Syntax error near 'text'

[happyteddybearwithnobeard]

This is the code, I got 0 errors, warnings or anything in visual studio 2010 but get this error: syntax error near 'text'

 

public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            SqlConnection con=new SqlConnection("Data Source=380-KOMPUTER\\SQLEXPRESS;Initial Catalog=Klienci;Integrated Security=True");
            con.Open();
            SqlCommand sc=new SqlCommand("insert into TabelaKlienci values('"+txtName+"','"+txtAdres+"','"+txtMiasto+"','"+txtKodpocztowy+"','"+txtWiek+"',"+txtTelefon+");",con);
            int o = sc.ExecuteNonQuery(); "HERE I GET THE ERROR"
            MessageBox.Show(o+":Klient został zapisany");
            con.Close();
        }
        public static void main(string[] args)
        {
            Application.Run(new Form1());

[Mr_KoKa]

It may be error from SQL server, to debug this I would try to print your query after it being concatenated with all those variables, maybe you will see something unusual there.

 

Don't you forgot about columns in your INSERT INTO query? like:

INSERT INTO TableaKlienci (imienazwisko, adres, miasto, kodpocztowy, wiek, telefon) VALUES ('Jan Kowalski', 'Szeroka 8a', 'Warszawa', '12-345', 35, 123456789);

BTW: use code tag to paste code, so it will look nice, like above : )

[madknight3]

Sounds like you have an error with your SQL statement. Make sure the string that's created is a valid query. You should be able to set a breakpoint and view the query string after it's assembled. 

 

I also recommend parameterizing your queries to protect against SQL Injection and to have to worry less about the format of your values (don't have to manually deal with quotes and stuff).

SqlCommand sc=new SqlCommand("insert into TabelaKlienci values(@Column1,@Column2,@Column3,@Column4,@Column5,@Column6)",con);

// If you want to explicitly declare the data type
sc.Parameters.Add("@Column1", SqlDbType.VarChar).Value = variableForColumn1;
sc.Parameters.Add("@Column2", SqlDbType.Int).Value = variableForColumn2;
//etc

// or if you don't
sc.Parameters.AddWithValue("@Column1", variableForColumn1);
sc.Parameters.AddWithValue("@Column2", variableForColumn2);
// etc

// You can name the parameters anything you like, I just used @Column1, etc because I don't know what your columns are named

 

Just now, Mr_KoKa said:

Don't you forgot about columns in your INSERT INTO query?

They are optional, although I think it's a better practice to use them.

[happyteddybearwithnobeard]

1 minute ago, madknight3 said:

Sounds like you have an error with your SQL statement. Make sure the string that's created is a valid query. You should be able to set a breakpoint and view the query string after it's assembled. 

 

I also recommend parameterizing your queries to protect against SQL Injection and to have to worry less about the format of your values (don't have to manually deal with quotes and stuff).

SqlCommand sc=new SqlCommand("insert into TabelaKlienci values(@Column1,@Column2,@Column3,@Column4,@Column5,@Column6)",con);

// If you want to explicitly declare the data type
sc.Parameters.Add("@Column1", SqlDbType.VarChar).Value = variableForColumn1;
sc.Parameters.Add("@Column2", SqlDbType.Int).Value = variableForColumn2;
//etc

// or if you don't
sc.Parameters.AddWithValue("@Column1", variableForColumn1);
sc.Parameters.AddWithValue("@Column2", variableForColumn2);
// etc

// You can name the parameters anything you like, I just used @Column1, etc because I don't know what your columns are named

 

They are optional, although I think it's a better practice to use them.

Problem solved. Thank you.