Invalid Column Name 'T001' in my attempt to insert a record into my SQL Server [duplicate]












0
















This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)






c# sql-server







share|improve this question















marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37
















0
















This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)






c# sql-server







share|improve this question















marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37














0












0








0









This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)






c# sql-server







share|improve this question

















This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers




I have the following code:



public static void dbInfoInsert(int ID)

{

    try

    {

        SqlConnection sqlCon = new SqlConnection(@"Data Source = (local); Initial Catalog = myDB; Integrated Security = True;");

        sqlCon.Open();



        SqlCommand insert = new SqlCommand

            {

                CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ({0}, {1}, {2}, {3})", "T001", "FoodName", 23, "Food"),

                Connection = sqlCon

            };



        insert.ExecuteNonQuery();



        Console.Clear();

        Console.WriteLine("SUCCESS");

        Console.ReadKey();



        sqlCon.Close();

    }

    // In case connection to Microsoft SQL fails

    catch (SqlException e)

    {

        Console.WriteLine(e.ToString());

        Console.ReadKey();

    }

}


The error says that I have an Invalid column name 'T001', but that isn't my column. Am I doing something wrong here? In my database which name is myDB, I have a dbo.Food table which contains the following columns:




  • FoodID varchar(10)

  • FoodName varchar(100)

  • FoodPrice money

  • FoodDescription varchar(1000)





This question already has an answer here:




  • Why do we always prefer using parameters in SQL statements?

    7 answers







c# sql-server




c# sql-server






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 1 at 10:40









marc_s

580k13011191266




580k13011191266










asked Jan 1 at 10:05









Richard WRichard W

389115




389115




marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Alexei Levenkov c#
Users with the  c# badge can single-handedly close c# questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
 Jan 1 at 11:36


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37














  • 1





    I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

    – Dale Burrell
    Jan 1 at 10:14













  • Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

    – Richard W
    Jan 1 at 10:34













  • Strings and dates do, numbers don't.

    – Dale Burrell
    Jan 1 at 10:35











  • @DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

    – Richard W
    Jan 1 at 10:37













  • @Dale Burrell : Single quotes convert a date to a string which is very dangerous.

    – jdweng
    Jan 1 at 11:37








1




1





I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

– Dale Burrell
Jan 1 at 10:14







I would highly recommend investigating the SqlParameter class as the way to pass data to your SQL Server. However if you wish to get your current code working the issue is because strings need to be quoted using single quotes, so {0} should actually be '{0}'.

– Dale Burrell
Jan 1 at 10:14















Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

– Richard W
Jan 1 at 10:34







Oh, so all of those {0}, {1} etc. must always be enclosed with a single quotation mark? I didn't need to do that when I'm Console.Write-ing data and passing the value of some variables, though. Okay, I'll try to look for that one up, thanks for the response!

– Richard W
Jan 1 at 10:34















Strings and dates do, numbers don't.

– Dale Burrell
Jan 1 at 10:35





Strings and dates do, numbers don't.

– Dale Burrell
Jan 1 at 10:35













@DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

– Richard W
Jan 1 at 10:37







@DaleBurrell OHH! I remember now! When I wanna insert things in SQL Query, I need to use that ' with strings, hence that. Okay, I forgot about that piece of info as I'm working with C# now xD Thanks once again!

– Richard W
Jan 1 at 10:37















@Dale Burrell : Single quotes convert a date to a string which is very dangerous.

– jdweng
Jan 1 at 11:37





@Dale Burrell : Single quotes convert a date to a string which is very dangerous.

– jdweng
Jan 1 at 11:37












1 Answer
1






active

oldest

votes


















1














You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer
























  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30


















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer
























  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30
















1














You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer
























  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30














1












1








1







You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")





share|improve this answer













You should always stick to SqlParamter to avoid Sql Injection.Additionally, it would also help you avoid mistakes like missing a ', as have happened without code. 



    string commandText = @"INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES (@param1, @param2, @param3, @param4)";



        using (SqlConnection connection = new SqlConnection(connectionString))

        {

            SqlCommand cmd = new SqlCommand(sql,connection);

            cmd.Parameters.Add("@param1", SqlDbType.Varchar,10).value = "T001";  

            cmd.Parameters.Add("@param2", SqlDbType.Varchar, 100).value = "FoodName";

            cmd.Parameters.Add("@param3", SqlDbType.Money).value = 23;

            cmd.Parameters.Add("@param4", SqlDbType.Varchar, 100).value = "Food";

            cmd.CommandType = CommandType.Text;

            cmd.ExecuteNonQuery();

        }


Though not advisable, if you need to get your current code working, please wrap your varchar parameters with "'".



CommandText = string.Format("INSERT INTO [dbo.Food] ([FoodID], [FoodName], [FoodPrice], [FoodDescription]) VALUES ('{0}', '{1}', {2}, '{3}')", "T001", "FoodName", 23, "Food")






share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 1 at 10:23









Anu ViswanAnu Viswan

5,6552526




5,6552526













  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30



















  • Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

    – Richard W
    Jan 1 at 10:35








  • 1





    I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

    – Anu Viswan
    Jan 1 at 10:51











  • Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

    – Richard W
    Jan 1 at 11:00













  • It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

    – Anu Viswan
    Jan 1 at 11:06











  • @WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

    – Richardissimo
    Jan 1 at 23:30

















Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

– Richard W
Jan 1 at 10:35







Thanks for the response! What does SQL Injection mean, though? And why do I need to use single quotation mark? When I'm Console.Write-ing and passing variable values to said Console.Write, I do not need to enclose {0} with a single quotation mark.

– Richard W
Jan 1 at 10:35






1




1





I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

– Anu Viswan
Jan 1 at 10:51





I believe you already got answer for why quotes is needed. You could read more on Sql Injection here cisco.com/c/en/us/about/security-center/sql-injection.html

– Anu Viswan
Jan 1 at 10:51













Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

– Richard W
Jan 1 at 11:00







Okay thanks! One more question, why do you use using? Mine seems to work perfectly fine? I seem to have found it here! stackoverflow.com/questions/75401/… That means that I dont' have to manually do sqlCon.Close() in my case, right?

– Richard W
Jan 1 at 11:00















It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

– Anu Viswan
Jan 1 at 11:06





It ensures that IDisposable.Dispose Method is called, even if an exceptions occurs within the using block. In fact, this is equavalent of using try-catch and calling dispose in finally.

– Anu Viswan
Jan 1 at 11:06













@WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

– Richardissimo
Jan 1 at 23:30





@WealthyPlayer and Anu, it's worth noting that SqlCommand is also IDisposable so should also be in a using block.

– Richardissimo
Jan 1 at 23:30





Popular posts from this blog

android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 This is a simple project showing cubes on Unity, exported to android project and imported on Android studio. On maifest file it showed following warning: Expecting <uses-feature android:name="android.software.leanback" android:required="false" /> tag I have no information about it. And also on default emptyview android project does not use/mention this feature. I know it is required by TV's and such but why its not added by default? Why is this? And Should I concern about it? android unity3d
Read more

SQL update select statement

Image
0 I'm trying to update an entry in my database (postgresql). I'm having a problem with updating the query: INSERT INTO prices (price, product_id) SELECT product_price, commn_id FROM products_temp as prod WHERE NOT EXISTS (SELECT * FROM prices od WHERE prod.commn_id = od.product_id) OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) Query works fine when i delete: OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) So it seems to me that it's looping through this operation. My question is, how can I fix it? sql postgresql
Read more

'app-layout' is not a known element: how to share Component with different Modules

Image
0 My application was working fine until I decided to go with lazy loading: So, my shared component looks like this: import { Component, Renderer2 } from '@angular/core'; export interface FormModel { captcha?: string; } @Component({ selector: 'app-layout', templateUrl: './app-layout.component.html', styleUrls: ['./app-layout.css'] }) export class FullLayoutComponent { } app-layout.component.ts I am using this component in my Another component say school-home.component.html like this: <app-layout> </app-layout> and it was working fine until I created a Module school-home.module.ts like this: import { NgModule } from '@angular/core'; import { CommonModule } from '@angular/common'; import { SchoolhomeRoutingModule
Read more