuery(); MessageBox.Show("Register done !"); } catch (Exception ex) { MessageBox.Show("Error" + ex.Message); conn.Close(); } } private void btnRetrive_Click(object sender, RoutedEventArgs e) { bool temp = false; SqlConnection con = new SqlConnection("server=WKS09\\SQLEXPRESS;database=StudentManagementSystem;Trusted_Connection=True"); con.Open(); SqlCommand cmd = new SqlCommand("select * from dbo.StudentRegistration where ID = '" + textBox1.Text.Trim() + "'", con); SqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { textBox2.Text = dr.GetString(1); textBox3.Text = dr.GetInt32(2).ToString(); textBox4.Text = dr.GetDateTime(3).ToString(); textBox5.Text = dr.GetString(4); textBox6.Text = dr.GetString(5); temp = true; } if (temp == false) MessageBox.Show("not found"); con.Close(); } private void btnClear_Click(object sender, RoutedEventArgs e) { SqlConnection connection = new SqlConnection("Data Source=WKS09\\SQLEXPRESS;Initial Catalog = StudentManagementSystem;Integrated Security=True"); string sqlStatement = "DELETE FROM dbo.StudentRegistration WHERE ID = @ID"; try { connection.Open(); SqlCommand cmd = new SqlCommand(sqlStatement, connection); cmd.Parameters.AddWithValue("@ID", textBox1.Text); cmd.CommandType = CommandType.Text; cmd.ExecuteNonQuery(); MessageBox.Show("Done"); } finally { Clear(); connection.Close(); } } public void Clear() { textBox1.Text = ""; textBox2.Text = ""; textBox3.Text = ""; textBox4.Text = ""; } } }讨论(0) -
Code To insert Data in Access Db using c#
Code:-
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Data.SqlClient; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; namespace access_db_csharp { public partial class Form1 : Form { public Form1() { InitializeComponent(); } public SqlConnection con = new SqlConnection(@"Place Your connection string"); private void Savebutton_Click(object sender, EventArgs e) { SqlCommand cmd = new SqlCommand("insert into Data (Name,PhoneNo,Address) values(@parameter1,@parameter2,@parameter3)",con); cmd.Parameters.AddWithValue("@parameter1", (textBox1.Text)); cmd.Parameters.AddWithValue("@parameter2", textBox2.Text); cmd.Parameters.AddWithValue("@parameter3", (textBox4.Text)); cmd.ExecuteNonQuery(); } private void Form1_Load(object sender, EventArgs e) { con.ConnectionString = connectionstring; con.Open(); } } }讨论(0) -
Always try to use parametrized sql query to keep safe from malicious occurrence, so you could rearrange you code as below:
Also make sure that your table has column name matches to
Name,PhoneNo,Address.using (SqlConnection connection = new SqlConnection(connectionString)) { SqlCommand cmd = new SqlCommand("INSERT INTO Data (Name, PhoneNo, Address) VALUES (@Name, @PhoneNo, @Address)"); cmd.CommandType = CommandType.Text; cmd.Connection = connection; cmd.Parameters.AddWithValue("@Name", txtName.Text); cmd.Parameters.AddWithValue("@PhoneNo", txtPhone.Text); cmd.Parameters.AddWithValue("@Address", txtAddress.Text); connection.Open(); cmd.ExecuteNonQuery(); }讨论(0) -
You have to use
'"+texbox1.Text+"','"+texbox2.Text+"','"+texbox3.Text+"'Instead of
"+texbox1.Text+","+texbox2.Text+","+texbox3.Text+"Notice the extra single quotes.
讨论(0)
加载中...
- 热议问题