Incorrect syntax near 's'. Unclosed quotat

2019-08-24 15:15发布

I'm creating a website using asp.net and inbuilt database and I'm trying to solve this error for 2 hours now. I'm using string concatenation in my query. Raw query : insert into Account holder values('Yash','Gadhvi','MJShinichi','Who is your favorite actor/Actress?','Yui Aragaki');

      String MyCommand = "insert into AccountHolder values('  "+FNameBox.Text+"  ','  "+LNameBox.Text+"  ','  "+UName.Text+"  ','  "+PassMe.Text+"  ','  "+Qs.Text+"  ','  "+As.Text+"  ')";
    SqlCommand adder = new SqlCommand(MyCommand,sqlcon);
    sqlcon.Open();
    int exe = adder.ExecuteNonQuery();
    sqlcon.Close();

Can't use parameterized query because there is no procedure, other than that I've tried literally everything (blank spaces between ' and " are to separate single and double quotations). I've searched around on the internet but it didn't help much.... The best what it gave me was compilation error.

标签： sql asp.net visual-studio-2012

1条回答

贪生不怕死

2楼-- · 2019-08-24 15:43

Replace your code for this:

String MyCommand = "insert into AccountHolder values(@FNameBox, @LNameBox, @UName, @PassMe, @Qs, @As)";
SqlCommand adder = new SqlCommand(MyCommand, sqlcon);
adder.Parameters.AddWithValue("@FNameBox", FNameBox.Text);
adder.Parameters.AddWithValue("@LNameBox", LNameBox.Text);
adder.Parameters.AddWithValue("@UName", UName.Text);
adder.Parameters.AddWithValue("@PassMe", PassMe.Text);
adder.Parameters.AddWithValue("@Qs", Qs.Text);
adder.Parameters.AddWithValue("@As", As.Text);   
sqlcon.Open();
int exe = adder.ExecuteNonQuery();
sqlcon.Close();

If you insist continue the insert without parameters, check your data you probably have a ' inside the data.

0人赞添加讨论(0) 举报

Incorrect syntax near 's'. Unclosed quotat

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间