Syntax problem Inserting variables into database

  • Thread starter Thread starter altergothen
  • Start date Start date
A

altergothen

Hi there

I am a newbie to ASP.Net - Please Help!
I am trying to insert the values of my variables into a database.
If I try the following it works perfectly:
string insertQuery = "INSERT into test(name,surname,email) VALUES('Bob',
'Sly', '(e-mail address removed)')";

but instead of inputing the values directly, I want to insert them as
variables like so:
string insertQuery = "INSERT into test (name,surname,email)
VALUES(name,surname,email)";

The problem is that SQL requires ' ' around the values like this:
string insertQuery = "INSERT into test (name,surname,email)
VALUES('name','surname','email')";

If I do it this way the values are taken literaly so the actual words
name,surname,email are entered into the database instead of their values?

Please can you tell me how I can insert the varibles values into my database

Maybe my code will explain things more clearly ............

<%@ Page Language="C#" Debug="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<html>
<head>
<title>Inserting Data into a Database</title>
<script language="C#" runat="server">

void Page_Load()
{
string name;
name="Bob";
string surname;
surname="Sly";
string email;
email="'(e-mail address removed)'";


string connectionStr =
@"server=localhost;uid=tempuser1;pwd=tempuser1;trusted_connection=true;datab
ase=desertdollar";

string insertQuery = "INSERT into test(name,surname,email) VALUES(name,
surname, email)";

SqlConnection connectObj = new SqlConnection(connectionStr);
SqlCommand commandObj = new SqlCommand(insertQuery,connectObj);

commandObj.Connection.Open();
commandObj.ExecuteNonQuery();
commandObj.Connection.Close();
}

</script>
</head>
<body>
<h2>
Inserting Data into a Database
</h2>
</body>
</html>
 
Hi There,

Please make the following changes and it should work.

string insertQuery = "INSERT into test (name,surname,email) VALUES( '" +
name +"','"+ surname + "','" + email + "')";

HTH
Ashish M Bhonkiya
 
altergothen said:
Hi there

I am a newbie to ASP.Net - Please Help!
I am trying to insert the values of my variables into a database.
If I try the following it works perfectly:
string insertQuery = "INSERT into test(name,surname,email) VALUES('Bob',
'Sly', '(e-mail address removed)')";

but instead of inputing the values directly, I want to insert them as
variables like so:
string insertQuery = "INSERT into test (name,surname,email)
VALUES(name,surname,email)";

The problem is that SQL requires ' ' around the values like this:
string insertQuery = "INSERT into test (name,surname,email)
VALUES('name','surname','email')";

If I do it this way the values are taken literaly so the actual words
name,surname,email are entered into the database instead of their values?

Please can you tell me how I can insert the varibles values into my database

Maybe my code will explain things more clearly ............

<%@ Page Language="C#" Debug="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<html>
<head>
<title>Inserting Data into a Database</title>
<script language="C#" runat="server">

void Page_Load()
{
string name;
name="Bob";
string surname;
surname="Sly";
string email;
email="'(e-mail address removed)'";


string connectionStr =
@"server=localhost;uid=tempuser1;pwd=tempuser1;trusted_connection=true;datab
ase=desertdollar";

string insertQuery = "INSERT into test(name,surname,email) VALUES(name,
surname, email)";

SqlConnection connectObj = new SqlConnection(connectionStr);
SqlCommand commandObj = new SqlCommand(insertQuery,connectObj);

commandObj.Connection.Open();
commandObj.ExecuteNonQuery();
commandObj.Connection.Close();
}

</script>
</head>
<body>
<h2>
Inserting Data into a Database
</h2>
</body>
</html>

You want "parameters".

1) use as a query
string insertQuery = "INSERT into test (name,surname,email)
VALUES(@name,@surname,@Email)";

2) add parameters with the values
commandObj.Parameters.Add("@name", name);
(etc)

This way you will have no problems with names like "O'Brien" etc.


Hans Kesting
 
Back
Top