Solved

C# String concatenation for a sql query

Posted on 2014-04-15
7
216 Views
Last Modified: 2014-04-16
This is simple, but I am having trouble getting it right. I have a sql string in C# pulling data from a table. The string is:

string strData = "select * FROM vwHistory where lowTeam1 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + "' OR lowTeam2 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " order by Date DESC, TransID DESC";

I'm getting an incorrect syntax error at the OR clause. What am I doing wrong? Thanks.
0
Comment
Question by:dodgerfan
7 Comments
 
LVL 11

Assisted Solution

by:MajorBigDeal
MajorBigDeal earned 250 total points
ID: 40002972
There is a single quote after ddlYear.SelectedValue  but none before it.
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 40002973
If you use parameterized queries, then you don't have to worry about such trivial things   ; )
0
 
LVL 23

Accepted Solution

by:
Michael74 earned 250 total points
ID: 40002976
Check your quotes

"select * FROM vwHistory where lowTeam1 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " OR lowTeam2 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " order by Date DESC, TransID DESC";

You had an extra single quote in your string

   AND Year = " + ddlYear.SelectedValue + "'

Michael
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Closing Comment

by:dodgerfan
ID: 40002989
Thanks I knew it would be something I kept missing.
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 40003011
I certainly hope this code isn't exposed to the web...
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 40003059
dodgerfan, you might want to look at Linq or Entity Framework to avoid embedding raw SQL strings into your code.  It is so much easier and more flexible to debug DB-related code than the approach you are using.
0
 
LVL 7

Expert Comment

by:niralshah
ID: 40003754
Replace your code with following code.

string strData = string.format("select * FROM vwHistory where (lowTeam1 = '{0}' AND Year={1}) OR (lowTeam2 = '{0}' AND Year = {1}) order by Date DESC, TransID DESC", ddlTeam.SelectedValue,ddlYear.SelectedValue,ddlTeam.SelectedValue);
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

In order to hide the "ugly" records selectors (triangles) in the rowheaders, here are some suggestions. Microsoft doesn't have a direct method/property to do it. You can only hide the rowheader column. First solution, the easy way The first sol…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now