error on my update query?

tdignan87

Well-known member
Joined
Jul 8, 2019
Messages
95
Programming Experience
Beginner
Hi
Any ideas why i am getting this error on my update query?
Here is my code

C#:
String updateStockDet = db.Query<String>("UPDATE STOCKDET SET STOCKDET.PICKED = " + DateTime.Now.ToOADate() + " From STOCKDET Inner Join STOCKHDR On STOCKHDR.STOCKID = STOCKDET.STOCKHDRID Inner Join COMMODITIES On COMMODITIES.COMMODITYID = STOCKHDR.COMMODITYID "  +
                        " WHERE STOCKDET.QTY > 0 And STOCKDET.LOCATIONID = 2 And COMMODITIES.CODE Like 'M%' And STOCKDET.PICKED = 0").FirstOrDefault();
;

Here is the error i am getting.



FirebirdSql.Data.FirebirdClient.FbException (0x80004005): Dynamic SQL Error
SQL error code = -104
Token unknown - line 1, column 56
FROM ---> Dynamic SQL Error
SQL error code = -104
Token unknown - line 1, column 56
FROM
at FirebirdSql.Data.FirebirdClient.FbCommand.ExecuteReader(CommandBehavior behavior)
at FirebirdSql.Data.FirebirdClient.FbCommand.ExecuteDbDataReader(CommandBehavior behavior)
at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior)
at Dapper.SqlMapper.ExecuteReaderWithFlagsFallback(IDbCommand cmd, Boolean wasClosed, CommandBehavior behavior) in C:\projects\dapper\Dapper\SqlMapper.cs:line 1051
at Dapper.SqlMapper.<QueryImpl>d__140`1.MoveNext() in C:\projects\dapper\Dapper\SqlMapper.cs:line 1079
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at Dapper.SqlMapper.Query[T](IDbConnection cnn, String sql, Object param, IDbTransaction transaction, Boolean buffered, Nullable`1 commandTimeout, Nullable`1 commandType) in C:\projects\dapper\Dapper\SqlMapper.cs:line 721
at RFS_Stock_Move.Program.Main(String[] args) in C:\Users\User\source\repos\RFS Stock_Move\RFS Stock_Move\Program.cs:line 5525/02/2020 19:09:12


Any help would be appreciated. Thanks
Tom
 
If you look at the debugger, what is the value of that query string you composed? What is at offset 56 of that string?

As an aside, you really are setting yourself up for a SQL injection attack by concatenating strings like that for a SQL query. You should be using parameterized SQL queries.
 
Back
Top Bottom