Inserting data into SQL Server

Question

ja0 0 Light Poster

14 Years Ago

I am having the following trouble:

"System.Data.SqlClient.SqlException: Incorrect syntax near '11'.
Unclosed quotation mark after the character string ' )'.

I tried the solution of using double quote right there, but it give me another problem.
The more strange thing is that the data is begin copy to the new table until it stop...

while (myRead.Read())
                {
                    myRead.Read();
                    cmd = new SqlCommand("INSERT INTO Properties VALUES " +
                             "( '" + Read2["Parameter1"].ToString() +
                           "', '"  + Read2["Parameter2"].ToString() + 
                           "', '"  + Read2["Parameter3"].ToString() + 
                           "', '"  + Read2["Parameter4"].ToString() + 
                           "', '"  + Read2["Parameter5"].ToString()  + "' )", connection);
                    cmd.ExecuteNonQuery();

                }

                myRead.Close();

2 Contributors
4 Replies
154 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by ja0

Momerath 1,327 Nearly a Senior Poster

14 Years Ago

I suspect one of your values has a single ' mark in it, and this is throwing off your SQL statement. This is one of the reason you should use parameterized statements, along with helping prevent a SQL injection attack.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ja0 0 Light Poster · Answer 1 · 2010-09-14T16:40:55+00:00

I suspect one of your values has a single ' mark in it, and this is throwing off your SQL statement. This is one of the reason you should use parameterized statements, along with helping prevent a SQL injection attack.

Now I am have the following error: "System.IdenxOutofRangeException: Number".

Any ideas?

ja0 0 Light Poster · Answer 2 · 2010-09-14T18:08:01+00:00

I did this now and I have the same first problem:

SqlDataAdapter incmd = null;
                SqlDataAdapter Commnd = new SqlDataAdapter(querystring, conn);

                DataTable Properties = new DataTable();
                Commnd.Fill(Properties);

                foreach (DataRow drRow in Properties.Rows)
                {  incmd = new SqlDataAdapter("INSERT INTO Properties VALUES " +
                    "( '"  + drRow["Parameter1"].ToString() +
                    "', '" + drRow["Parameter2"].ToString() +
                    "', '" + drRow["Parameter3"].ToString() +
                    "', '" + drRow["Parameter4"].ToString() +
                    "', '" + drRow["Parameter5"].ToString() + "' )", conn);
                    incmd.Fill(Properties);
                }

                Commnd.Dispose();
                incmd.Dispose();

ja0 0 Light Poster · Answer 3 · 2010-09-14T18:58:18+00:00

Now I tried this one too, same first problem. Any Ideas?!

SqlDataReader Read = null;
                SqlCommand cmd = null;
                SqlCommand Commnd = new SqlCommand(querystring, conn);
                Read = Commnd.ExecuteReader();

                SqlParameter param1 = new SqlParameter();
                SqlParameter param2 = new SqlParameter();
                SqlParameter param3 = new SqlParameter();
                SqlParameter param4 = new SqlParameter();
                SqlParameter param5 = new SqlParameter();
                while (Read.Read())
                {
                    Read.Read();

                    param1.ParameterName = "@Number";
                    param1.SqlDbType = SqlDbType.NVarChar;
                    param1.Value = Read["Number"];

                    param2.ParameterName = "@PropertyName";
                    param2.SqlDbType = SqlDbType.NVarChar;
                    param2.Value = Read["PropertyName"];

                    param3.ParameterName = "@DataType";
                    param3.SqlDbType = SqlDbType.NVarChar;
                    param3.Value = Read["DataType"];

                    param4.ParameterName = "@PropertyValue";
                    param4.SqlDbType = SqlDbType.NVarChar;
                    param4.Value = Read["PropertyValue"];

                    param5.ParameterName = "@DateUpdated";
                    param5.SqlDbType = SqlDbType.DateTime;
                    param5.Value = Read["DateUpdated"];
                    cmd = new SqlCommand("INSERT INTO Properties VALUES " +
                    "( '" +  param1.Value +
                    "', '" + param2.Value +
                    "', '" + param3.Value +
                    "', '" + param4.Value +
                    "', '" + param5.Value + "')", conn);
                    
                    cmd.ExecuteNonQuery();
                }
                Read.Close();
                Commnd.Dispose();
                cmd.Dispose();