Below is the code I am working with to try to insert data into my 'ArticlesTBL' table. I also want to upload an image file to my computer.
I am getting an error reading: Incorrect syntax near 'UploadedUserFiles'.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Data;
using System.Data.SqlClient;
using System.Web.Configuration;
public partial class _CopyOfSubmitArticle : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void uploadbutton_Click(object sender, EventArgs e)
{
string UpPath = Server.MapPath("~/UploadedUserFiles");
int imgSize = FileUpload1.PostedFile.ContentLength;
string imgName = FileUpload1.FileName;
string imgPath = "UploadedUserFiles/" + imgName;
if (FileUpload1.PostedFile.ContentLength > 1000000)
{
Page.ClientScript.RegisterClientScriptBlock(typeof(Page), "Alert", "alert('File is too big')", true);
}
else
{
FileUpload1.SaveAs(Server.MapPath(imgPath));
myinfo.Text = "file" + imgPath + "uploaded.";
}
String connectionString = WebConfigurationManager.ConnectionStrings["ConnectAntiFrack"].ConnectionString;
SqlConnection myConnection = new SqlConnection(connectionString);
myConnection.Open();
string ArticleImg = "UploadedUserFiles/" + FileUpload1.FileName;
string ArticleTitle = ArticleTitleTextBox.Text;
string ArticleContent = ArticleContentTextBox.Text;
string ArticleType = ArticleTypeDropdown.Text.ToString();
string ArticleAuthor = ArticleAuthorTextBox.Text.ToString();
string ArticleBrief = ArticleBriefTextBox.Text;
string ArticleDateTime = DateTime.Now.ToShortTimeString();
string query = "INSERT INTO ArticlesTBL (ArticleTitle, ArticleContent, ArticleType, ArticleImg, ArticleBrief, ArticleDateTime, ArticleAuthor, ArticlePublished, ArticleHomeDisplay, ArticleViews) VALUES (" + ArticleTitle +", " + ArticleContent +", "+ ArticleType +" " + ArticleImg +", "+ ArticleBrief +"," + ArticleDateTime + ", "+ ArticleAuthor +",'False', 'False', '0')";
SqlCommand myCommand = new SqlCommand(query, myConnection);
myCommand.ExecuteNonQuery();
// myinfo.Text = "connection to db is made";
myConnection.Close();
}
If you want to add data to your SQL table, then you can use the INSERT statement. Here is the basic syntax for adding rows to your SQL table: INSERT INTO table_name (column1, column2, column3,etc) VALUES (value1, value2, value3, etc); The second line of code is where you will add the values for the rows.
Simple INSERT statement to add data to the table. Use INSERT Statement to add multiple rows in the table. INSERT INTO SELECT clause to insert the output generated by the SELECT query. INSERT IGNORE clause to ignore the error generated during the execution of the query.
INSERT INTO Syntax 1. Specify both the column names and the values to be inserted: INSERT INTO table_name (column1, column2, column3, ...)
Populate one table using another table. You can populate the data into a table through the select statement over another table; provided the other table has a set of fields, which are required to populate the first table.
You should use parameters in your query to prevent attacks, like if someone entered '); drop table ArticlesTBL;--'
as one of the values.
string query = "INSERT INTO ArticlesTBL (ArticleTitle, ArticleContent, ArticleType, ArticleImg, ArticleBrief, ArticleDateTime, ArticleAuthor, ArticlePublished, ArticleHomeDisplay, ArticleViews)";
query += " VALUES (@ArticleTitle, @ArticleContent, @ArticleType, @ArticleImg, @ArticleBrief, @ArticleDateTime, @ArticleAuthor, @ArticlePublished, @ArticleHomeDisplay, @ArticleViews)";
SqlCommand myCommand = new SqlCommand(query, myConnection);
myCommand.Parameters.AddWithValue("@ArticleTitle", ArticleTitleTextBox.Text);
myCommand.Parameters.AddWithValue("@ArticleContent", ArticleContentTextBox.Text);
// ... other parameters
myCommand.ExecuteNonQuery();
(xkcd)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With