none
Message=SQL logic error or missing database near "=": syntax error RRS feed

  • Question

  •     
                SQLiteCommand command = new SQLiteCommand(connection);
                command.CommandText = "UPDATE glasba SET Naslov ='" + textBox1.Text+"', Izvajalec = '"+textBox2.Text+"', Zanr ='"+textBox3.Text+"', Ocena ='"+textBox4.Text+"') WHERE (Naslov = '" + imes + "') AND (Izvajalec = '" + imea + "') ";
                connection.Open();
                command.ExecuteNonQuery();
                connection.Close();
                this.Hide();

    System.Data.SQLite.SQLiteException
      HResult=0x80004005
      Message=SQL logic error or missing database
    near "=": syntax error

    I dont know what to do, this error getting up even though i tried adding parameters and so on...

    Monday, March 25, 2019 11:12 AM

Answers

  • Hi

    Thank you for posting here.

    According to your description, you want to solve the error that ’ System.Data.SQLite.SQLiteException’.

    You could try the following code.

                SQLiteConnection connection = new SQLiteConnection(@"Data Source = MyDatabase.sqlite");
                connection.Open();
                string sql = String.Format("UPDATE glasba SET naslov ='{0}', izvajalec='{1}',zanr='{2}',ocena='{3}' ,review='{4}' WHERE naslov = 'test1' and izvajalec='test2'",textBox1.Text,textBox2.Text,textBox3.Text,textBox4.Text,textBox5.Text);
                SQLiteCommand command = new SQLiteCommand(sql,connection);
                command.ExecuteNonQuery();
                connection.Close();
    
    

    Result:

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Proposed as answer by Cherkaoui.Mouad Tuesday, March 26, 2019 5:14 PM
    • Unproposed as answer by Cherkaoui.Mouad Tuesday, March 26, 2019 5:15 PM
    • Marked as answer by Twinkiiee Wednesday, April 3, 2019 2:43 PM
    Tuesday, March 26, 2019 8:18 AM
    Moderator

All replies

  • Hello,

    Please consider using parameters (you seem to have said you tried them but not in the code above)

    command.Parameters.AddWithValue works 99.99 percent of them time while the remainder use

    command.Parameters.Add( new parameter object specifying the type.

    Using string concatenation is bad in many ways starting with things like unescaped values generally strings, secondly its unsecure.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Monday, March 25, 2019 11:21 AM
    Moderator
  • There is still the same problem... 
    SQLiteCommand command = new SQLiteCommand(connection);
                command.CommandText = "UPDATE glasba SET (Naslov = @naslov, Izvajalec = @izvajalec, Zanr = @zanr, Ocena = @ocena, Review = @review)WHERE (Naslov = '" + imes + "') AND (Izvajalec = '" + imea + "') ";
                command.Parameters.AddWithValue("@naslov", textBox1.Text);
                command.Parameters.AddWithValue("@izvajalec", textBox2.Text);
                command.Parameters.AddWithValue("@zanr", textBox3.Text);
                command.Parameters.AddWithValue("@ocena", textBox4.Text);
                command.Parameters.AddWithValue("@review", textBox5.Text);
                connection.Open();
                command.ExecuteNonQuery();
                connection.Close();
                this.Hide();

    Monday, March 25, 2019 11:37 AM
  • You're not using parameters for everything so you can run into runtime query errors in addition to SQL injection attacks.

    UPDATE glasba SET Naslov = @naslov, Izvajalec = @izvajalec, Zanr = @zanr, Ocena = @ocena, Review = @review WHERE Naslov = @imes AND Izvajalec = @imea 
    Add parameters for `@imes` and `@imea`. Also notice I removed the parens in your query.


    Michael Taylor http://www.michaeltaylorp3.net

    Monday, March 25, 2019 2:25 PM
    Moderator
  • Hi

    Thank you for posting here.

    According to your description, you want to solve the error that ’ System.Data.SQLite.SQLiteException’.

    You could try the following code.

                SQLiteConnection connection = new SQLiteConnection(@"Data Source = MyDatabase.sqlite");
                connection.Open();
                string sql = String.Format("UPDATE glasba SET naslov ='{0}', izvajalec='{1}',zanr='{2}',ocena='{3}' ,review='{4}' WHERE naslov = 'test1' and izvajalec='test2'",textBox1.Text,textBox2.Text,textBox3.Text,textBox4.Text,textBox5.Text);
                SQLiteCommand command = new SQLiteCommand(sql,connection);
                command.ExecuteNonQuery();
                connection.Close();
    
    

    Result:

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Proposed as answer by Cherkaoui.Mouad Tuesday, March 26, 2019 5:14 PM
    • Unproposed as answer by Cherkaoui.Mouad Tuesday, March 26, 2019 5:15 PM
    • Marked as answer by Twinkiiee Wednesday, April 3, 2019 2:43 PM
    Tuesday, March 26, 2019 8:18 AM
    Moderator
  • Hello,

    you can use parameters for all of your parameters, do so with the two parameters for the where clause, the origin of the exception should be there: 

    SQLiteCommand command = new SQLiteCommand(connection);
    command.CommandText = "UPDATE glasba SET (Naslov = @naslov, Izvajalec = @izvajalec, Zanr = @zanr, Ocena = @ocena, Review = @review)WHERE (Naslov = @ines) AND (Izvajalec = @imea) ";
    command.Parameters.AddWithValue("@naslov", textBox1.Text);
    command.Parameters.AddWithValue("@izvajalec", textBox2.Text);
    command.Parameters.AddWithValue("@zanr", textBox3.Text);
    command.Parameters.AddWithValue("@ocena", textBox4.Text);
    command.Parameters.AddWithValue("@review", textBox5.Text);
    
    command.Parameters.AddWithValue("@ines", ines);
    command.Parameters.AddWithValue("@imea", imea);
    connection.Open();
    command.ExecuteNonQuery();
    connection.Close();
    this.Hide();
    also, consider validating textboxes text before using their values on the query.

    Good Coding;

    Tuesday, March 26, 2019 5:13 PM
  • The suggestions to switch to parameters are exactly the right answer, but the answer to your immediate problem is that you have an extra and unnecessary closed parenthesis ) just before the WHERE.

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Tuesday, March 26, 2019 9:35 PM
  • Hi

    Is your problem solved? If so, please post "Mark as answer" to the appropriate answer, so that it will help other members to find the solution quickly if they face a similar issue.

    Best Regards,

    Jack

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, March 27, 2019 1:18 AM
    Moderator