-2

enter image description here

this is the query i have written

enter image description here

enter image description here

this is the exception that is showing enter image description here

Markus Meyer
  • 3,327
  • 10
  • 22
  • 35
Thar Han Thu
  • 1
  • 1
  • 3
    Welcome to Stack Overflow! Relevant code and error messages need to be included in your question *as text*, [not as pictures of text](https://meta.stackoverflow.com/q/285551/328193). Just linking to screen shots makes it more difficult for people to help you. To learn more about this community and how we can help you, please start with the [tour] and read [ask] and its linked resources. – David Aug 01 '22 at 17:53
  • 4
    Having said that... (1) The code is wide open to **SQL injection** which means you have very little control over the syntax to begin with. (2) It looks like you're trying to combine an `INSERT` and an `UPDATE` into one command. Separate them. – David Aug 01 '22 at 17:54
  • What are the values of `bookingID`, `name`, `phonenumber`, `checkin`, `cboRoomNumber.Text` – Markus Meyer Aug 01 '22 at 17:56
  • 1
    I am in room `15'); Drop Table Booking; --` – Sam I am says Reinstate Monica Aug 01 '22 at 18:03

1 Answers1

2

There is a trailing ' missing at '"+roomid+"'). Also looking at your code, my suggestion is for you to use parameterized queries instead of writing the SQL query directly and appending values to it. That way it will be cleaner, protected from SQL injection and you won't get any syntax errors like these.

Vidiya Prasanth Pappannan
  • 727
  • 6
  • 16