Error in SQL syntax statement

Question

C# keeps coming up with an error:

Additional information: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2pcs Fashion Cool Universal Black Real Original Car Headlight Eyelashes Sticker,' at line 1

My SQL statement is at the bottom in the picture.

http://i42.tinypic.com/350uqm9.png

Please have the courtesy to include the SQL statement as text in your question. — Gordon Linoff, Jan 10 '14 at 21:53
Then type it out. That picture link is going to die someday and this question is going to be useless. It's also somewhat rude to foist this work onto anyone seeking to answer the question. — Chris Hayes, Jan 10 '14 at 21:55

score 4 · Answer 1 · edited May 23 '17 at 12:03

The answer is that you have not written the correct SQL.

First, you have embedded values for the SQL directly into the SQL. This is most often prone to SQL Injection attacks.

Basically, you should not do this.

But let's let that slide for a moment.

(Secondly) If you were to properly embed values directly into the SQL, you need to quote strings.

This is not legal:

INSERT INTO some_table (some_varchar_column) VALUES (some text)

This is legal:

INSERT INTO some_table (some_varchar_column) VALUES ('some text')
                                                     ^         ^

Notice the quotes? You're missing them.

But, you should use Parameterized Queries.

score 0 · Answer 2 · answered Jan 10 '14 at 21:54

0

your literal text should be surrounded by single quotes.

answered Jan 10 '14 at 21:54

Randy

16,480
1
37
55

Error in SQL syntax statement

2 Answers2