for 5 hour searching can't find mistake. exception. wrong?
an unhandled exception of type 'system.data.oledb.oledbexception' occurred in mydictionary.exe
additional information: syntax error in insert statement.
my code:
public void insert(word word) { string language=findlanguage(); try { command.commandtext ="insert "+language+" ( native , foreign , definition , addingdate) values ( '" + word.native + "' , '" + word.foreign + "' , '" + word.definition + "' ,'" + word.addingdate + "')"; command.commandtype = system.data.commandtype.text; connection.open(); command.executenonquery(); } catch (exception) { throw; } { if (connection != null) { connection.close(); } } }
you should use parameters in insert statement.also looks missing command.connection = connection;. note sql prone sql injection
command.commandtext ="insert "+language+"([native],[foreign],[definition],[addingdate]) values (@native,@foreign,@definition,@addingdate)"; command.parameters.addwithvalue("@native", word.native); command.parameters.addwithvalue("@foreign",word.foreign); command.parameters.addwithvalue("@definition",word.definition); command.parameters.addwithvalue("@addingdate",word.addingdate); command.commandtype = system.data.commandtype.text; command.connection = connection; connection.open(); command.executenonquery(); 
Comments
Post a Comment