Last post Nov 03, 2014 10:53 AM by Mikesdotnetting
Oct 31, 2014 11:30 AM|Awq|LINK
I created a connection with access 2010.
When i record something, ok, it's fine. But when this record have any sign(like "?" or "!" ) it's get an error:
Sintax error: missing operator on
How can i fix that?
Oct 31, 2014 12:09 PM|Mikesdotnetting|LINK
You should use parameters for your queries: http://www.mikesdotnetting.com/article/26/parameter-queries-in-asp-net-with-ms-access
Oct 31, 2014 12:14 PM|Awq|LINK
Can you post a sample code?
This site is blocked by intranet here
Oct 31, 2014 12:37 PM|Mikesdotnetting|LINK
OleDb Parameters are recognised by their position, not by their name. Consequently, it is vital to ensure that parameters are added to the collection in the order they appear in the SQL, otherwise a "Too few parameters..." exception could occur. At the very
least, your values will get inserted into the wrong fields, or nothing happens at all. For the sake of code readability, AddWithValues(string, object) can take a non-empty string giving a name to the parameter, although an empty string ("")
One final note about parameter markers: in the samples below, the markers are represented by question marks ( ? ). Access (or the Jet provider) is also happy to work with SQL Server-style parameter markers that are prefixed with @,
so the first example CommandText can be replaced with:
"Insert Into Contacts (FirstName, LastName) Values (@FirstName, @LastName)"
string SqlString = "Insert Into Contacts (FirstName, LastName) Values (?,?)";
using (OleDbConnection conn = new OleDbConnection(ConnString))
using (OleDbCommand cmd = new OleDbCommand(SqlString, conn))
cmd.CommandType = CommandType.Text;
Oct 31, 2014 12:57 PM|Awq|LINK
Didn't solved, yet...
That's the error:
If i type a word, ok. But if i put a "?", like
i get this error:
if i don't use "?" mark it record on access just fine.
Oct 31, 2014 03:14 PM|Mikesdotnetting|LINK
Can you show your SQL?
Oct 31, 2014 03:23 PM|Rion Williams|LINK
As Mike mentioned, you should always use parameterization when executing SQL commands. Depending on the type of database environment that you are targeting the '?' character can be used to define a parameter so if you are just manually concatenating the
value of your TextBox into your query, this could cause issues and leave you vulnerable to SQL Injection attacks.
If you posted your entire code relating to executing your command (and building your query), we could probably provide some suggestions to help avoid this.
Nov 03, 2014 06:51 AM|Awq|LINK
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Dim con As OleDbConnection
Dim com As OleDbCommand
con = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source= C:\Users\est10703\Desktop\Awq\classifica.accdb;")
com = New OleDbCommand("insert into PERGUNTA(DES) values(" + TextBox1.Text + ")", con)
' com.Parameters.AddWithValue("@DES", TextBox1.Text)
com.Parameters.Add(New OleDb.OleDbParameter("@DES", OleDb.OleDbType.VarChar)).Value = TextBox1.Text
TextBox1.Text = ""
Edit: If i record only "?" it works.
Nov 03, 2014 08:03 AM|Mikesdotnetting|LINK
You aren't using parameters properly:
com = New OleDbCommand("insert into PERGUNTA (DES) values(?)", con)
Nov 03, 2014 10:50 AM|Awq|LINK
Thanks man. Now it's works.
But, with these data inserted in table PERGUNTA i fill a dropdownlist in same page.
How to update this ddl list when i record in this table?
DropDownList1.DataBind() isn't working.
Nov 03, 2014 10:53 AM|Mikesdotnetting|LINK
You should start a new thread for that question.