[Solved] Exception is System.Data.SqlClient.SqlException: Incorrect syntax near ‘9988’ [closed]

by


There must be a problem in one of your input parameters those you are directly reading from controls.

This is not recommended anyway due to SQL injection attack threat.

If you change your queries to us parameters (parameter queries), I hope this issue will be resolved.

Following is an example how to use parameters. Note that I am not using your code in example:

SqlCommand objSqlCommand = null;
strSQL = @"INSERT INTO ... (Field1, ...)
                    VALUES 
                    (@param1, ...)";
objSqlCommand = new SqlCommand(strSQL);
objSqlCommand.Parameters.Clear();
objSqlCommand.Parameters.AddWithValue("@param1", yourControl.Text);
....
....
objSqlCommand.ExecuteNonQuery();
objSqlCommand.Dispose();

You should further improve this code by including using block or proper try/catch blocks.

This way, if there is any SQL query sensitive character in your input, it will be handled correctly and issue will be resolved. This is also strongly recommended to save yourself from SQL Injection Attack.

0

solved Exception is System.Data.SqlClient.SqlException: Incorrect syntax near ‘9988’ [closed]