I am trying to make a SQL query and save the result in an XML file but I get the error as thepicture I attached here INVALID COLUMN! this query works fine in SQL server but not here
namespace xxxxxxxxxxxx
{
public partial class MainWindow : Window
{
string vinValue;
string operationValue;
string serviceValue;
public MainWindow()
{
InitializeComponent();
}
private void FrameLoad_Activated(object sender, EventArgs e)
{
}
private void btnGo_Click(object sender, RoutedEventArgs e)
{
DataSet ds = new DataSet();
SqlDataAdapter adapter;
string sql = String.Format("SELECT FGACJD_Vin_Ecu.Vin,FGACJD_Vin_Ecu.NHard,"+
"FGACJD_Vin_Ecu.NVerHard,FGACJD_Vin_Ecu.NSoft,FGACJD_Vin_Ecu.NVerSoft,"+
"InfoProg_wiTECH_Global.NHard,InfoProg_wiTECH_Global.NVerHard,"+
"InfoProg_wiTECH_Global.NSoft,InfoProg_wiTECH_Global.NSoftNew,"+
"InfoProg_wiTECH_Global.NVerSoft,InfoProg_wiTECH_Global.NomeFile,"+
"InfoProg_wiTECH_Associa.KeyJoined,InfoProg_wiTECH_Associa.MakeID,"+
"InfoProg_wiTECH_Associa.ModelID,InfoProg_wiTECH_Associa.Model_Type "+
"FROM FGACJD_Vin_Ecu, InfoProg_wiTECH_Global,InfoProg_wiTECH_Associa "+
"WHERE [FGACJD_Vin_Ecu.Vin]='{0}'"+
" AND InfoProg_wiTECH_Associa.KeyJoined = InfoProg_wiTECH_Global.NomeFile"+
" AND FGACJD_Vin_Ecu.NHard=InfoProg_wiTECH_Global.NHard"+
" AND InfoProg_wiTECH_Global.NVerHard like '%'+FGACJD_Vin_Ecu.NVerHard "+
"FOR XML PATH('flash'), ROOT ('FlashList ')", vinValue);
//TextOutput.Text = sql;
string connectionString = "user id=xxx;password=xxx;"+
"server=localhost;" +
"Trusted_Connection=yes;" +
"database=xxx; " +
"connection timeout=30";
SqlConnection conn = new SqlConnection(connectionString);
try
{
conn.Open();
}
catch (Exception)
{
string err = "Database error contact administrator";
MessageBox.Show(err, "Error!");
}
try
{
adapter = new SqlDataAdapter(sql, conn);
adapter.Fill(ds);
conn.Close();
ds.WriteXml("Product.xml");
MessageBox.Show("Done");
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
private void TextInput_TextChanged(object sender, TextChangedEventArgs e)
{
vinValue = TextInput.Text;
}
private void ComboBox_SelectionChanged(object sender, SelectionChangedEventArgs e)
{
var comboBox = sender as ComboBox;
serviceValue = comboBox.SelectedItem as string;
this.Title = "Selected: " + serviceValue;
}
private void ComboBox_Loaded(object sender, RoutedEventArgs e)
{
List<string> data = new List<string>();
data.Add("getFlashListByVIN");
var comboBox = sender as ComboBox;
comboBox.ItemsSource = data;
comboBox.SelectedIndex = 0;
}
private void Operation_Loaded(object sender, RoutedEventArgs e)
{
List<string> data = new List<string>();
data.Add("MOC");
var comboBox = sender as ComboBox;
comboBox.ItemsSource = data;
comboBox.SelectedIndex = 0;
}
private void Operation_SelectionChanged(object sender, SelectionChangedEventArgs e)
{
var comboBox = sender as ComboBox;
operationValue = comboBox.SelectedItem as string;
this.Title = "Selected: " + operationValue;
}
}
}
I get this error
System.Data.SqlClient.SqlException (0x80131904): Invalid column name 'FGACJD_Vin_Ecu.Vin'. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) at FlashListByVinLadan.MainWindow.btnGo_Click(Object sender, RoutedEventArgs e) in c:\Users\Finsoft\Desktop\test\FlashListByVinLadan\FlashListByVinLadan\MainWindow.xaml.cs:line 80 ClientConnectionId:3653b64e-bb82-41cb-8fc8-4d92fbaa3c3e Error Number:207,State:1,Class:16
String.Formatdoes not prevent you from sql-injection. Instead use sql-parameters. – Tim Schmelter@, then you can remove all those"+ "even with multiple lines. – Tim Schmelter[FGACJD_Vin_Ecu.Vin]into[FGACJD_Vin_Ecu].[Vin]– A ツ