Share via

How to fix the error (incorrect syntax near ','. )

Soufiane Sahraoui 20 Reputation points
2023-05-12T21:19:26.3366667+00:00

incorrect syntax near ','.

I am working on a small program, but this problem stopped me. When I do the update data, this message appears to me, although the update works in more than one other form within the program.

Please help me.

string d = Date.Value.ToString("yyyy/MM/dd");
                    string Dinstall = txtdateInstal.Value.ToString("yyyy/MM/dd");
                    db.ExcuteData("update TBL_Employees Set FName ='"+txtFName.Text+"' ,LName ='" + txtLName.Text + "' ,DateB='" + d + "', PlaceB='" + txtBDaye.Text + "', ID_C= " + cmbCenter.SelectedValue + ", ID_S= " + cmbService.SelectedValue + ",ID_Sec=" + cmbSecture.SelectedValue + ", ID_Grade = " + cmbGrade.SelectedValue + ", DateInstall= '" + Dinstall + "', Credit=" + txtRacid.Text + ", Adress= '" + txtAddress.Text + "', Phone=" + txtPhone.Text + " ,Status = " + status.Text + "  where ID_Emp ="+txtMat.Text+" " ," Modified successfully ");
Visual Studio
Visual Studio
A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.
4,888 questions
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,361 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,648 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Jusay 165 Reputation points
    2023-06-23T02:57:49.7033333+00:00

    It's probably your input on the form.

    You can try this sample below. Insert any new parameters you like, as I included only a few to make it short. It will also make your code more protected against SQL injection. (Note: I only assumed your SQL data types and length, you may change it as well as needed.)

            private string updateEmployees(int ID_Emp)
        {
            // Create Instance of Connection and Command Object
            SqlConnection myConnection = new SqlConnection("Your Connection String Goes Here");
            SqlCommand myCommand = new SqlCommand();

            try
            {

                // The Command
                myCommand.Connection = myConnection;
                myCommand.CommandType = CommandType.Text;
                myCommand.CommandText = "UPDATE TBL_Employees Set FName=@FName, LName=@LName where ID_Emp=@ID_Emp";
                SqlParameter myPara;

                // Add Parameters 
                myPara = new SqlParameter("@ID_Emp", SqlDbType.Int, 8);
                myPara.Value = ID_Emp;
                myCommand.Parameters.Add(myPara);

                myPara = new SqlParameter("@FName", SqlDbType.Char, 50);
                myPara.Value = txtFName.Text;
                myCommand.Parameters.Add(myPara);

                myPara = new SqlParameter("@LName", SqlDbType.Char, 50);
                myPara.Value = txtLName.Text;
                myCommand.Parameters.Add(myPara);

                myConnection.Open();

                myCommand.ExecuteNonQuery();

                return "Modified successfully";
            }
            catch (Exception ex)
            {
                //LOg Exception
                return "Failed to Modify";
            }
            finally
            {
                if (myConnection.State != ConnectionState.Closed)
                {
                    myConnection.Close();
                    myCommand.Dispose();
                    myConnection.Dispose();
                }
            }
        }
    0 comments