I have a command line that works:
oCmd.CommandText = "UPDATE prefs SET autoadd=" + ReaderParams.AutoAdd + "," +
"decodebarcode=" + ReaderParams.DecodeBarcode + "," +
"addunknown=" + ReaderParams.AddUnknown + "," +
"addone=" + ReaderParams.AddOne + "," +
"showdigits=" + ReaderParams.ShowDigits;
and the following does not work:
oCmd.CommandText =
"UPDATE prefs SET autoadd=" + ReaderParams.AutoAdd + "," + "decodebarcode=" + ReaderParams.DecodeBarcode + "," + "addunknown=" + ReaderParams.AddUnknown + "," + "addone=" + ReaderParams.AddOne + "," + "showdigits=" + ReaderParams.ShowDigits +"," + "datapath=\"" + ReaderParams.DataPath + "\"";Executing
int nRowCount = oCmd.ExecuteNonQuery();
on the second example returns
exception {System.Data.SqlServerCe.SqlCeErrorCollection
with message
The column name is not valid. [ Node name (if any) = ,Column name = sav ]
And native error code: 25503
What is not correct in this code Adding string value to UPDATE causes the code not to work. "ReaderParams" is the static class and its member DataPath is of type "string", the others are of type "byte".
Help in UPDATE SQL command IN SQL Server for Mobile
carface
Tnanx. This helped fine.
kennethkryger
"datapath=\"" + ReaderParams.DataPath + "\"";
with this one:
"datapath='" + ReaderParams.DataPath + "'";
This problems occur when you concatenate strings and not using command parameters. You should always use command paramaters, not just for preventing sql injection but also for not having problems with parameters format.