Update textbox value into sql

Question

Hi..When im trying to update the textbox values into db.It throws me an exception "Invalid syntax near (value of the txtkey.text)" Can anyone Help

SqlConnection con = new SqlConnection("server=server1;Database=testdb;User Id=dev;password=sqlad@2006");
                SqlCommand com = new SqlCommand("insert into tbl_licensing(UserName,CompanyName,EmailId,LicenseKey) values ('" + txtUserName.Text + "','" + txtCompanyName.Text + "','" + txtEmailId.Text + "','"+ txtKey.Text + "'",con);
                con.Open();
                com.ExecuteNonQuery();
                con.Close();

Answer 1

You have forgotten closing bracket ) in your query

Updated code for you :

    SqlCommand com = new SqlCommand("insert into
 tbl_licensing(UserName,CompanyName,EmailId,LicenseKey) values ('" + txtUserName.Text + "','" 
+ txtCompanyName.Text + "','" + txtEmailId.Text + "','"+ txtKey.Text + "')",con);

Answer 2

You have started this "values (" but you never closed it. Check again.

It will be good if you use parameterized query or stored procedure instead of directly writing query

You can check this article.

http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/

Answer 3

Your code is wrong in many ways. Use parameterized query and you will

• Avoid sql injection attacks
• You will not have to escape the data entered by user
• The performance of your queries will get better
• The code will be much easier to read, understand and refactor.

Answer 4

The correct way to use SqlCommand with parameters is to fill the SqlCommand's Parameters collection with parameter names and values.

See MSDN documentation.