Home/ Questions/Q 7604851
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T00:00:58+00:00

I’m getting a syntax error that I don’t seem to find an answer to

  • 0

I’m getting a syntax error that I don’t seem to find an answer to and I was hoping that someone would be able to see what I am missing.

I am trying to add data in a database by using the following code but it throws a Syntax error message and I don’t really see why.

This is my code:

 // Get data from textboxes.
    string last = txtLastName.Text;
    string first = txtFirstName.Text;
    string gender = txtGender.Text;
    string email = txtEmail.Text;
       int age = int.Parse(txtAge.Text);
    string pref = "";    
    // Compose SQL command string.
    string sql = "INSERT INTO Applicant VALUES"  + 
        "('" + first + "', '" + last +
        "', '" + gender + "', '" + age + "', " + email + ");";

And this is the Error message

Syntax error (missing operator) in query expression 'email.example@email.com'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Data.OleDb.OleDbException: Syntax error (missing operator) in query expression 'email.example@email.com'.

Source Error: 


Line 50:     // Create command object and execute insert statement.
Line 51:     OleDbCommand command = new OleDbCommand(sql, c);
Line 52:     command.ExecuteNonQuery();
Line 53:         
Line 54:     // Close connection.

Source File: d:\DePaul\Winter 2012\IT 330\Projects\Proj5-Nicolaides\Proj5-Nicolaides\application-form.aspx    Line: 52 

Stack Trace: 


[OleDbException (0x80040e14): Syntax error (missing operator) in query expression 'email.example@email.com'.]
   System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) +992124
   System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) +255
   System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) +188
   System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) +58
   System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) +161
   System.Data.OleDb.OleDbCommand.ExecuteNonQuery() +113
   ASP.application_form_aspx.btnSubmit_Click(Object sender, EventArgs e) in d:\DePaul\Winter 2012\IT 330\Projects\Proj5-Nicolaides\Proj5-Nicolaides\application-form.aspx:52
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +110
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565

Version Information: Microsoft .NET Framework Version:2.0.50727.5448; ASP.NET Version:2.0.50727.5456
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your immediate problem is that you need to enclose your last value in single quotes:

    string sql = "INSERT INTO Applicant VALUES"  + 
    "('" + first + "', '" + last +
    "', '" + gender + "', '" + age + "', '" + email + "');";

    Your LARGER problem is that you are vulnerable to SQL Injection by not using parameterized queries. This would be prudent:

    string sql = @"insert into application
    values(@first, @last, @gender, @age, @email)";
command.Parameters.AddWithValue("@first", first);
command.Parameters.AddWithValue("@last", last);
command.Parameters.AddWithValue("@gender", gender);
command.Parameters.AddWithValue("@age", age);
command.Parameters.AddWithValue("@email", email);
    • 0