I'm trying to using INSERT to write some data to a MSSQL Database table. I believe my SQL string is correct but I'm getting an error message when I run command.ExecuteScaler(); I've attached the error message in a screen shot. It states I'm using incorrect syntax but I'm not getting any compiler errors. I'm assuming I'm just doing something wrong.
CODE:
using (SqlConnection connection = new SqlConnection(SQLHelper.CnnCal("CQDB")))
{
connection.Open();
String insert = @"INSERT INTO Skills(SkillName, SkillNumber, SkillLastUpdated, SkillServer) VALUES(" + skills.SkillName + "," + skills.SkillNumber + "," + skills.LastUpdated + "," + skills.CallServer +")";
SqlCommand command = new SqlCommand(insert, connection);
command.ExecuteScalar();
connection.Close();
}
Error Message from exception pop up
Question: What is the proper way of inserting data into a MSSQL database table?
INSERT INTO People (Name) VALUES (Flater), while it should beINSERT INTO People (Name) VALUES ('Flater')Notice the quotes, they are the source of your issue. However, such an answer would be highly downvoted as the expected standard is to use parameters so as to prevent SQL injection (but in all honesty, that is something that does not specifically relate to your question, it's just a matter of good practice).