Guid currentUserID = (Guid)Session["UserId"];
String accomid = (String)Session["AccomID"];
String schdid = (String)Session["SchdID"];
String schdprice = (String)Session["SchdPrice"];
con.Open();
cmd = new SqlCommand("insert into Transactions (Accom_ID, UserID, Schd_ID, Trans_CardNo, Trans_CardSecurity, Trans_CardName, Trans_Paid, Trans_Cost) values('" + accomid + "','" + currentUserID + "','" + schdid + "','" + txtCardNumber.Text + "','" + txtCardSecurityNumber.Text + "','" + txtName.Text + "','" + "Yes" + "','" + schdprice + "')", con);
cmd.ExecuteNonQuery();
cmd = new SqlCommand("UPDATE Schedule (Schd_Avaliable) values('" + "No" + "')", con);
cmd.ExecuteNonQuery();
I’m getting the error
Incorrect syntax near ‘(‘.
If I remove these statements:
cmd = new SqlCommand("UPDATE Schedule (Schd_Avaliable) values('" + "No" + "')", con);
cmd.ExecuteNonQuery();
I get no error. Any ideas what’s wrong?
INSERTandUPDATEsyntax in SQL is different. Your update should be like this:You’re missing any constraints from your
UPDATEstatement. Executing it the way its written currently would update every single row in your table. Also, I would recommend that you change your SQL to use prepared statements. You’re currently wide open to SQL injection attacks.A couple of other things: if you are using Yes/No values, I would recommend switching to using a bit (boolean) column. Are the “Yes” and “No” values going to be dynamic? If not, you don’t need to do this:
You can just do
And lastly, you have a spelling mistake: “Avaliable” > “Available”