Solved

C# String concatenation for a sql query

Posted on 2014-04-15
7
217 Views
Last Modified: 2014-04-16
This is simple, but I am having trouble getting it right. I have a sql string in C# pulling data from a table. The string is:

string strData = "select * FROM vwHistory where lowTeam1 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + "' OR lowTeam2 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " order by Date DESC, TransID DESC";

I'm getting an incorrect syntax error at the OR clause. What am I doing wrong? Thanks.
0
Comment
Question by:dodgerfan
7 Comments
 
LVL 11

Assisted Solution

by:MajorBigDeal
MajorBigDeal earned 250 total points
ID: 40002972
There is a single quote after ddlYear.SelectedValue  but none before it.
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 40002973
If you use parameterized queries, then you don't have to worry about such trivial things   ; )
0
 
LVL 23

Accepted Solution

by:
Michael74 earned 250 total points
ID: 40002976
Check your quotes

"select * FROM vwHistory where lowTeam1 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " OR lowTeam2 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " order by Date DESC, TransID DESC";

You had an extra single quote in your string

   AND Year = " + ddlYear.SelectedValue + "'

Michael
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Closing Comment

by:dodgerfan
ID: 40002989
Thanks I knew it would be something I kept missing.
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 40003011
I certainly hope this code isn't exposed to the web...
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 40003059
dodgerfan, you might want to look at Linq or Entity Framework to avoid embedding raw SQL strings into your code.  It is so much easier and more flexible to debug DB-related code than the approach you are using.
0
 
LVL 7

Expert Comment

by:niralshah
ID: 40003754
Replace your code with following code.

string strData = string.format("select * FROM vwHistory where (lowTeam1 = '{0}' AND Year={1}) OR (lowTeam2 = '{0}' AND Year = {1}) order by Date DESC, TransID DESC", ddlTeam.SelectedValue,ddlYear.SelectedValue,ddlTeam.SelectedValue);
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article series is supposed to shed some light on the use of IDisposable and objects that inherit from it. In essence, a more apt title for this article would be: using (IDisposable) {}. I’m just not sure how many people would ge…
Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now