none
Getting Errors with INSERT INTO RRS feed

  • Question

  • Hello, I have made some strings, and try to insert the data in to the database, however I get execptions:

    This is my query:

    using System.Data.OleDB;
    string idstr = "anything";
    cmd.CommandText = "insert into AuthKeys (AuthKey, User_Assign, locatedAt) values("+AuthKey +", "+ idstr + ", 'Dashboard')";

    What is going wrong here?

    Thanks in advance!


    Hugo Woesthuis


    • Edited by HugoDev2002 Wednesday, April 13, 2016 7:55 AM
    • Moved by Bob Beauchemin Thursday, April 14, 2016 7:01 PM Moved to forum for ADO.NET client for easier reference
    Monday, April 11, 2016 6:03 PM

Answers

  • This should be:
    cmd.CommandText = "insert into AuthKeys (AuthKey, User_Assign, locatedAt) values(@AuthKey, @idstr, 'Dashboard')";
    cmd.Parameters.Add("@AuthKey", OleDbTypes.<sometype>).Value = AuthKey;
    cmd.Parameters.Add("@idstr", OleDbTypes.<sometype>).Value = idstr;

    Never - and I mean NEVER - inject user input to the SQL string. That opens your application for SQL injection.

    Monday, April 11, 2016 9:32 PM

All replies

  • Hello Hugo,

    Which exact error message are you getting (we can't guess it)?


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Monday, April 11, 2016 6:15 PM
  • "Some of the parameters/information are missing", but I have all the parameters

    Hugo Woesthuis

    Monday, April 11, 2016 6:28 PM
  • Which is the effective CommandText, after the variable are concated to the string?

    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Monday, April 11, 2016 7:51 PM
  • This should be:
    cmd.CommandText = "insert into AuthKeys (AuthKey, User_Assign, locatedAt) values(@AuthKey, @idstr, 'Dashboard')";
    cmd.Parameters.Add("@AuthKey", OleDbTypes.<sometype>).Value = AuthKey;
    cmd.Parameters.Add("@idstr", OleDbTypes.<sometype>).Value = idstr;

    Never - and I mean NEVER - inject user input to the SQL string. That opens your application for SQL injection.

    Monday, April 11, 2016 9:32 PM
  • Thanks, it helped


    Hugo Woesthuis

    Saturday, April 16, 2016 10:29 AM