sql - Solution to this error -


i have written query:

string sql = "update db " +                          "set lname = '"+txtlname.gettext()+"'," +                                "atc_code = '"+txtatccode.gettext()+"'," +                               "atc_name= '"+txtatcname.gettext()+"'," +                                "course_name =  '"+txtcoursename.gettext()+"'," + "course_fee = '"+txtcoursefee.gettext()+"'," + "where fname = '"+txtfname.gettext()+"' "; 

and got error like:

malformed sql statement: expected ',', found 'anuja'`. statement:update db set lname = 'df',atc_code = '323',atc_name= 'sd',course_name =  'd',course_fee = '534',where fname = 'anuja' 

remove last , set statement:

string sql = "update db " +    "set lname = '"+txtlname.gettext()+"'," +    "atc_code = '"+txtatccode.gettext()+"'," +    "atc_name= '"+txtatcname.gettext()+"'," +    "course_name =  '"+txtcoursename.gettext()+"'," +    "course_fee = '"+txtcoursefee.gettext() + //here not need '    "where fname = '"+txtfname.gettext()+"' "; 

on side note, kind of sql command generation(concatenating strings contains values) suspect sql injection attacks, prevent type of attacks, use paramaters , set parameters values instead. see sql injection more information.


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -