Syntax problem Inserting variables into database

Discussion in 'ASP .Net' started by altergothen, Apr 19, 2004.

  1. altergothen

    altergothen Guest

    Hi there

    I am a newbie to ASP.Net - Please Help!
    I am trying to insert the values of my variables into a database.
    If I try the following it works perfectly:
    string insertQuery = "INSERT into test(name,surname,email) VALUES('Bob',
    'Sly', '')";

    but instead of inputing the values directly, I want to insert them as
    variables like so:
    string insertQuery = "INSERT into test (name,surname,email)
    VALUES(name,surname,email)";

    The problem is that SQL requires ' ' around the values like this:
    string insertQuery = "INSERT into test (name,surname,email)
    VALUES('name','surname','email')";

    If I do it this way the values are taken literaly so the actual words
    name,surname,email are entered into the database instead of their values?

    Please can you tell me how I can insert the varibles values into my database

    Maybe my code will explain things more clearly ............

    <%@ Page Language="C#" Debug="true" %>
    <%@ Import Namespace="System.Data" %>
    <%@ Import Namespace="System.Data.SqlClient" %>
    <html>
    <head>
    <title>Inserting Data into a Database</title>
    <script language="C#" runat="server">

    void Page_Load()
    {
    string name;
    name="Bob";
    string surname;
    surname="Sly";
    string email;
    email="''";


    string connectionStr =
    @"server=localhost;uid=tempuser1;pwd=tempuser1;trusted_connection=true;datab
    ase=desertdollar";

    string insertQuery = "INSERT into test(name,surname,email) VALUES(name,
    surname, email)";

    SqlConnection connectObj = new SqlConnection(connectionStr);
    SqlCommand commandObj = new SqlCommand(insertQuery,connectObj);

    commandObj.Connection.Open();
    commandObj.ExecuteNonQuery();
    commandObj.Connection.Close();
    }

    </script>
    </head>
    <body>
    <h2>
    Inserting Data into a Database
    </h2>
    </body>
    </html>
     
    altergothen, Apr 19, 2004
    #1
    1. Advertisements

  2. Hi There,

    Please make the following changes and it should work.

    string insertQuery = "INSERT into test (name,surname,email) VALUES( '" +
    name +"','"+ surname + "','" + email + "')";

    HTH
    Ashish M Bhonkiya
     
    Ashish M Bhonkiya, Apr 19, 2004
    #2
    1. Advertisements

  3. altergothen

    Hans Kesting Guest

    You want "parameters".

    1) use as a query
    string insertQuery = "INSERT into test (name,surname,email)
    VALUES(@name,@surname,@email)";

    2) add parameters with the values
    commandObj.Parameters.Add("@name", name);
    (etc)

    This way you will have no problems with names like "O'Brien" etc.


    Hans Kesting
     
    Hans Kesting, Apr 19, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.