'' is not a valid name. Make sure that it does not include invalid characters or punctuation and tha

Discussion in 'ASP .Net' started by rote, Jan 23, 2008.

  1. rote

    rote Guest

    Hello Everyone,
    I'm retrieving data from Excel from my asp.net page
    The WorkSheet name is StatusPasPorts.

    When i remove the column [Account Reference No.] it does work fine but if i
    use it i get error :
    '' is not a valid name. Make sure that it does not include invalid
    characters or punctuation and that it is not too long.

    SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
    Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$] where
    [Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by [Event
    Date] ASC

    Any ideas what i'm missing.

    Thanks in Advance
     
    rote, Jan 23, 2008
    #1
    1. Advertising

  2. rote

    Hans Kesting Guest

    rote explained on 23-1-2008 :
    > Hello Everyone,
    > I'm retrieving data from Excel from my asp.net page
    > The WorkSheet name is StatusPasPorts.
    >
    > When i remove the column [Account Reference No.] it does work fine but if i
    > use it i get error :
    > '' is not a valid name. Make sure that it does not include invalid characters
    > or punctuation and that it is not too long.
    >
    > SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
    > Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$] where
    > [Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by [Event
    > Date] ASC
    >
    > Any ideas what i'm missing.
    >
    > Thanks in Advance


    I have no experience with querying excel in this way, but the
    errormessage suggests that there might be an invalid character. I think
    the "." in [Account Reference No.] is a candidate. Try removing it
    (also from the excel file).

    Some other remarks:
    I take it "TextBox1" is a TextBox? Then the .Text property is already a
    string, so you don't need the ".ToString()".

    What if someone used a "mobile number" the string "x' OR '1'='1"?
    Then your query would return everything. This is "sql injection". In
    normal database queries you can use parameters to guard against that.

    Hans Kesting
     
    Hans Kesting, Jan 23, 2008
    #2
    1. Advertising

  3. also, test to make sure that you're really getting a value in TextBox1.Text.
    The '' usually means an empty string which, if the TextBox1 was empty, would
    look exactly like ''.

    When passing dynamic queries, it's often easiest to set the query to a
    string variable first so you easily see what you're about to pass to the
    database query. Then you could use Trace.Write (or Response.Write for the
    more old-fashioned classic asp approach) to see what the actual dynamic
    query contains. Checking the query passed helps you from trying to figure
    out what's wrong with the query when the query could be fine, it's the data
    getting passed into it that's bad or non-existant.

    Hope this helps,
    Mark Fitzpatrick
    Microsoft MVP - Expression

    "rote" <> wrote in message
    news:...
    > Hello Everyone,
    > I'm retrieving data from Excel from my asp.net page
    > The WorkSheet name is StatusPasPorts.
    >
    > When i remove the column [Account Reference No.] it does work fine but if
    > i use it i get error :
    > '' is not a valid name. Make sure that it does not include invalid
    > characters or punctuation and that it is not too long.
    >
    > SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
    > Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$]
    > where [Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by
    > [Event Date] ASC
    >
    > Any ideas what i'm missing.
    >
    > Thanks in Advance
    >
    >
    >
    >
     
    Mark Fitzpatrick, Jan 23, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page