Pronab Roy Pronab Roy - 1 month ago 10
Vb.net Question

Query produced from string concatenation fails with `Incorrect syntax near the keyword WHERE`

I want to insert values in two tables in the same time. The first value is integer type
Example
enter image description here

I am giving an input like $5000 this is my first value after i am converting the this value

quotvalue = Val(((finalpayment.Text) / 100) * 2)


Then I want to insert this two values first in textbox and second is the quotvalue

I am using SQL server 2008 there i have two tables
enter image description here

Among these two table I am inputting the values in Project_Progress and converting the value final_payment after I want to insert this value in Emplyee table column insentives

This is my sample code in VB.NET

myconnection = New SqlConnection(strconnection)
myconnection.Open()
quotvalue = Val(((finalpayment.Text) / 100) * 2)
myquery &= "insert into Project_Progress (Project_id,client_id, ex_id, final_payment, dateof_payment, stattus) values('" & txtprjectid.Text & "','" & clientid.Text & "','" & exid.Text & "','" & finalpayment.Text & "', '" & dateofquot.Text & "', '" & txtstatus.Text & "')"
myquery &= "insert into Emplyee (insentive) values('" & quotvalue & "') WHERE Project_Progress.ex_id = Emplyee.Emp_ID "
mycommand = New SqlCommand(myquery, myconnection)
mycommand.ExecuteNonQuery()
myconnection.Close()


After executing the code this problem is occurring

enter image description here

please help & suggest me what should i do

Answer Source

You have two statements (two inserts) in the same string/variable (myquery).

You should execute one first, and then the other.

Apart from that, take a look at 'Parametrized queries', 'cause your code is prone to SQL injection