protected void Page_Load(object sender, EventArgs e)
{
if(IsPostBack)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["registrationConnectionString"].ConnectionString);
con.Open();
string checkuser = "select count(*) from Table1 where UserName=' " + TextBoxUN.Text + "'";
SqlCommand com = new SqlCommand(checkuser, con);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if(temp==1)
{
Response.Write("user already exists");
}
con.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["registrationConnectionString"].ConnectionString);
con.Open();
string insertQuery = "insert into Table1 (UserName,E-Mail,Password,Country) values(@uname,@email,@password,@country)";
SqlCommand com = new SqlCommand(insertQuery, con);
com.Parameters.AddWithValue("@uname", TextBoxUN.Text);
com.Parameters.AddWithValue("@email", TextBoxEMAIL.Text);
com.Parameters.AddWithValue("@password", TextBoxPASS.Text);
com.Parameters.AddWithValue("@ucountry", DropDownList1.SelectedItem.ToString());
com.ExecuteNonQuery();
Response.Redirect("manager.aspx");
Response.Write("sucess");
con.Close();
}
catch(Exception ex)
{
Response.Write("error" + ex.ToString());
}
the error:error
System.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near '-'. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource
1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at loginpage.registration.Button1_Click(Object sender, EventArgs e) in c:\users\raja\documents\visual studio 2015\Projects\loginpage\loginpage\registration.aspx.cs:line 45 ClientConnectionId:28cc7d33-4de5-4267-94a6-a6dd6d59ef49 Error Number:102,State:1,Class:15
The column name E-Mail
is confusing the query parser. Non-letter characters in column/table/etc. names are generally a bad idea, so the best fix is to change that column name to something like EMail
.
You can use these characters in your object names if you really want to, but doing so requires explicitly telling the query which parts are object names by wrapping them in []
characters:
insert into Table1 (UserName,[E-Mail],Password,Country) values(@uname,@email,@password,@country)
The []
is specific to SQL Server and varies by other database vendors.
There's really no reason why you can't/shouldn't get in the habit of identifying objects anyway:
INERT INTO [Table1] ([UserName], [E-Mail], [Password], [Country]) VALUES (@uname, @email, @password, @country)
As a matter of opinion there are those who would argue that it's easier to read a query this way. At the very least it's easier for the query parser to read it in the event that there are "special characters" in the object names.
User contributions licensed under CC BY-SA 3.0