Home/ Questions/Q 3495732
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T12:09:45+00:00

I had Registration form and I had in this form text box for username

  • 0

I had Registration form and I had in this form text box for username ,and when I test the web form I added this user in text box user name (Kaz’em) and I had this error

(Incorrect syntax near ’em’.
Unclosed quotation mark after the character string ”.)

public bool RegisteredUser()
{
    bool Return = false;
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ElarabyGroup"].ConnectionString);
    SqlCommand cmd = new SqlCommand("Select Count(UserName) From [Registeration] Where [Registeration].UserName = '" + RegisteredUserName + "'", con);
    con.Open();
    if (int.Parse(cmd.ExecuteScalar().ToString()) > 0)
        Return = true;
    con.Close();
    return Return;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    That’s because you’re including user-provided data directly in your SQL.

    Don’t do that.

    Use a parameterized query instead, setting the value from the text box as one of the parameter values instead. That way you keep the “data” part of your query away from the “code” part of your query.

    You’re lucky that it was just a syntax error here, instead of little Bobby tables

    • 0