Hi,
i try to insert values into a sql server table like this (code-behind):
comm1 = Textbox1.Text
comm2=Textbox2.Text
......
comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
values(comm1, comm2, ...)"
i get the error:
The name "field1l" is not permitted in this context. Valid expressions are
constants, constant expressions, and (in some contexts) variables. Column
names are not permitted.
Can someone give me the right syntax?
Thanks in advance.
Dan
Dan wrote:
> Hi,
> i try to insert values into a sql server table like this (code-behind):
> comm1 = Textbox1.Text
> comm2=Textbox2.Text
> .....
> comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
> values(comm1, comm2, ...)"
> i get the error:
> The name "field1l" is not permitted in this context. Valid expressions are
> constants, constant expressions, and (in some contexts) variables. Column
> names are not permitted.
> Can someone give me the right syntax?
> Thanks in advance.
> Dan
The database is not aware of the variables that you use in your code.
Put parameters in the query, and add the values as parameter objects to
the command object.
Gran Andersson
_____
http://www.guffa.com
|||"Dan" <d@.er.df> wrote in message
news:eF%23nAdXwHHA.4736@.TK2MSFTNGP05.phx.gbl...
> Hi,
> i try to insert values into a sql server table like this (code-behind):
> comm1 = Textbox1.Text
> comm2=Textbox2.Text
> .....
> comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
> values(comm1, comm2, ...)"
> i get the error:
> The name "field1l" is not permitted in this context. Valid expressions are
> constants, constant expressions, and (in some contexts) variables. Column
> names are not permitted.
> Can someone give me the right syntax?
> Thanks in advance.
> Dan
>
>
Your SQL statement is in quotes so the comm1, comm2 are sent as those values
to the server which has no idea what you want to do.
Use parameters to pass the values of the fields. Something like "insert
into mytable (field1,field2) values (@.field1, @.field2)
Then in your code create the parameters, add them to the SQLCommand and then
execute.
Hope this gets you going in the right direction.
Lloyd Sheen
|||On Sun, 8 Jul 2007 17:47:11 +0200, "Dan" <d@.er.df> wrote:
>Hi,
>i try to insert values into a sql server table like this (code-behind):
>comm1 = Textbox1.Text
>comm2=Textbox2.Text
>.....
>comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
>values(comm1, comm2, ...)"
>i get the error:
>The name "field1l" is not permitted in this context. Valid expressions are
>constants, constant expressions, and (in some contexts) variables. Column
>names are not permitted.
>Can someone give me the right syntax?
>Thanks in advance.
>Dan
>
You need to read up on parameterized queries ... then you'll know how
to safely pass user entered variables to database queries
http://bytes.thinkersroom.com
|||Of course, thanks ..
"Lloyd Sheen" <a@.b.c> schreef in bericht
news:DADD47DE-3006-4C63-8087-F368EFA9EFFF@.microsoft.com...
> "Dan" <d@.er.df> wrote in message
> news:eF%23nAdXwHHA.4736@.TK2MSFTNGP05.phx.gbl...
> Your SQL statement is in quotes so the comm1, comm2 are sent as those
> values to the server which has no idea what you want to do.
> Use parameters to pass the values of the fields. Something like "insert
> into mytable (field1,field2) values (@.field1, @.field2)
> Then in your code create the parameters, add them to the SQLCommand and
> then execute.
> Hope this gets you going in the right direction.
> Lloyd Sheen
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment