I have this error: error you have an error in your sql syntax check the

Question

I have this error: error you have an error in your sql syntax check the

Navigation

#1 by (2 votes)
#2 by (0 votes)

0

I was configuring one of my form where I was adding the button to find the one when I indicated an ID I would upload the patient data to all my texbox, when making the code and when executing it, everything was fine until the moment when I wanted to save The data of my appointment form I get the following, I would like to help me and tell me that this error comes.

error you have an error in your sql syntax check the manual that corresponds to your mysql server version for the syntax to use near ') at Line 1

This is my Code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using MySql.Data.MySqlClient;

namespace Consultorio_Clinico
{
    public partial class Citas : Form
    {
        public Citas()
        {
            InitializeComponent();
        }
         MySqlConnection conectar = new MySqlConnection("server=localHost;DataBase=consulta_clinica;Uid=1234;pwd=polo123;");
         MySqlCommand comando;
         MySqlDataReader mdr;

        private void button7_Click(object sender, EventArgs e)
        {
            {
                this.Close();
            }
        }

        private void button1_Click(object sender, EventArgs e)
        {
            conectar.Open();

            string selectQuery = "select * from paciente where id_pacient=" + int.Parse(txtbuscarnom.Text);
            comando = new MySqlCommand(selectQuery, conectar);
            mdr = comando.ExecuteReader();

            if (mdr.Read())
            {
                txtidpacient.Text = mdr.GetString("id_pacient");
                txtnompacient.Text = mdr.GetString("nom_pacient");
                txtedapacient.Text = mdr.GetInt32("ed_pacient").ToString();
                txttelpacient.Text = mdr.GetString("tel_pacient");
                txtdirpacient.Text = mdr.GetString("dir_pacient");
                txtciudpacient.Text = mdr.GetString("ciud_pacient");
            }
            else
            {
                MessageBox.Show("No existen datos para esta ID");
            }
            conectar.Close();
             txtbuscarnom.Clear();
        }

        private void btnbuscardoct_Click(object sender, EventArgs e)
        {
            conectar.Open();

            string selectQuery = "select * from medico where id_doct=" + int.Parse(txtbuscardoct.Text);
            comando = new MySqlCommand(selectQuery, conectar);
            mdr = comando.ExecuteReader();

            if (mdr.Read())
            {
                txtiddoct.Text = mdr.GetString("id_doct");
                txtnomdoct.Text = mdr.GetString("nom_doct");
                txtespecdoct.Text = mdr.GetString ("espec_doct");

            }
            else
            {
                MessageBox.Show("No existen datos para esta ID");
            }
            conectar.Close();
            txtbuscardoct.Clear();
        }

        private void txtbuscarnom_TextChanged(object sender, EventArgs e)
        {

        }

        private void btnguardar_Click(object sender, EventArgs e)
        {
            try
            {
                conectar.Open();
                MySqlCommand comando = new MySqlCommand("insert into cita values('" + txtidpacient.Text + "','" + txtnompacient.Text + "','" + txtedapacient.Text + "','" + txttelpacient.Text + "','" + txtdirpacient.Text + "','" + txtciudpacient.Text + "','" + dateTimefecha.Text + "','" + txtprecpacient.Text + "','" + txtiddoct.Text + "','" + txtnomdoct.Text + "','" + txtespecdoct.Text + "',)", conectar);
                comando.ExecuteReader();

                MessageBox.Show("Registro guardado con exito");
            }
            catch (Exception error)
            {
                MessageBox.Show("Error.." + error.Message);
            }
                conectar.Close();
                txtidpacient.Clear();
                txtnompacient.Clear();
                txtedapacient.Clear();
                txttelpacient.Clear();
                txtdirpacient.Clear();
                txtciudpacient.Clear();
                txtprecpacient.Clear();
                txtiddoct.Clear();
                txtnomdoct.Clear();
                txtespecdoct.Clear();
                txtbuscarnom.Clear();
                txtbuscardoct.Clear();

            }
    }
}

mysql c#

asked by Nataliel 14.08.2017 в 23:18

source

2 answers

Change cursor image Problem with navbar collapse

score 2 · Answer 1

firstly avoid inserting the values directly, send them as parameters in order to avoid code injection, secondly the structure of the insert instruction is wrong, you must specify the fields and thirdly use an "executeNonQuery" instead of the "executeReader"

Here is an example of code for something similar

comando.Parameters.Clear();
comando.Parameters.AddWithValue("@campo1", campo1);
comando.Parameters.AddWithValue("@campo2", campo2);
comando.Parameters.AddWithValue("@campo3", campo3);
comando.CommandText = "insert into tabla (campo1,campo2,campo3) values ("@campo1,@campo2,@campo3)";
comando.ExecuteNonQuery();

score 0 · Answer 2

I think your error is in the Insert because you are telling it what values to insert in an appointment but you are not specifying where you are going to save it, the code that I enclose is one of a BD that I have in which I save the textbox in the tool table and in its corresponding part.

                Connet.Open();
                SqlCommand insert = new SqlCommand("Insert into Tools(ID_Tool,Station,Model,Operation,Dynamic_T,Dynamic_T2,Dynamic_T3,Estatic_T,Category,Generation,Tool_Type,Service_Kit,Protective_Cover,Cover_Socket,Controller,Version,IP_Adress,Tool_Name,ToolsNet,Active_in_Net,Nodo,Stack_Light,Brand,No_Replacement_Tool,Husillos,Tool_Range,No_Tool_series,Calibration_Pattern,Tool_Description,Calibration_Frequency,Master_Transducer,Add_Reason,Reason_Leaving,Last_Certification,Next_Certification,Responsable_Certification,instructions,No_Review,Date_Review,Date_Issue,Date,Area_Responsable,Operator,Area,Turn,week,month,Precision,Monitoring,Tool_Calibration_last_Date,Tool_Calibration_Next_Date,Torquimetro_Check_Time,Torquimetro) Values('" + txtidtool.Text + "','" + txtstation.Text + "','" + txtmodel.Text + "','" + txtoperation.Text + "','" + txtTdynamic.Text + "','" + txtTdynamic2.Text + "','" + txtTdynamic3.Text + "','" + txtTstatic.Text + "','" + txtcategory.Text + "','" + txtgeneration.Text + "','" + txttyp.Text + "','" + txtkitservice.Text + "','" + txtprotective.Text + "','" + txtcoversocket.Text + "','" + txtcontroller.Text + "','" + txtvertion.Text + "','" + txtip.Text + "','" + txttoolname.Text + "','" + txttoolsnet.Text + "','" + txtnet.Text + "','" + txtnodo.Text + "','" + txtstack.Text + "','" + txtbrand.Text + "','" + txtnotoolsreplacement.Text + "','" + txthusillo.Text + "','" + txttoolrank.Text + "','" + txtserialtool.Text + "','" + txtcalibration2.Text + "','" + txtobservation.Text + "','" + txtfrecuency.Text + "','" + txtmaster.Text + "','" + txtregister.Text + "','" + txtregister2.Text + "','" + txtlastcertification.Text + "','" + txtnextcertification.Text + "','" + txtcertificationresponsable.Text + "','" + txtinstruction.Text + "','" + txtnoreview.Text + "','" + txtreview2.Text + "','" + txtemission.Text + "','" + txtdate1.Text + "','" + txtresponsable.Text + "','" + txtoperator.Text + "','" + txtarea.Text + "','" + txtturn.Text + "','" + txtweek.Text + "','" + txtmonth.Text + "','" + txtprecision.Text + "','" + txtmonitoreo.Text + "','" + txtlastdatecalibration.Text + "','" + txtnextdatecalibration.Text + "','" + txttorquimetrochecktime.Text + "','" + txttorquimetro.Text + "');", Connet);
                insert.ExecuteNonQuery();
                Connet.Close();