'' is not a valid name. Make sure that it does not include invalid characters or punctuation and tha

R

rote

Hello Everyone,
I'm retrieving data from Excel from my asp.net page
The WorkSheet name is StatusPasPorts.

When i remove the column [Account Reference No.] it does work fine but if i
use it i get error :
'' is not a valid name. Make sure that it does not include invalid
characters or punctuation and that it is not too long.

SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$] where
[Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by [Event
Date] ASC

Any ideas what i'm missing.

Thanks in Advance
 
H

Hans Kesting

rote explained on 23-1-2008 :
Hello Everyone,
I'm retrieving data from Excel from my asp.net page
The WorkSheet name is StatusPasPorts.

When i remove the column [Account Reference No.] it does work fine but if i
use it i get error :
'' is not a valid name. Make sure that it does not include invalid characters
or punctuation and that it is not too long.

SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$] where
[Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by [Event
Date] ASC

Any ideas what i'm missing.

Thanks in Advance
Click to expand...

I have no experience with querying excel in this way, but the
errormessage suggests that there might be an invalid character. I think
the "." in [Account Reference No.] is a candidate. Try removing it
(also from the excel file).

Some other remarks:
I take it "TextBox1" is a TextBox? Then the .Text property is already a
string, so you don't need the ".ToString()".

What if someone used a "mobile number" the string "x' OR '1'='1"?
Then your query would return everything. This is "sql injection". In
normal database queries you can use parameters to guard against that.

Hans Kesting
 
M

Mark Fitzpatrick

also, test to make sure that you're really getting a value in TextBox1.Text.
The '' usually means an empty string which, if the TextBox1 was empty, would
look exactly like ''.

When passing dynamic queries, it's often easiest to set the query to a
string variable first so you easily see what you're about to pass to the
database query. Then you could use Trace.Write (or Response.Write for the
more old-fashioned classic asp approach) to see what the actual dynamic
query contains. Checking the query passed helps you from trying to figure
out what's wrong with the query when the query could be fine, it's the data
getting passed into it that's bad or non-existant.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

The data does not correspond to valid JSON. Parameter name: data 2
vb script or asp.net problem - not sure where to begin 6
dropdownlist has a selectedvalue which is invalid because it does not exist in the list of items. 0
How do I make sure that a asp page expires immediately and is not stored in the history ??? 6
An attempt was made to reference a token that does not exist 0
The state information is invalid for this page and might be corrupted. 2
ERROR CS0234: The type or namespace name 'DataAccessHelper' does not exist in the namespace 'BCC' (a 0
enum cannot be resolved (or it is not a valid type) 4

Members online

No members online now.
Total: 62 (members: 2, guests: 60)
Robots: 460

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,710
Latest member
bernietqt

Latest Threads

Top