0

I have an information entry form that I want this information to be stored in a table, and I have a combo box whose information is read from the bank, but when saving the id of the combo box, it is not saved in the table I want and gives an error

and this is error when click save button

System.Data.SqlClient.SqlException: 'Incorrect syntax near '2'.'

fill combo box
`//fill area
            var data_area = SQLHelper.ExecQueryDataAsDataTable("select  idunit, Area from pi_unit");
            cbara.Properties.DataSource = data_area;
            cbara.Properties.ValueMember = "idUnit";
            cbara.Properties.DisplayMember = "Area";`

this is sql connection and insert into command:

  string query = "insert into 
Pi_Line_No(idUNIT,Line,Line_Size,Circuit,Serial,Pipe_Class) values("+idUNIT+",'"+Line+"','"+Size+"','"+Circuit+"','"+Serial+"','"+PipeClass+"')";

            using (SqlConnection connection = new SqlConnection("/* connection info */"))
            {
                using (SqlCommand command = new SqlCommand(query, connection))
                {
                    connection.Open();
                    command.ExecuteNonQuery();
                }
            }

I want the form information to be saved in the table, but a combo box gives an error when saving.

sajad saeedi azad
  • 3
  • 1
  • 4
  • **WARNING:** Your code is **dangerous**. It is wide open to SQL injection attacks. Always, *always, **always*** parametrise your code. [Why do we always prefer using parameters in SQL statements?](//stackoverflow.com/q/7505808) If you fix the security flaw, you'll fix the problem here. – Thom A Apr 12 '23 at 15:52
  • @ThomA please help me in resolve this problem – sajad saeedi azad Apr 12 '23 at 16:03
  • Again, parametrise. The linked duplicate shows you how to do that. – Thom A Apr 12 '23 at 16:05

0 Answers0