Sandmaann Sandmaann - 3 months ago 19
SQL Question

Parameterized Update Statement in C# - Storing RTF in database

I want to store some RTF-code as plain text in my .dbf fox-pro database, but I'm getting a "Syntax error" at the ExecuteNonQuery and I can't find the problem.

My code:

String query1 = "UPDATE tb_benu SET be_sign = @signatur WHERE be_name = @sys_benutzer";
using (OleDbConnection dbfcon = new OleDbConnection("Provider=VFPOLEDB;Data Source=" + dataFolder))
{
OleDbCommand cmd = new OleDbCommand(query1, dbfcon);
cmd.Parameters.AddWithValue("@signatur", signatur);
cmd.Parameters.AddWithValue("@sys_benutzer", sys_benutzer);

dbfcon.Open();
cmd.ExecuteNonQuery();
dbfcon.Close();
}


Why is it throwing a Syntax error? (even if I test it with normal text and not rtf)

If I use a simple sql query like this:

string query1 = "UPDATE tb_benu SET be_sign='" + signatur + "' WHERE be_name='" + sys_benutzer + "';";
OleDbCommand cmd = new OleDbCommand(query1, conn);
cmd.ExecuteNonQuery();


it works for the text content of my RichTextBox, but not for the RTF-code.

Answer

OleDb doesn't support named parameters in sql command text, use positional syntax instead

String query1 = "UPDATE tb_benu SET be_sign = ? WHERE be_name = ?";

https://msdn.microsoft.com/en-us/library/system.data.oledb.oledbcommand.parameters(v=vs.110).aspx