Hi I've been struggling to find what I did wrong but can't seem to find it and I was hoping if you could help me. Here is the code
protected void Button3_Click(object sender, EventArgs e) {
Random r = new Random();
int num = r.Next(1,10);
var GUsername = Session["U_Email"].ToString();
conn.Open();
query = "";
query = "INSERT INTO [CartForDelivery] (OR,User_Email,Date,Date_To_Deliver,TotalPayment,P_Print) VALUES ('" + num + "','" + GUsername + "','" + DateTime.Now.ToString("MM/dd/yyyy") + "','" + DateTime.Now.AddDays(2).ToShortDateString() + "','" + lblmsg.Text + "','NP')";
SqlCommand cmd = new SqlCommand(query, conn);
cmd.ExecuteNonQuery();
conn.Close();
for (int i = 0; i <= GridView1.Rows.Count - 1; i++)
{
Label gvr = (Label)GridView1.Rows[i].Cells[1].FindControl("lblname");
conn.Open();
SqlCommand ddcmd = new SqlCommand("update [B_Products] set OR = '" + num + "', Status = 'Complete', P_Print = 'NP' where User_Email = '" + GUsername + "' AND Date ='" + DateTime.Now.ToString("MM/dd/yyyy") + "' and Status = 'Pending' and Products = '" + gvr.Text + "'", conn);
ddcmd.ExecuteNonQuery();
conn.Close();
update();
//S Response.Redirect("ThanksC.aspx");
}
}
I check if its because no data is added to my OR, but my random generator seems to be working fine, below image is how I checked it enter image description here
the error is highlighting cmd.ExecuteNonQuery(); and saying Incorrect syntax near the keyword 'OR'.
