'System.Data.SqlClient.SqlException: 'Incorrect syntax near 'student'.' [duplicate]

I tried rewrite other ways but the code always showing error like this

System.Data.SqlClient.SqlException: 'Incorrect syntax near 'student'

The error occurs on the line

cmd.ExecuteNonQuery();

I hope someone will be able to help.

private void button1_Click(object sender, EventArgs e)
{
    if (StudUsn.Text == "" || StudName.Text == "" || 
        FatherName.Text == "" || MotherName.Text == "" ||
        AddressTb.Text == "" || CollegeTb.Text == "")
    {
        MessageBox.Show("No empty filled accepted");
    }
    else
    {
        Con.Open();

        String query = "insert into Student_tbl values(" + StudUsn.Text + ",'" + FatherName.Text + "','" + MotherName.Text + "','" + AddressTb.Text + "','" + CollegeTb.Text + "','" + StudRoomCb + "','" + StudStatusCb + "')";

        SqlCommand cmd = new SqlCommand(query, Con);
        cmd.ExecuteNonQuery();

        MessageBox.Show("Student successfully added");

        Con.Close();

        updateBookedStatus();
        FillStudentDGV();
        FillStudentCombobox();
    }
}
c++sharpsql-server


Solution 1:[1]

The following shows how to insert a record into a database using parameters. The number of rows affected will be returned (ie: 0 means the row wasn't inserted and 1 means the row was inserted successfully).

private int TblStudentInsert(string studentUsn, string fatherName, string motherName, string streetAddress, string college, string studentRoom, string studentStatus)
{
    string sqlText = "INSERT INTO Student (StudentUsn, FatherName, MotherName, StreetAddress, College, StudentRoom, StudentStatus) VALUES (@studentUsn, @fatherName, @motherName, @streetAddress, @college, @studentRoom, @studentStatus);";
    
    using (SqlConnection con = new SqlConnection(_connectionStr))
    {
        con.Open();

        using (SqlCommand cmd = new SqlCommand(sqlText, con))
        {
            //add parameters
            cmd.Parameters.Add("@studentUsn", SqlDbType.VarChar).Value = studentUsn;
            cmd.Parameters.Add("@fatherName", SqlDbType.VarChar).Value = fatherName;
            cmd.Parameters.Add("@motherName", SqlDbType.VarChar).Value = motherName;
            cmd.Parameters.Add("@streetAddress", SqlDbType.VarChar).Value = streetAddress;
            cmd.Parameters.Add("@college", SqlDbType.VarChar).Value = college;
            cmd.Parameters.Add("@studentRoom", SqlDbType.VarChar).Value = studentRoom;
            cmd.Parameters.Add("@studentStatus", SqlDbType.VarChar).Value = studentStatus;

            //execute and return number of rows affected
            return cmd.ExecuteNonQuery();
        }
    }
}

Note: For Unicode, use NVarChar instead of VarChar. If inserting a null value, use DBNull.Value.

Resources:

Solution 2:[2]

This syntax error is caused by a trailing comma as if you run the debugger and evaluate it, this will be in the format of INSERT INTO Student_tbl VALUES (N'xyz'). You just need to remove the concatenation and use parameters for these values.

Try this one

string query = "INSERT INTO Student_tbl (StudUsn, StudName,FatherName,MotherName,AddressTb,CollegeTb) VALUES (@StudUsn, StudName,@FatherName,@MotherName,@AddressTb,@CollegeTb);";
SqlCommand cmd = new SqlCommand(query, Con);
cmd.Parameters.Add("@StudUsn", SqlDbType.VarChar).Value = StudUsn.Text;
cmd.Parameters.Add("@StudName", SqlDbType.VarChar).Value = StudName.Text;
cmd.Parameters.Add("@FatherName", SqlDbType.VarChar).Value = FatherName.Text;
//.
//.
//so on and so forth
cmd.ExecuteNonQuery();

insert into Student_tbl (this name should be matched with your sql table columns) ........

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2

Related Questions