1. Option. Works. When adding records to the database with a prescribed list of variables in the code
Code

MySqlCommand sqlCom = new MySqlCommand ("INSERT INTO " + textBox51.Text + // ТАБЛИЦА "(" + textBox52.Text + // ПОЛЯ ") VALUES" + "('" + pol_2 + "', '" + pol_3 // работает + "')", connection); // РАБОТАЕТ. ПОДСТАВЛЯЕТСЯ значение из переменных sqlCom.ExecuteNonQuery(); }

Option 2. Does not work. When adding records to the database with the prescribed list of variables in the textBox. In textBox I register - pol_2 + "','" + pol_3
Code

 MySqlCommand sqlCom = new MySqlCommand ("INSERT INTO " + textBox51.Text + // ТАБЛИЦА "(" + textBox52.Text + // ПОЛЯ ") VALUES" + "('" + textBox57.Text // НЕ РАБОТАЕТ ХХХ + "')", connection); // РАБОТАЕТ. ПОДСТАВЛЯЕТСЯ значение из переменных sqlCom.ExecuteNonQuery(); }

I attach a skin with an error message.

Question.

  1. Why does not work 2. Option?
  2. How to make a worker?

enter image description here

  • one
    Attach dynamically generated text from sqlCom.CommandText - Alexander Muksimov

1 answer 1

  1. You have a syntax error somewhere. To find it enough in the debbager to see which query is retrieved. Copy it on Wednesday with syntax highlighting and you will immediately see the error.
  2. It is not correct to insert variables directly into the code. Use a parameterized query. This will eliminate the possibility of SQL injection.
  • It worked. Something with the syntax messed up .. QUESTIONS: 1. How to make, to substitute the value of the variables, and not - "pol_1 +" "- and" "+ pol_2"? 2. debbager. What is and how to use (if you can link)? 3. Parameterized request - if not difficult, you can prompt a link to some link. or an example .. - koverflow
  • msdn.microsoft.com/ru-ru/library/… - iluxa1810