Home/ Questions/Q 8577615
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T20:11:59+00:00

I am getting logs in the event viewer after each insert. The data gets

  • 0

I am getting logs in the event viewer after each insert.
The data gets inserted, but since it is flooding the event viewer after some time services wont start until I have cleaned the logs.

Here is what i get in the logs:

XY.Archive.SQLClassLibrary.DalException: Problem accessing database. ---> System.Data.SqlClient.SqlException: Incorrect syntax near '_3'.
Unclosed quotation mark after the character string ',308387,null)'.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteScalar()
   at XY.Archive.SQLClassLibrary.SQLDataAccessLogic.ExecuteCommand(String sqlString)
   --- End of inner exception stack trace ---
   at XY.Archive.SQLClassLibrary.SQLDataAccessLogic.ExecuteCommand(String sqlString)
   at XY.Archive.ServerEngine.Server.InsertDocumentIntoDatabase(Document documentOriginal, Int32 archiveID, String tableName)
Sql string: INSERT INTO table (columns) values (bunch of values) select @@Identity

This is how the insert statement is created:

Public Shared Function CreateStringForInsertDocument(ByVal tableName As String, ByVal document As Document, ByVal strArchiveTime As String, ByVal indexFieldNames As String, ByVal indexFieldValues As String) As String
    Dim strInsert As String = "INSERT INTO " & tableName & " (GUID, ContainerID, DocumentStatusID, ArchiveTime, " & indexFieldNames & ") values ('" & document.GUID & "' ," & document.Container.ContainerID & "," & document.DocumentStatusID & ",'" & strArchiveTime & "'," & indexFieldValues & ") select @@Identity"
    Return strInsert
End Function

Does somebody know what could cause the problem?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes. The cause is you not using parameterised queries. Read up on them with careful attention to the phrase “SQL Injection”

    • 0