1

I am having a problem with this. I want to update a record in my database but, It keeps showing this message

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'values='85' WHERE stud_no='2014-0317-TSF-1'' at line 1

string myConnection = "datasource=localhost;port=3306;username=root;password=";
MySqlConnection myConn = new MySqlConnection(myConnection);
string Query = "UPDATE stud_grades.firstyear_firstgrading SET values='" + valuesTextBox.Text + "' WHERE stud_no='" + stud_noTextBox.Text + "';";
MySqlCommand SelectCommand = new MySqlCommand(Query, myConn);
myConn.Open();
SelectCommand.ExecuteNonQuery();
pravprab
  • 2,301
  • 3
  • 26
  • 43
user3458035
  • 15
  • 4
  • Questions should not contain tags in their title. http://meta.stackexchange.com/questions/19190/should-questions-include-tags-in-their-titles – Andrew Savinykh Mar 25 '14 at 04:11

2 Answers2

4

Use backticks for values bacause it is a keyword

http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html

Always use parameterized query to avoid SQL Injection

How does SQLParameter prevent SQL Injection

string Query = "UPDATE stud_grades.firstyear_firstgrading SET `values`=@values where 
                                stud_no=@stud_no";
MySqlCommand SelectCommand = new MySqlCommand(Query, myConn);
SelectCommand.Parameters.AddWithValue("@values ", valuesTextBox.Text);
SelectCommand.Parameters.AddWithValue("@stud_no", stud_noTextBox.Text);
myConn.Open();
SelectCommand.ExecuteNonQuery();
Community
  • 1
  • 1
Nagaraj S
  • 13,316
  • 6
  • 32
  • 53
2

VALUES is a reserved MySQL word: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html

Either rename this field or include values in back-ticks: `