0

I'm new in this field. Trying to insert the values from textbox to my database table, but I get an error at

 adapter.InsertCommand.ExecuteNonQuery();

Can anyone help me solve this?

SqlCommand command;
SqlDataAdapter adapter = new SqlDataAdapter(); 

String sql = "insert into NewName values('" + first_Name.Text + "','" + last_Name.Text + "','" + user.Text + "','" + email.Text + "','" + password.Text + "','" + contact.Text + "')";

command = new SqlCommand(sql,con);

adapter.InsertCommand = new SqlCommand(sql,con); 

// this line here is showing the error
adapter.InsertCommand.ExecuteNonQuery();

command.Dispose();
con.Close();

enter image description here

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • Do you really have a table named "table"? – George Menoutis Jul 06 '18 at 13:49
  • 4
    `table` is a SQL reserved word, do you really have a table called table? – DavidG Jul 06 '18 at 13:49
  • @DavidG You and I, we speak the same language.... – George Menoutis Jul 06 '18 at 13:51
  • yes .my table name is table –  Jul 06 '18 at 13:51
  • @NavidAnjum, as far as I know sql-server does not even allow you to create a table with name..table. If it does I assume you are using brackets like: [table], however I don't believe you can – apomene Jul 06 '18 at 13:53
  • 3
    I suggest thinking of a better name for your table, other than `table`. I also **strongly** recommend parametrising your SQL. SQL injection is not your friend. – Thom A Jul 06 '18 at 13:53
  • ok .I'm checking if the name is problem –  Jul 06 '18 at 13:53
  • 2
    @apomene, sql server is surprisingly forgiving when you use brackets, you can even use non-printable characters if you like (and watch the world burn). – HoneyBadger Jul 06 '18 at 13:55
  • If you have to use the word table put it in brackets like this [table] that way you can use reserved words and special characters I beleive, but still not a good practice and not very descriptive – Brad Jul 06 '18 at 13:55
  • @apomene you can create a table called `table`. `CREATE TABLE [TABLE]([COLUMN] int);` would work fine. You can even do REALLY silly things like `CREATE TABLE [dbo.The most **STUPID** [table]] name in the... World!] (ID int);` – Thom A Jul 06 '18 at 13:55
  • https://stackoverflow.com/questions/52898/what-is-the-use-of-the-square-brackets-in-sql-statements – Aristos Jul 06 '18 at 13:55
  • @HoneyBadger that reminds me of a question someone asked here a couple of months ago. It ended up that they had something like a `CHAR(0)` at the end or start of their object's name. /headdesk – Thom A Jul 06 '18 at 13:58
  • Larnu, in your example, is "dbo." part of the table name? So I can select .dbo.[dbo. blah blah blah]? – George Menoutis Jul 06 '18 at 14:00
  • i have change the name .but same error –  Jul 06 '18 at 15:05
  • No, it's a different error... – DavidG Jul 06 '18 at 15:21
  • You have changed the question, thereby invalidating the answer and these comments. You clearly get a new error, please do your research again and, if necessary ask a new question. And please change this question back to its original question. – HoneyBadger Jul 06 '18 at 16:15

3 Answers3

3

Since your table is called table and that is a SQL reserved word, you have two choices:

  1. Change your table name. This is the only option you should be considering but for completeness;

  2. Quote the name of the table:

    insert into [table] values....
DavidG
  • 113,891
  • 12
  • 217
  • 223
  • 2
    I would add that the OP MUST start using parameters in their queries before bobby tables comes to visit. http://bobby-tables.com/ – Sean Lange Jul 06 '18 at 14:03
  • @NavidAnjum You get *exactly* the same error? Hint: the answer is no, because you also changed the error message. I have answered your question, and you are now seeing a new problem. – DavidG Jul 06 '18 at 15:08
0

You do not list your column name on insert. This means you are also attempting to insert your identity column as well. Always list your column names

insert into NewName (firstname, lastname, username, email, password, contact)
values('" + first_Name.Text + "','" + last_Name.Text + "','" + user.Text + "','" + email.Text + "','" + password.Text + "','" + contact.Text + "')
Eric
  • 3,165
  • 1
  • 19
  • 25
  • After adding the column name it's showing error again .Incorrect syntax near the keyword 'user'. –  Jul 06 '18 at 15:58
  • @NavidAnjum Output your `sql` before executing it, and see if there's syntax error or not. – Eric Jul 06 '18 at 16:06
0

Yes I've done it .I was using "user" in table column which is not allowed .After changing the column name everything works. This is the code

        SqlCommand command;
        SqlDataAdapter adapter = new SqlDataAdapter();

        String sql = "insert into NewName  values('" + first_Name.Text + "','" + last_Name.Text + "','" + user.Text + "','" + email.Text + "','" + password.Text + "','" + contact.Text + "')";

     
        command = new SqlCommand(sql, con);

        adapter.InsertCommand = new SqlCommand(sql, con);

        // this line here is showing the error
        adapter.InsertCommand.ExecuteNonQuery();

        command.Dispose();
        con.Close();