0 
     sqlStatement = "select Price from OrderItem where orderId=" + orderId;
            myAccessCommand = new OleDbCommand(sqlStatement, myAccessConn);
            myDataAdapter = new OleDbDataAdapter(myAccessCommand);
            myDataAdapter.Fill(myDataSet, "OrderItem");`DataTableCollection dta = myDataSet.Tables;
            DataColumnCollection drc = myDataSet.Tables["Orders"].Columns;
            DataRowCollection dra = myDataSet.Tables["Orders"].Rows;

            foreach (DataRow dr in dra)
            {
                orderId= dr[0].ToString();
                Checkintime= dr[1].ToString();
                RoomPrice= dr[2].ToString();
                ReceiptNo= dr[3].ToString();
                Console.WriteLine("orderId: " + orderId + ", Checkintime:  " + Checkintime + ", RoomPrice: " + RoomPrice + ", ReceiptNo: " + ReceiptNo + "");

            }`

I have a syntax error which says "Syntax error (missing operator) in query expression 'orderId='."}

I cant seem to find the error.

Improve this question
3
  • What is the type of orderId column? Commented Aug 3, 2015 at 18:48
  • Use parameters in your query Commented Aug 3, 2015 at 18:50
  • Don't try to fix it by doing orderId.ToString(). You really do need a parameterized query. Commented Aug 3, 2015 at 18:59

1 Answer 1

Reset to default
1

The root cause of your problem is that you are not using parameterized queries and are trying to create an sql string on the fly. As a result you make an error in the assembling code of that string. But if you use a parameterized query the chance of running into an issue like that is a lot lower because you don't have to mess about with quotes, number to string conversions and the like. On top of this, you cannot have a sql injection attack if you use parameters and it makes the code more readable too.

Read http://www.dotnetperls.com/sqlparameter on how to use a parameterized query the way it should be done and don't just fix the textual error in the querystring. It is not the way it is supposed to be done.

This is a good explanation too : http://www.dreamincode.net/forums/topic/268104-parameterizing-your-sql-queries-the-right-way-to-query-a-database/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.