Creating a table in MySQL using c# error

Question

I am trying to create a table in a previously created database.

Here is my code:

private void button2_Click(object sender, EventArgs e)
{
  label8.Text = textBox2.Text;
  label8.Visible = true;
  MySqlConnection connection = new MySqlConnection("datasource=localhost;port=3306;username=root;password=root");
  MySqlCommand command = new MySqlCommand("CREATE TABLE " + label8.Text + "(Team Name VARCHAR(20) NOT NULL, Wins INT(2) NULL, Place INT(2) NULL AUTOINCREMENT", connection);
  connection.Open();
  command.ExecuteNonQuery();
  textBox3.Enabled = true;
  connection.Close();
}

I am currently getting the following error:

MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name VARCHAR(20) NOT NULL, Wins INT(2) NULL, Place INT(2) NULL AUTOINCREMENT' at line 1'

Does anyone know how to fix this?

Look like there are couple of errors. Between the tablename and `(Team` there is not space. Also you are opening parentheses at `(Team` but not closing it at `AUTOINCREMENT`. — Chetan, May 15 '18 at 09:15
Also look into sanitizing `label8.Text` as this code could be exploited using SQLInjection — Freggar, May 15 '18 at 09:16
Try using a SQL Connection like this, you wont have Problems with SQL Injections and so on https://stackoverflow.com/questions/21709305/how-to-directly-execute-sql-query-in-c-have-example-batch-file?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa — Cataklysim, May 15 '18 at 09:26
Possible duplicate of [How to directly execute SQL query in C#? Have example batch file](https://stackoverflow.com/questions/21709305/how-to-directly-execute-sql-query-in-c-have-example-batch-file) — Cataklysim, May 15 '18 at 09:26

score 0 · Answer 1 · answered May 15 '18 at 09:18

You have to be careful with reserved words and names of tables and column names.. names such as "Team Name" without quotes will be taken as column team, with now a reserved word after.

The preferred mysql way round this is to use back ticks so team name becomes `team name`

Creating a table in MySQL using c# error

1 Answers1