asp.net - Runtime Exception Incorrect Syntax Near '=' - 


<%@ page language="c#" autoeventwireup="true" codefile="postreplyadmin.aspx.cs" inherits="postreplay" masterpagefile="~/adminmaster.master" title="post-reply page"%> <%@ import namespace="system.data" %> <%@ import namespace="system.data.sqlclient" %>  <asp:content contentplaceholderid="contentplaceholder1" runat="server"> <%     string postid = request.querystring["id"];     sqlconnection con = new sqlconnection(configurationmanager.connectionstrings["civilregdb"].connectionstring);     con.open();     string sql = "select * forumthread postid=" + postid;     sqldataadapter da=new sqldataadapter(sql,con);             dataset ds=new dataset();     da.fill(ds);     datarow drow = ds.tables[0].rows[0];     string name = drow["name"].tostring();     string desc = drow["description"].tostring();     datetime dt = convert.todatetime(drow["postdate"].tostring());     string postdate = dt.tostring("dd/mm/yyyy",system.globalization.cultureinfo.invariantculture );     string mailid = drow["email"].tostring();     %> </asp:content>

i'm getting sqlexception while i'm trying reply post. error: incorrect syntax near '='. i've looked around find other questions similar mine, can't find worth me.

i'm getting error on "da.fill(ds);". can me out on this...:(

your postid string should enclosed single quotes '

string sql = "select * forumthread postid='" + postid +"'";

but better if use sqlparameter save sql injection.

like:

string postid = request.querystring["id"]; sqlconnection con = new sqlconnection(configurationmanager.connectionstrings["civilregdb"].connectionstring); con.open(); string sql = "select * forumthread postid=@postid"; //parameter sqlcommand cmd = new sqlcommand(sql, con); cmd.parameters.addwithvalue("postid", postid); sqldataadapter da = new sqldataadapter(cmd); // pass command adapter dataset ds = new dataset(); da.fill(ds); datarow drow = ds.tables[0].rows[0]; string name = drow["name"].tostring(); string desc = drow["description"].tostring(); datetime dt = convert.todatetime(drow["postdate"].tostring()); string postdate = dt.tostring("dd/mm/yyyy", system.globalization.cultureinfo.invariantculture); string mailid = drow["email"].tostring();

Comments

Post a Comment

Popular posts from this blog

c# - Operator '==' incompatible with operand types 'Guid' and 'Guid' using DynamicExpression.ParseLambda<T, bool> -

i'm using dynamic linq library , there source code , basic docu , nuget version pm> install-package dynamiclinq i'm trying construct clause involves guids i have tried string "id == @0" . parameter array object[] value ( guid xxxx ) var whereclausesb = buildlogicalkeywhereclause2(entity, logicalkey); //build string var parms = buildparamarray(entity, logicalkey); // object[] var wherelambda = ofsi.bos.core.dynamicexpression.parselambda<t, bool>(whereclausesb.tostring(),parms); //parse an exception thrown in dynamicexpression.parselambda operator '==' incompatible operand types 'guid' , 'guid' i have tried guid , string.(fail) i tried , "id = @0" (fail). string == string works, int32==int32 not guid == guid not any ideas? try using equals method instead of == operator in string: "id.equals(@0)"
Read more