Incorrect syntax near '.'. - C#

Question

When I attempt to run the following the code,I got an error.What might be the problem?

protected void Button1_Click(object sender, EventArgs e)
 {
        SqlConnection cnn = new SqlConnection("server=.; database=YEDEK; Integrated Security=True; ");
        cnn.Open();
        SqlCommand cmd = cnn.CreateCommand();
        cmd.CommandText = "insert Personel (Name,Surname,Tel) values  ('"+txtName.Text+"','"+ txtSurname.Text+"','"+txtTel.Text+"')  ";
        SqlParameter p1 = new SqlParameter("txtName.Text", SqlDbType.NVarChar);
        p1.Value = "txtName.Text";
        cmd.Parameters.Add(p1);
        SqlParameter p2 = new SqlParameter("txtSurname.Text", SqlDbType.NVarChar);
        p2.Value = "txtSurname.Text";
        cmd.Parameters.Add(p2);
        SqlParameter p3 = new SqlParameter("txtTel.Text", SqlDbType.Char);
        p3.Value = "txtTel.Text";
        cmd.Parameters.Add(p3);
        cmd.ExecuteNonQuery();
        cnn.Close();

 }

Here is my error message:

 Incorrect syntax near '.'.
 Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
 Exception Details:  System.Data.SqlClient.SqlException: Incorrect syntax near '.'.

 Source Error: 

 Line 44:             //cmd.Parameters.Add(p3);
 Line 45: 
 Line 46:             cmd.ExecuteNonQuery();
 Line 47:         //} 
 Line 48:         //catch (SqlException ex)

@gehgt: That's actualy valid connection string syntax for the server. It's vaguely like saying (localhost) or 127.0.0.1 or ::1. Basically means this machine. — Paul Sasik
– Paul Sasik, Commented Sep 26, 2011 at 22:01

Tejs · Accepted Answer · 2011-09-26 21:58:43Z

3

Your parameters are not in the correct syntax.

A proper parameter would be like so:

 new SqlParameter("@SomeParamName", SqlDbType.VarChar)

It looks like you are trying to directly insert the values from your controls into the parameter. In this situation you would do this:

  var param = new SqlParameter("@Name", SqlDbType.VarChar);
  param.Value = txtName.Text;

The parameter names should match your stored procedure definition.

answered Sep 26, 2011 at 21:58

Tejs

41.4k10 gold badges71 silver badges89 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Sergey Sirotkin Over a year ago

"The parameter names should match your stored procedure definition." He has no stored procedures.

Sergey Sirotkin · Accepted Answer · 2011-09-26 22:13:59Z

You either should use SqlParameter or concatenate string. The former is better, as it prevents SQL injection attack. Also, do not quote properties of controls you're using (like p1.Value = "txtName.Text").

Below is how it can be done proper way:

    SqlConnection cnn = new SqlConnection("server=.; database=YEDEK; Integrated Security=True; ");
    cnn.Open();
    SqlCommand cmd = cnn.CreateCommand();
    cmd.CommandText = "INSERT INTO Personel (Name, Surname, Tel) VALUES  (@Name, @Surname, @Tel)  ";
    SqlParameter p1 = new SqlParameter("@Name", SqlDbType.NVarChar);
    p1.Value = txtName.Text;
    cmd.Parameters.Add(p1);
    SqlParameter p2 = new SqlParameter("@Surname", SqlDbType.NVarChar);
    p2.Value = txtSurname.Text;
    cmd.Parameters.Add(p2);
    SqlParameter p3 = new SqlParameter("@Tel", SqlDbType.Char);
    p3.Value = txtTel.Text;
    cmd.Parameters.Add(p3);
    cmd.ExecuteNonQuery();
    cnn.Close();

Anas Karkoukli · Accepted Answer · 2011-09-26 22:00:20Z

0

cmd.CommandText = "insert Personel (Name,Surname,Tel) values (@Name, @Surname, @Tel) ";

Looks more logical, and you have to make sure your sommand parameters match the variable names as well.

answered Sep 26, 2011 at 22:00

Anas Karkoukli

1,3428 silver badges13 bronze badges

Comments

Valamas · Accepted Answer · 2011-09-26 22:02:57Z

0

Tejs is correct, remove DOTS from your paramnames.

You should also change your insert statement to (I removed the dots too)

cmd.CommandText = "insert Personel (Name,Surname,Tel) 
values(@txtNameText,@txtSurnameText,@txtTelText)  ";

Please rename those params, they are badly named!

answered Sep 26, 2011 at 22:02

Valamas

24.8k25 gold badges111 silver badges181 bronze badges

Comments

Viper · Accepted Answer · 2011-09-26 22:10:22Z

0

I think the problem here is that you already build a sql statement without parameters with this line of code:

cmd.CommandText = "insert Personel (Name,Surname,Tel) values  ('"+txtName.Text+"','"+ txtSurname.Text+"','"+txtTel.Text+"')  ";

This results is a directly working sql statement (without parameters):

"insert Personel (Name,Surname,Tel) values ('ValueOfTxtName','ValueOfTxtSurname','ValueOfTxtName' )"

You need to replace your sql statement to something like this:

"insert Personel (Name,Surname,Tel) values ( @Name,@Surname,@Tel)"

and then add the parameters conform to Tejs suggestion.

answered Sep 26, 2011 at 22:10

Viper

2,2441 gold badge22 silver badges44 bronze badges

Collectives™ on Stack Overflow

Incorrect syntax near '.'. - C#

5 Answers 5

1 Comment

Comments

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

1 Comment

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related