0

I'm trying to get this code working, but every time I debug it, I come across this error.

This is my code:

private void button3_Click(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection(ConnectionString);

    SqlDataAdapter sda = new SqlDataAdapter($"Select Count(*) from Table Where 'Utilizador=' '{textBox1.Text}' and Passe='{textBox2.Text}'", selectConnection: con);

    DataTable dt = new DataTable();
    sda.Fill(dt);

    if (dt.Rows[1][2].ToString() == "1")
    {
        this.Hide();

        Form2 ss = new Form2();
        ss.Show();
    }
    else
    {
        MessageBox.Show("Utilizador e/ou Palavra Passe errados. Caso o erro pressista contacte o administrador de sistema.", "SiGiG - Alerta");
    }
}

The error is

System.Data.SqlClient.SqlException: 'incorrect syntax near 'table'.'

and is thrown on this line of code:

sda.Fill(dt);

I appreciate all the help I can get, and sorry about my English.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
David Nogueira
  • 19
  • 2
  • 2
    Are you saying you have a table named "table"? If so, try putting square brackets around it. E.g. [table]. – itsme86 Mar 02 '18 at 18:12
  • 1
    Table is a reserved keyword for Sql Server. If you really have a table with that name (bad idea) you should write it in your queries with square brakets around it – Steve Mar 02 '18 at 18:12
  • Have you tried running this query in an interactive SQL tool like SQL Server Management Studio? – JamesFaix Mar 02 '18 at 18:13
  • 4
    After fixing this trivial error, please pay attention to the fact that your query is vulnerable to [sql injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). Use parameters and do not put input typed by your user directly in your query – Steve Mar 02 '18 at 18:13
  • 1
    Do not “try putting square brackets around it”; `Table` is a bad name for a SQL table, change the name to something meaningful. – Dour High Arch Mar 02 '18 at 18:16
  • Ok putting the bracklets solved the problem but the same error appears again but now System.Data.SqlClient.SqlException: 'Incorrect syntax near ''.'" – David Nogueira Mar 02 '18 at 18:17
  • @DavidNogueira another typo, you don't put field names and the = operator between quotes – Steve Mar 02 '18 at 18:19
  • 1
    And you don't get three columns and two rows out of that query. I really recommend you to read more documentation about SQL and ADO.NET. – Steve Mar 02 '18 at 18:21
  • already working, I'm newbie and Steve when he warned me about 3 columns and 2 lines I realized it was another mistake of lack of attention. Thanks – David Nogueira Mar 02 '18 at 18:33

1 Answers1

1

This is an error from SQL engine and is most probably being caused by the table keyword. It is not recommended to use keywords as table names. But if you want to use that, use square brackets as follows: Select Count(*) from [Table] You will find related explanation here

You need to remove the single quotes around Utilizador= too.

Also, dt.Rows[1 ][2] will return value on the second row and third column. In your case, you would need: dt.Rows[0][0]

King of the North
  • 393
  • 1
  • 5
  • 19