Invalid Column Name 'T001' in my attempt to insert a record into my SQL Server [duplicate]












0
















This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)






c# sql-server







share|improve this question















marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37
















0
















This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)






c# sql-server







share|improve this question















marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37














0












0








0









This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)






c# sql-server







share|improve this question

















This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)





This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers







c# sql-server




c# sql-server






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 1 at 10:40









marc_s

580k13011191266




580k13011191266










asked Jan 1 at 10:05









Richard WRichard W

389115




389115




marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37














  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37








1




1





I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

– Dale Burrell
Jan 1 at 10:14







I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

– Dale Burrell
Jan 1 at 10:14















Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

– Richard W
Jan 1 at 10:34







Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

– Richard W
Jan 1 at 10:34















Strings and dates do, numbers don't.

– Dale Burrell
Jan 1 at 10:35





Strings and dates do, numbers don't.

– Dale Burrell
Jan 1 at 10:35













@DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

– Richard W
Jan 1 at 10:37







@DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

– Richard W
Jan 1 at 10:37















@Dale Burrell : Single quotes convert a date to a string which is very dangerous.

– jdweng
Jan 1 at 11:37





@Dale Burrell : Single quotes convert a date to a string which is very dangerous.

– jdweng
Jan 1 at 11:37












1 Answer
1






active

oldest

votes


















1














You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer
























  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30


















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer
























  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30
















1














You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer
























  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30














1












1








1







You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer













You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")






share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 1 at 10:23









Anu ViswanAnu Viswan

5,6552526




5,6552526













  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30



















  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30

















Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

– Richard W
Jan 1 at 10:35







Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

– Richard W
Jan 1 at 10:35






1




1





I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

– Anu Viswan
Jan 1 at 10:51





I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

– Anu Viswan
Jan 1 at 10:51













Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

– Richard W
Jan 1 at 11:00







Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

– Richard W
Jan 1 at 11:00















It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

– Anu Viswan
Jan 1 at 11:06





It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

– Anu Viswan
Jan 1 at 11:06













@WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

– Richardissimo
Jan 1 at 23:30





@WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

– Richardissimo
Jan 1 at 23:30





Popular posts from this blog

Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

Image
28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
Read more

ts Property 'filter' does not exist on type '{}'

Image
1 I'm trying to follow Angular Material guide to create a custom filter for autocomplete input text https://material.angular.io/components/autocomplete/overview This is what I have TS import { Component, OnInit } from '@angular/core'; import { TemplateRef } from '@angular/core'; import { FormControl } from "@angular/forms"; import { Observable } from "rxjs"; import { map, startWith, filter } from 'rxjs/operators'; (...) export class AppComponent implements OnInit { title = 'Your Profile'; displayedColumns: string = ['selected', 'name', 'description', 'pnr']; dataSource = ELEMENT_DATA; myControl = new FormControl(); options: any = ['One', 'Two', 'Three']; filteredOptions:
Read more

mat-slide-toggle shouldn't change it's state when I click cancel in confirmation window

Image
1 When I checked the slide toggle it should work as expected. But when I try to uncheck it there is a confirmation window asking if you are sure. When I click cancel in that confirmation window, still the toggle changes to unchecked, which shouldn't happen. It should stay in the same state. Here is my Html and TS Code // html <mat-slide-toggle (change)="change($event)" [checked]="isChecked()" > To-pay </mat-slide-toggle> TS code: // ts change(e) { if(this.checked) { if(confirm("Are you sure")) { console.log("toggle") } else { e.stopPropagation(); console.log("toggle should not change if I click the cancel button") }
Read more