1

When I try to execute this SQL query:

savInto.CommandText = "update onCommands set warnDate =#" & movDate.Value.ToString("MM/dd/yyyy") 
& "#,updateDate =#" & Date.Now.ToShortDateString 
& "#,transportCompany ='" & Trim(Company.Text) 
& "' where ID =" & moveID

I get this error: 

Incorrect syntax near '#'
Improve this question
5
  • Can we see the actual sql? (after all the parsing to strings) Commented Nov 29, 2013 at 13:37
  • Try using single quotes around MM/dd/yyyy Commented Nov 29, 2013 at 13:37
  • 2
    Use sql-parameters instead of string concatenation if you build a sql query. Otherwise you are open for sql-injection and localization issues. Commented Nov 29, 2013 at 13:37
  • Print out your entire string to a log so that you can see exactly what is being executed. This may give you a clue as to the syntax error Commented Nov 29, 2013 at 13:37
  • Thank you a lot, my problem was solved by the first answer :) Commented Nov 29, 2013 at 13:48

2 Answers 2

Reset to default
4

Well the main problem is that you're trying to provide the parameter as part of the SQL itself. While there are ways of doing that (use an apostrophe rather than #), it's generally a bad idea:

  • It invites SQL injection attacks when used with arbitrary strings
  • It makes it harder to read the code
  • It introduces unnecessary string conversions

Instead, you should use parameterized SQL and specify the value for the parameter. Something like:

savInto.CommandText = "update onCommands set warnDate = @warnDate" & 
    ", updateDate = @updateDate, transportCompany = @transportCompany" &
    " where ID=@moveID"
savInto.Parameters.Add("@warnDate", SqlDbType.DateTime).Value = movDate
savInto.Parameters.Add("@updateDate", SqlDbType.DateTime).Value = Date.Now
savInto.Parameters.Add("@transportCompany", SqlDbType.NVarChar).Value = Trim(Company.Text)
savInto.Parameters.Add("@moveID", SqlDbType.NVarChar).Value = moveID
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Additionally, the #date# syntax, isn't that Access / JET?
@LasseV.Karlsen I believe that's from Access indeed.
@LasseV.Karlsen: Possibly. I'm not going to dwell on that, given that it's a fundamentally bad approach :)
@TimSchmelter: Well it's not a literal when it's getting the value from a variable...
@AymAnAbuOmar: Maybe the SQL date literal is expected to be in a different format, e.g. yyyy-MM-dd. I don't know, and you shouldn't need to care, because you're not really trying to perform a string conversion: you're trying to provide a date to the database. That's the beauty of using parameterized SQL.
|
1

Why are you using # character? What database are you using (sql server, oracle, mysql...)

Try this:

savInto.CommandText = "update onCommands set warnDate ='" & movDate.Value.ToString("MM/dd/yyyy") & "',updateDate ='" & Date.Now.ToShortDateString & "',transportCompany ='" & Trim(Company.Text) & "' where ID =" & moveID
Improve this answer

1 Comment

While your answer is technically correct, it's not a good approach in general.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.