c# - There was an error parsing the query. [ Token line number = 1 ...] -
i tried using stringbuilder make process simpler showing error , don't understand whether problem stringbuilder or code syntax.
code:
if (datagridview4.rowcount == 0) { messagebox.show("attendance form empty"); } else { //string att; int = datagridview4.rowcount; string[] s = new string[a]; (int = 0; < a; i++) { if (datagridview4.rows[i].cells[1].selected) { s[i] = "present"; } else { s[i] = "absent"; } } string[] s1 = new string[a]; (int = 0; < a; i++) { s1[i] = datagridview4.rows[i].cells[0].value.tostring(); } string date = datetimepicker1.value.tostring("dd-mm-yyyy"); stringbuilder command = new stringbuilder(); (int = 0; < a; i++) { command.append("insert attendance (att_date, emp_code, is_present) values ('" + date + "','" + s1[i] + "','" + s[i] + "')"); } sqlceconnection conn = new sqlceconnection(@"data source=c:\users\admin\documents\visual studio 2010\projects\windowsformsapplication1\windowsformsapplication1\hotel.sdf"); conn.open(); sqlcecommand cmd = new sqlcecommand(command.tostring(),conn); cmd.executenonquery(); messagebox.show("attendance added"); please me solve error, if have suggestion make above code simpler please let me know.
thanks in advance!
you need use parameters avoid sql injection attacks , don't need convert string did date time parameter..
using (sqlceconnection con = new sqlceconnection(strconn)) { con.open(); using (sqlcecommand cmd = new sqlcecommand("insert attendance (att_date, emp_code, is_present) values (@att_date, @emp_code, @is_present)", con)) { cmd.parameters.addwithvalue("@att_date", datetimepicker1.value); cmd.parameters.addwithvalue("@emp_code", emp_codeval); //s1[i] cmd.parameters.addwithvalue("@is_present", is_presentval); //s[i] cmd.commandtype = system.data.commandtype.text; cmd.executenonquery(); } } if have many records insert try use sqlceresultset, can check msdn example code given on link.
for each grid row can following
// sample need write table sqlceupdatablerecord rec = rs.createrecord(); rec.setint32(0, 34); rec.setdecimal(1, (decimal)44.66); rec.setstring(2, "sample text"); rs.insert(rec);
Comments
Post a Comment