0

When I run the below query, I get syntax error in query expression.

private void button8_Click(object sender, EventArgs e)
{
    connection.Open();
    OleDbCommand command = new OleDbCommand();
    command.Connection = connection;
    string query1 = "UPDATE Points SET PNTS = 
                    (case when EmpName = '" + comboBox1.Text + 
                    "' then  '" + label15.Text + "' when EmpName = '" +
                    comboBox2.Text + "' then '" + label16.Text + 
                    "' when EmpName = '" + comboBox3.Text + "' then '" +
                    label17.Text + "' end) WHERE EmpName in ('" +
                    comboBox1.Text + "', '" + comboBox2.Text + "', '" +
                    comboBox3.Text + "')";

    command.CommandText = query1;
    command.ExecuteNonQuery();
    connection.Close();
}

The error is:

Syntax error (missing operator) in query expression '(case when EmpName = 'Sam' then '5.6' when EmpName = 'shane' then '1.6' when EmpName = 'Mike' then '0.8' end)'.

Improve this question
3
  • 3
    your code make a big error to SQL-injection. Commented May 29, 2015 at 16:10
  • 2
    What database is this trying to update? It definitely doesn't look like the SQL for Case/When in SQL Server. (I'd strongly suggest building parameterized SQL instead of constructing the SQL using the input directly, too...) Commented May 29, 2015 at 16:10
  • 6
    Your code is extremely vulnerable to SQL injection attacks. For the sake of your users, please use parameterized queries. Commented May 29, 2015 at 16:10

2 Answers 2

Reset to default
1

You have a syntax error in your sql (ms Access does not feature case expressions). Rewrite the source line as follows:

string query1 =
      "UPDATE Points SET PNTS = "
    + "SWITCH ("
        + "  EmpName = '" + comboBox1.Text + "', '" + label15.Text + "'"
        + ", EmpName = '" + comboBox2.Text + "', '" + label16.Text + "'"
        + ", EmpName = '" + comboBox3.Text + "', '" + label17.Text + "'"
        + ", true, ''"
    + ")"
    + " WHERE EmpName in ('" + comboBox1.Text + "', '" + comboBox2.Text + "', '" + comboBox3.Text + "')"
;

To counter the risk of sql injection, consider to use parametrized sql as some commentors have suggested:

OleDbParameter parameter;

// The n-th generic placeholder in the sql string will be set to the n-th registered Parameter Value.
// '12' represents the data size, adjustment may be needed ( can possibly be dropped altogether ) 
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = comboBox1.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = label15.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = comboBox2.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = label16.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = comboBox3.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = label17.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = comboBox1.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = comboBox2.Text;
parameter = command.Parameters.Add("@InputParm", OleDbType.VarChar, 12);
parameter.Value = comboBox3.Text;

string query1 =
      "UPDATE Points SET PNTS = "
    + "SWITCH ("
        + "  EmpName = ?, ?"
        + "  EmpName = ?, ?"
        + "  EmpName = ?, ?"
        + ", true, ''"
    + ")"
    + " WHERE EmpName in (?, ?, ?)"
;

Caveat

Code untested, derived from the docs.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

How can I add label15.Text,label16.Text and label17.Text values to current database value and count total?
0

(case when EmpName = 'Sam' then '5.6'.....)

You dont have to use quotation for the numerical value. Is "PNTS" in the database a string ? If not try removing the quotation for those values.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.