0

code:

string query1 = @"UPDATE global_mapping set escape_id = " + 
  dataGridView1.Rows[i].Cells[2].Value + ",function_id = " + 
  dataGridView1.Rows[i].Cells[3].Value + ",function_name = '" + 
  dataGridView1.Rows[i].Cells[4].Value + "',parameter_name = '" + 
  dataGridView1.Rows[i].Cells[5].Value + "',parameter_validity = '" + 
  dataGridView1.Rows[i].Cells[6].Value + "',statusparameter_id = " + 
  dataGridView1.Rows[i].Cells[7].Value + ",acb_datatype = '" + 
  dataGridView1.Rows[i].Cells[8].Value + "',data_type_id = " + 
  dataGridView1.Rows[i].Cells[9].Value + ",bit_size = " + 
  dataGridView1.Rows[i].Cells[10].Value + ",validity_status ='" + 
  dataGridView1.Rows[i].Cells[11].Value + "',validity_func = '" + 
  dataGridView1.Rows[i].Cells[12].Value + "'WHERE global_mapping.parameter_id =" + 
  dataGridView1.Rows[i].Cells[1].Value + "";
OleDbCommand cmd1 = new OleDbCommand(query1, conn);
cmd1.ExecuteNonQuery();

code ends:

When I execute the above code I get an error stating "Syntax error in Update statement". Can someone please tell me how to resolve this?

Improve this question
1
  • Thanks for the quick response but how to use sql parameters Commented May 19, 2009 at 8:31

6 Answers 6

Reset to default
2

It looks like you need to add a space before your WHERE clause.

Hope this helps,

Bill

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

bad sql syntax is the least of his worries.
perhaps, but I'm not on a crusade here.
1

Wow. Can we say... SQL Injection?

Try using Parameters. Not only will you protect yourself, but your SQL will become MUCH more readable.

Improve this answer

Comments

1

Never use string concatenation for building SQL queries. Use SQL parameters.

Improve this answer

Comments

0

Yikes! Please provide the final query1 value and try to format it so we can get a better picture of it. My guess is a missing ' or something.

Improve this answer

Comments

0

I'd say you're missing some quotes in there but your code is such a pig-sty I can't tell. If you won't fix your code then at the minimum give us a dump of query1 so we can read your actual query.

And use parameters or stored procedures like the previous responses said. All it takes is one of your variables to get overwritten with something nasty and your server will be wide open to anyone deleting your tables or worse.

Even if this is a local "safe" database you should unlearn your bad habits now.

Improve this answer

Comments

-1

Put Console.WriteLine(query1) before OleDbCommand cmd1 = new OleDbCommand(query1, conn);

See the value of query1 printed to console window.
Does the SQL Statement look OK? I guess not - you will now be able to find a field which is non-numeric and is blank in the grid.

And, use parameters as others have said.

Improve this answer

1 Comment

What is wrong with my reply? When down-voting, please put reason.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.