C# String concatenation for a sql query

Posted on 2014-04-15
Last Modified: 2014-04-16
This is simple, but I am having trouble getting it right. I have a sql string in C# pulling data from a table. The string is:

string strData = "select * FROM vwHistory where lowTeam1 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + "' OR lowTeam2 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " order by Date DESC, TransID DESC";

I'm getting an incorrect syntax error at the OR clause. What am I doing wrong? Thanks.
Question by:dodgerfan
LVL 11

Assisted Solution

MajorBigDeal earned 250 total points
ID: 40002972
There is a single quote after ddlYear.SelectedValue  but none before it.
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 40002973
If you use parameterized queries, then you don't have to worry about such trivial things   ; )
LVL 23

Accepted Solution

Michael74 earned 250 total points
ID: 40002976
Check your quotes

"select * FROM vwHistory where lowTeam1 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " OR lowTeam2 = '" + ddlTeam.SelectedValue + "' AND Year = " + ddlYear.SelectedValue + " order by Date DESC, TransID DESC";

You had an extra single quote in your string

   AND Year = " + ddlYear.SelectedValue + "'

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud


Author Closing Comment

ID: 40002989
Thanks I knew it would be something I kept missing.
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 40003011
I certainly hope this code isn't exposed to the web...
LVL 11

Expert Comment

ID: 40003059
dodgerfan, you might want to look at Linq or Entity Framework to avoid embedding raw SQL strings into your code.  It is so much easier and more flexible to debug DB-related code than the approach you are using.

Expert Comment

ID: 40003754
Replace your code with following code.

string strData = string.format("select * FROM vwHistory where (lowTeam1 = '{0}' AND Year={1}) OR (lowTeam2 = '{0}' AND Year = {1}) order by Date DESC, TransID DESC", ddlTeam.SelectedValue,ddlYear.SelectedValue,ddlTeam.SelectedValue);

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Run time Error 4 47
C# parent child form 5 28
HTML - Color not displaying correctly in EMAIL. 6 37
Create a WebAPI using a generic return parameter 9 25
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question