1

this is my code:

OleDbConnection con = new OleDbConnection();
con.ConnectionString = "Provider=MSDAORA;Data Source=data;Password=ss8_pakhsh;User ID=SHIFTS_N";
            con.Open();
int MAXID = 1175;
 MAXID++;
string sqlcommand = "INSERT INTO GROUPS(GROUP_ID, GROUP_NAME,DEPT_ID) " +
                              "VALUES(" + MAXID + ",'"
                              + textBox1.Text +
                             "', SELECT DEPT_ID FROM PERSONNEL_TEMP.DEPARTMENT WHERE DEPARTMENT_NAME="+comboBox1.Text;
 OleDbDataAdapter oda = new OleDbDataAdapter(sqlcommand, con);
            oda.Fill(dt);
            con.Close();

while i running it ,gets this error :

One or more errors occurred during processing of command.

i think my query has problem because when i enter it on TOAD editor(for oracle) gets me this error:

ORA-00936: missing expression

Improve this question
2
  • 2
    SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Jun 24, 2015 at 4:52
  • Incorrect quotes may lead you error..check the quotes string .and most important SQL injection! Commented Jun 24, 2015 at 4:53

2 Answers 2

Reset to default
2

You were missing quotes and paranthesis in your query.

SQL Injection Alert

To avoid this you should use Parameterized queries as like follows

string sqlcommand ="INSERT INTO GROUPS(GROUP_ID, GROUP_NAME,DEPT_ID)  
                           VALUES(?,?,SELECT DEPT_ID FROM PERSONNEL_TEMP.DEPARTMENT WHERE DEPARTMENT_NAME=?)";
OleDbConnection oledbConnection = new OleDbConnection(con);
OleDbCommand oledbCommand = new OleDbCommand(sqlcommand , oledbConnection);
oledbCommand.Parameters.AddWithValue("?", txtquotationno.Text);
oledbCommand.Parameters.AddWithValue("?", cmbjobcode.Text);
oledbCommand.Parameters.AddWithValue("?", comboBox1.Text);
OleDbDataAdapter oda  = new OleDbDataAdapter(oledbCommand);
DataTable dt= new DataTable();
oda.Fill(dt);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I DO IT BUT STILL GETS ME ERROR
THE ERROR Occurred ON oda.Fill(dt);
0

You need to put your select query in braces as you are selecting this from another table so this shoould be in (). Also Department_Name looks of type varcharso its value should be in single quotes. Change your query like this.

string sqlcommand = "INSERT INTO GROUPS(GROUP_ID, GROUP_NAME,DEPT_ID) " +
                              "VALUES(" + MAXID + ",'"
                              + textBox1.Text +
                             "',(SELECT DEPT_ID FROM PERSONNEL_TEMP.DEPARTMENT WHERE DEPARTMENT_NAME='"+comboBox1.Text+"'"));

Also use parameterized query to prevent sql injection.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.