Invalid column name sql error

Question

I am trying to enter data into my database  but it is giving me the following error      Invalid column name   Here s my code   string connectionString    Persist Security Info False User ID sa Password 123 Initial Catalog AddressBook Server Bilal-PC    using  SqlConnection connection   new SqlConnection connectionString       SqlCommand cmd   new SqlCommand       cmd CommandText    INSERT INTO Data  Name PhoneNo Address  VALUES      txtName Text         txtPhone Text         txtAddress Text           cmd CommandType   CommandType Text    cmd Connection   connection     connection Open      cmd ExecuteNonQuery

User · Answer

Change this line   cmd CommandText    INSERT INTO Data  Name PhoneNo Address  VALUES      txtName Text         txtPhone Text         txtAddress Text           to this   cmd CommandText    INSERT INTO Data  Name PhoneNo Address  VALUES       txtName Text           txtPhone Text           txtAddress Text            Your insert command is expecting text  and you need single quotes     between the actual value so SQL can understand it as text   EDIT  For those of you who aren t happy with this answer  I would like to point out that there is an issue with this code in regards to SQL Injection  When I answered this question I only considered the question in point which was the missing single-quote on his code and I pointed out how to fix it  A much better answer has been posted by Adam  and I voted for it   where he explains the issues with injection and shows a way to prevent  Now relax and be happy guys

User · Answer

You should never write code that concatenates SQL and parameters as string - this opens up your code to SQL injection which is a really serious security problem   Use bind params - for a nice howto see here

User · Answer

Code To insert Data in Access Db  using c  Code - using System  using System Collections Generic  using System ComponentModel  using System Data  using System Data SqlClient  using System Drawing  using System Linq  using System Text  using System Windows Forms   namespace access db csharp   public partial class Form1   Form       public Form1                 InitializeComponent             public SqlConnection con   new SqlConnection   quot Place Your connection string quot                            private void Savebutton Click object sender  EventArgs e                 SqlCommand cmd   new SqlCommand  quot insert into  Data  Name PhoneNo Address  values  parameter1  parameter2  parameter3  quot  con                   cmd Parameters AddWithValue  quot  parameter1 quot    textBox1 Text                    cmd Parameters AddWithValue  quot  parameter2 quot   textBox2 Text                   cmd Parameters AddWithValue  quot  parameter3 quot    textBox4 Text                    cmd ExecuteNonQuery                            private void Form1 Load object sender  EventArgs e                con ConnectionString   connectionstring          con Open

User · Answer

You probably need quotes around those string fields  but  you should be using parameterized queries   cmd CommandText    INSERT INTO Data   Name  PhoneNo Address  VALUES   name   phone   address    cmd CommandType   CommandType Text  cmd Parameters AddWithValue   name   txtName Text   cmd Parameters AddWithValue   phone   txtPhone Text   cmd Parameters AddWithValue   address   txtAddress Text   cmd Connection   connection    Incidentally  your original query could have been fixed like this  note the single quotes     VALUES       txtName Text           txtPhone Text           txtAddress Text            but this would have made it vulnerable to SQL Injection attacks since a user could type in      drop table users  --    into one of your textboxes   Or  more mundanely  poor Daniel O Reilly would break your query every time

User · Answer

using System  using System Collections Generic  using System Linq  using System Text  using System Threading Tasks  using System Windows  using System Windows Controls  using System Windows Data  using System Windows Documents  using System Windows Input  using System Windows Media  using System Windows Media Imaging  using System Windows Navigation  using System Windows Shapes  using System Data SqlClient  using System Data   namespace WpfApplication1            lt summary gt          Interaction logic for MainWindow xaml          lt  summary gt      public partial class MainWindow   Window               public MainWindow                         InitializeComponent                       private void btnAdd Click object sender  RoutedEventArgs e                        SqlConnection conn   new SqlConnection   Data Source WKS09 SQLEXPRESS Initial Catalog   StudentManagementSystem Integrated Security True                SqlCommand insert   new SqlCommand  insert into dbo StudentRegistration ID  Name Age DateOfBirth Email Comment  values  ID   Name  Age  DateOfBirth  mail  comment    conn               insert Parameters AddWithValue   ID   textBox1 Text               insert Parameters AddWithValue   Name   textBox2 Text               insert Parameters AddWithValue   Age   textBox3 Text               insert Parameters AddWithValue   DateOfBirth   textBox4 Text               insert Parameters AddWithValue   mail   textBox5 Text               insert Parameters AddWithValue   comment   textBox6 Text                if  textBox1 Text    string Empty                                MessageBox Show  ID Cannot be Null                    return                            else if  textBox2 Text    string Empty                                MessageBox Show  Name Cannot be Null                    return                              try                               conn Open                    insert ExecuteNonQuery                    MessageBox Show  Register done                                catch  Exception ex                                MessageBox Show  Error    ex Message                   conn Close                                     private void btnRetrive Click object sender  RoutedEventArgs e                        bool temp   false              SqlConnection con   new SqlConnection  server WKS09  SQLEXPRESS database StudentManagementSystem Trusted Connection True                con Open                SqlCommand cmd   new SqlCommand  select   from dbo StudentRegistration where ID        textBox1 Text Trim          con               SqlDataReader dr   cmd ExecuteReader                while  dr Read                                  textBox2 Text   dr GetString 1                   textBox3 Text   dr GetInt32 2  ToString                     textBox4 Text   dr GetDateTime 3  ToString                    textBox5 Text   dr GetString 4                   textBox6 Text   dr GetString 5                   temp   true                            if  temp    false                  MessageBox Show  not found                con Close                       private void btnClear Click object sender  RoutedEventArgs e                        SqlConnection connection   new SqlConnection  Data Source WKS09  SQLEXPRESS Initial Catalog   StudentManagementSystem Integrated Security True                string sqlStatement    DELETE FROM dbo StudentRegistration WHERE ID    ID               try                               connection Open                    SqlCommand cmd   new SqlCommand sqlStatement  connection                   cmd Parameters AddWithValue   ID   textBox1 Text                   cmd CommandType   CommandType Text                  cmd ExecuteNonQuery                    MessageBox Show  Done                              finally                               Clear                    connection Close                                     public void Clear                         textBox1 Text                   textBox2 Text                   textBox3 Text                   textBox4 Text

User · Answer

Your issue seems to be the Name keyword  Rather use FullName or firstName and lastName  always try and remember to use CamelCase too

User · Answer

first create database name  School  than create table  students  with following columns 1  id 2  name 3  address  now open visual studio and create connection   namespace school       public partial class Form1   Form               SqlConnection scon            public Form1                          InitializeComponent                 scon   new SqlConnection  Data Source   ABC-PC  trusted connection   yes  Database   school  connection timeout   30                 create command  SqlCommand scom   new SqlCommand  insert into students  id name address  values  id  name  address    scon      pass parameters  scom Parameters Add  id   SqlDbType Int   scom Parameters  id   Value   textBox1 Text              scom Parameters Add  name   SqlDbType VarChar               scom Parameters  name   Value   this textBox2 Text               scom Parameters Add  address   SqlDbType VarChar               scom Parameters  address   Value   this textBox6 Text                scon Open                scom ExecuteNonQuery                scon Close                reset                also check solution here  http   solutions musanitech com  p 6

User · Answer

You have to use    texbox1 Text       texbox2 Text       texbox3 Text     Instead of   texbox1 Text     texbox2 Text     texbox3 Text    Notice the extra single quotes

User · Answer

You problem is that your string are unquoted  Which mean that they are interpreted by your database engine as a column name   You need to create parameters in order to pass your value to the query    cmd CommandText    INSERT INTO Data  Name  PhoneNo  Address  VALUES   Name   PhoneNo   Address      cmd Parameters AddWithValue   Name   txtName Text    cmd Parameters AddWithValue   PhoneNo   txtPhone Text    cmd Parameters AddWithValue   Address   txtAddress Text

User · Answer

con   new SqlConnection   Data Source   SQLEXPRESS AttachDbFilename C  Users Yna Maningding-Dula Documents Visual Studio 2010 Projects LuxuryHotel LuxuryHotel ClientsRecords mdf Integrated Security True User Instance True            con Open            cmd   new SqlCommand  INSERT INTO ClientData   Last Name    First Name    Middle Name   Address   Email Address    Contact Number   Nationality   Arrival Date    Check-out Date    Room Type    Daily Rate    No of Guests    No of Rooms   VALUES    Last Name     First Name     Middle Name    Address    Email Address     Contact Number    Nationality    Arrival Date     Check-out Date     Room Type     Daily Rate     No of Guests     No of Rooms    con           cmd Parameters Add    Last Name    txtLName Text           cmd Parameters Add    First Name    txtFName Text           cmd Parameters Add    Middle Name    txtMName Text           cmd Parameters Add   Address   txtAdd Text           cmd Parameters Add    Email Address    txtEmail Text           cmd Parameters Add    Contact Number    txtNumber Text           cmd Parameters Add   Nationality   txtNational Text           cmd Parameters Add    Arrival Date    txtArrive Text           cmd Parameters Add    Check-out Date    txtOut Text           cmd Parameters Add    Room Type    txtType Text           cmd Parameters Add    Daily Rate    txtRate Text           cmd Parameters Add    No of Guests    txtGuest Text           cmd Parameters Add    No of Rooms    txtRoom Text           cmd ExecuteNonQuery

User · Answer

Always try to use parametrized sql query to keep safe from malicious occurrence  so you could rearrange you code as below   Also make sure that your table has column name matches to Name  PhoneNo  Address   using  SqlConnection connection   new SqlConnection connectionString         SqlCommand cmd   new SqlCommand  INSERT INTO Data  Name  PhoneNo  Address  VALUES   Name   PhoneNo   Address         cmd CommandType   CommandType Text      cmd Connection   connection      cmd Parameters AddWithValue   Name   txtName Text       cmd Parameters AddWithValue   PhoneNo   txtPhone Text       cmd Parameters AddWithValue   Address   txtAddress Text       connection Open        cmd ExecuteNonQuery

[c#] Invalid column name sql error

Examples related to c#

Examples related to sql-server

Examples related to database