-1

I'm trying to do is an automation, that receives data in a datagridview and after that, my current problem, saving it in sql I already made some experiments, what I got so far is this,

GDataPicker();
using (SqlCommand cmd = new SqlCommand())
        {
            cmd.Connection = conn;
            conn.Open();
            for (int x = 0; x < dataGridView1.Rows.Count; x++)
            {
                string strquery = @"INSERT INTO table_teste1 VALUES ("

                + dataGridView1.Rows[x].Cells["Rua"].Value + ", "
                + dataGridView1.Rows[x].Cells["Código Postal"].Value + ", "
                + dataGridView1.Rows[x].Cells["Distrito"].Value + ", "
                + dataGridView1.Rows[x].Cells["Concelho"].Value + ", "
                + dataGridView1.Rows[x].Cells["Freguesia"].Value + ", "
                + dataGridView1.Rows[x].Cells["GPS"].Value + ");";

                cmd.CommandText = strquery;
                cmd.ExecuteNonQuery();


            }
        }
        conn.Close();

the problem with this code is that I keep receiving this -> System.Data.SqlClient.SqlException: 'Incorrect syntax near 'de'.'

Could anyone try to help me, thanks.

ZnIpE
  • 5
  • 1
  • 3
  • 1
    Parameterize your queries! Not only is it *much* safer, you won't have this issue. – Broots Waymb Jun 29 '17 at 14:20
  • 1
    Possible duplicate of [SQL Insert Query Using C#](https://stackoverflow.com/questions/19956533/sql-insert-query-using-c-sharp) – mjwills Jun 29 '17 at 14:22
  • Also, what values are you inserting here? It's not clear where the 'de' comes from, so it seems like the data you're trying to insert is interfering with the SQL syntax. (Again, another reason to parameterize, otherwise I hope you're ok with SQL injection) – Broots Waymb Jun 29 '17 at 14:25
  • No i'm not, but it´s not like i m gonna post this database online, or something of a kind – Pedro Alvim Jun 29 '17 at 14:38
  • Does my code helped you? @PedroAlvim – Rekcs Jun 29 '17 at 14:42

1 Answers1

2

Try this and do your changes

GDataPicker();
conn.Open();

for (int x = 0; x < dataGridView1.Rows.Count; x++)
{
    cmd.Parameters.Add(new SqlParameter("@Rua", SqlDbType.VarChar, 255, "Rua"));
    cmd.Parameters.Add(new SqlParameter("@Codigo Postal", SqlDbType.VarChar, 255, "Codigo Postal"));
    cmd.Parameters.Add(new SqlParameter("@Distrito", SqlDbType.VarChar, 255, "Distrito"));
    cmd.Parameters.Add(new SqlParameter("@Concelho", SqlDbType.VarChar, 255, "Concelho"));
    cmd.Parameters.Add(new SqlParameter("@Freguesia", SqlDbType.VarChar, 255, "Freguesia"));
    cmd.Parameters.Add(new SqlParameter("@GPS", SqlDbType.VarChar, 255, "GPS"));

    cmd.Parameters["@Rua"].Value = dataGridView1.Rows[x].Cells[0].Value.ToString();
    cmd.Parameters["@Codigo Postal"].Value = dataGridView1.Rows[x].Cells[1].Value.ToString();
    cmd.Parameters["@Distrito"].Value = dataGridView1.Rows[x].Cells[2].Value.ToString();
    cmd.Parameters["@Concelho"].Value = dataGridView1.Rows[x].Cells[3].Value.ToString();
    cmd.Parameters["@Freguesia"].Value = dataGridView1.Rows[x].Cells[4].Value.ToString();
    cmd.Parameters["@GPS"].Value = dataGridView1.Rows[x].Cells[5].Value.ToString();

    cmd = new SqlCommand(strquery);
    cmd.Connection = con;

    cmd.ExecuteNonQuery();
}
conn.Close();
Rekcs
  • 869
  • 1
  • 7
  • 23