problem with insert command

[Dan]

Hi,

i try to insert values into a sql server table like this (code-behind):

comm1 = Textbox1.Text
comm2=Textbox2.Text
.......

comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
values(comm1, comm2, ....)"

i get the error:
The name "field1l" is not permitted in this context. Valid expressions are
constants, constant expressions, and (in some contexts) variables. Column
names are not permitted.

Can someone give me the right syntax?
Thanks in advance.
Dan

 

[=?ISO-8859-1?Q?G=F6ran_Andersson?=]

Hi,

i try to insert values into a sql server table like this (code-behind):

comm1 = Textbox1.Text
comm2=Textbox2.Text
......

comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
values(comm1, comm2, ....)"

i get the error:
The name "field1l" is not permitted in this context. Valid expressions are
constants, constant expressions, and (in some contexts) variables. Column
names are not permitted.

Can someone give me the right syntax?
Thanks in advance.
Dan

The database is not aware of the variables that you use in your code.

Put parameters in the query, and add the values as parameter objects to
the command object.

 

[Lloyd Sheen]

Hi,

i try to insert values into a sql server table like this (code-behind):

comm1 = Textbox1.Text
comm2=Textbox2.Text
......

comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
values(comm1, comm2, ....)"

i get the error:
The name "field1l" is not permitted in this context. Valid expressions are
constants, constant expressions, and (in some contexts) variables. Column
names are not permitted.

Can someone give me the right syntax?
Thanks in advance.
Dan

Your SQL statement is in quotes so the comm1, comm2 are sent as those values
to the server which has no idea what you want to do.

Use parameters to pass the values of the fields. Something like "insert
into mytable (field1,field2) values (@field1, @field2)

Then in your code create the parameters, add them to the SQLCommand and then
execute.

Hope this gets you going in the right direction.
Lloyd Sheen

 

[Rad [Visual C# MVP]]

Hi,

i try to insert values into a sql server table like this (code-behind):

comm1 = Textbox1.Text
comm2=Textbox2.Text
......

comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
values(comm1, comm2, ....)"

i get the error:
The name "field1l" is not permitted in this context. Valid expressions are
constants, constant expressions, and (in some contexts) variables. Column
names are not permitted.

Can someone give me the right syntax?
Thanks in advance.
Dan

You need to read up on parameterized queries ... then you'll know how
to safely pass user entered variables to database queries

 

[Dan]

Of course, thanks ..

Hi,

i try to insert values into a sql server table like this (code-behind):

comm1 = Textbox1.Text
comm2=Textbox2.Text
......

comd.CommandText = "insert into [dbo].[mytable] (field1, field2,...)
values(comm1, comm2, ....)"

i get the error:
The name "field1l" is not permitted in this context. Valid expressions
are constants, constant expressions, and (in some contexts) variables.
Column names are not permitted.

Can someone give me the right syntax?
Thanks in advance.
Dan

Your SQL statement is in quotes so the comm1, comm2 are sent as those
values to the server which has no idea what you want to do.

Use parameters to pass the values of the fields. Something like "insert
into mytable (field1,field2) values (@field1, @field2)

Then in your code create the parameters, add them to the SQLCommand and
then execute.

Hope this gets you going in the right direction.
Lloyd Sheen