How to fix the error (incorrect syntax near ','. )

Soufiane Sahraoui 20 Reputation points
2023-05-12T21:19:26.3366667+00:00

incorrect syntax near ','.

I am working on a small program, but this problem stopped me. When I do the update data, this message appears to me, although the update works in more than one other form within the program.

Please help me.

string d = Date.Value.ToString("yyyy/MM/dd");
                    string Dinstall = txtdateInstal.Value.ToString("yyyy/MM/dd");
                    db.ExcuteData("update TBL_Employees Set FName ='"+txtFName.Text+"' ,LName ='" + txtLName.Text + "' ,DateB='" + d + "', PlaceB='" + txtBDaye.Text + "', ID_C= " + cmbCenter.SelectedValue + ", ID_S= " + cmbService.SelectedValue + ",ID_Sec=" + cmbSecture.SelectedValue + ", ID_Grade = " + cmbGrade.SelectedValue + ", DateInstall= '" + Dinstall + "', Credit=" + txtRacid.Text + ", Adress= '" + txtAddress.Text + "', Phone=" + txtPhone.Text + " ,Status = " + status.Text + "  where ID_Emp ="+txtMat.Text+" " ," Modified successfully ");
Visual Studio
Visual Studio
A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.
4,772 questions
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,082 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,497 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Jusay 165 Reputation points
    2023-06-23T02:57:49.7033333+00:00

    It's probably your input on the form.

    You can try this sample below. Insert any new parameters you like, as I included only a few to make it short. It will also make your code more protected against SQL injection. (Note: I only assumed your SQL data types and length, you may change it as well as needed.)

            private string updateEmployees(int ID_Emp)
            {
                // Create Instance of Connection and Command Object
                SqlConnection myConnection = new SqlConnection("Your Connection String Goes Here");
                SqlCommand myCommand = new SqlCommand();
    
                try
                {
    
                    // The Command
                    myCommand.Connection = myConnection;
                    myCommand.CommandType = CommandType.Text;
                    myCommand.CommandText = "UPDATE TBL_Employees Set FName=@FName, LName=@LName where ID_Emp=@ID_Emp";
                    SqlParameter myPara;
    
                    // Add Parameters 
                    myPara = new SqlParameter("@ID_Emp", SqlDbType.Int, 8);
                    myPara.Value = ID_Emp;
                    myCommand.Parameters.Add(myPara);
    
                    myPara = new SqlParameter("@FName", SqlDbType.Char, 50);
                    myPara.Value = txtFName.Text;
                    myCommand.Parameters.Add(myPara);
    
                    myPara = new SqlParameter("@LName", SqlDbType.Char, 50);
                    myPara.Value = txtLName.Text;
                    myCommand.Parameters.Add(myPara);
    
                    myConnection.Open();
    
                    myCommand.ExecuteNonQuery();
    
                    return "Modified successfully";
                }
                catch (Exception ex)
                {
                    //LOg Exception
                    return "Failed to Modify";
                }
                finally
                {
                    if (myConnection.State != ConnectionState.Closed)
                    {
                        myConnection.Close();
                        myCommand.Dispose();
                        myConnection.Dispose();
                    }
                }
            }
    
    0 comments No comments