When I attempt to run the following the code,I got an error.What might be the problem?
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection cnn = new SqlConnection("server=.; database=YEDEK; Integrated Security=True; ");
cnn.Open();
SqlCommand cmd = cnn.CreateCommand();
cmd.CommandText = "insert Personel (Name,Surname,Tel) values ('"+txtName.Text+"','"+ txtSurname.Text+"','"+txtTel.Text+"') ";
SqlParameter p1 = new SqlParameter("txtName.Text", SqlDbType.NVarChar);
p1.Value = "txtName.Text";
cmd.Parameters.Add(p1);
SqlParameter p2 = new SqlParameter("txtSurname.Text", SqlDbType.NVarChar);
p2.Value = "txtSurname.Text";
cmd.Parameters.Add(p2);
SqlParameter p3 = new SqlParameter("txtTel.Text", SqlDbType.Char);
p3.Value = "txtTel.Text";
cmd.Parameters.Add(p3);
cmd.ExecuteNonQuery();
cnn.Close();
}
Here is my error message:
Incorrect syntax near '.'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near '.'.
Source Error:
Line 44: //cmd.Parameters.Add(p3);
Line 45:
Line 46: cmd.ExecuteNonQuery();
Line 47: //}
Line 48: //catch (SqlException ex)
Your parameters are not in the correct syntax.
A proper parameter would be like so:
It looks like you are trying to directly insert the values from your controls into the parameter. In this situation you would do this:
The parameter names should match your stored procedure definition.