| Posted by Krij on 10/02/06 11:38 
Hi!
 Can anybody tell me what I'm missing here?
 
 I'm trying to insert a new record into a sql-database from code at
 runtime (not stored procedure),
 but get the following error message:
 
 "The 'strUn' is not permitted in this context.
 Only constants, expressions or variables allowed here.
 Column names are not permitted."
 
 //Create sql connection
 SqlConnection con = new SqlConnection
 ("server=LocalHost;database=Users;uid=geir;pwd=geir");
 
 //Open database connection
 con.Open();
 
 //Create variables to hold values from textboxes
 string strUn = txtUsername.Text;
 string strPw = txtPassword.Text;
 
 //Create a sqlCommand to insert textbox values into sql-database
 SqlCommand sqlcmd = new SqlCommand();
 sqlcmd.CommandText = "INSERT INTO tblUsers(Username,Password)
 VALUES(strUn, strPw)";
 sqlcmd.Connection = con;
 
 try
 {
 sqlcmd.ExecuteNonQuery();
 }
 catch(SqlException ex)
 {
 lblInfo.Text = "ExecuteNonQuery failed because: \n" +
 "\n" +
 ex.Message;
 }
 finally
 {
 con.Close();
 }
 [Back to original message] |