ABOUT Incorrect syntax near the keyword 'where'

Question

 string sqlstr=string.Format("insert into ocs_outages(tt_id,out_date,description) values('{0}','{1}','{2}') where 'tt_id' not in (select tt_id from ocs_outages)",dr[1], Convert.ToDateTime(dr[3]).ToString("yyyy-MM-dd HH:mm:ss"), dr[2]);

the bug is "Incorrect syntax near the keyword 'where'." what is this wrong in here? how to work it?

and the I need to tell user update finish or fail to update . what should I do ? thanks to spend to read it. Forgive my poor English.

Your code is vulnerable to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) attacks. For the sake of your users, *please* use [parameterized queries](https://msdn.microsoft.com/en-us/library/vstudio/Bb738521(v=VS.100).aspx). — p.s.w.g, Aug 07 '15 at 03:31

Harshit · Accepted Answer · 2015-08-07T03:35:07.423

0

Why use INSERT statement with WHERE CLAUSE ?

INSERT is used to create a new Row

Use UPDATE query if you want to update any already created row.

EDIT : Try something like this

IF NOT EXISTS (SELECT * FROM TABLE WHERE COLUMN = 'VALUE')
   INSERT INTO ocs_outages(tt_id,out_date,description) 
          VALUES('{0}','{1}','{2}')

edited Aug 07 '15 at 03:35

answered Aug 07 '15 at 03:25

Harshit

5,147
9
46
93

Because this is a new data but I need to check it have existed in the datatable. – Leong Wun Meng Aug 07 '15 at 03:31
it's work!!!!thank you . but how to tell user update success or fail – Leong Wun Meng Aug 07 '15 at 09:41

ABOUT Incorrect syntax near the keyword 'where'

1 Answers1