"" is not a valid name. Make sure that it does not include invalid characters or punctuation and tha

"" is not a valid name. Make sure that it does not include invalid characters or punctuation and tha

am 23.01.2008 05:20:31 von naijacoder

Hello Everyone,
I'm retrieving data from Excel from my asp.net page
The WorkSheet name is StatusPasPorts.

When i remove the column [Account Reference No.] it does work fine but if i
use it i get error :
'' is not a valid name. Make sure that it does not include invalid
characters or punctuation and that it is not too long.

SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$] where
[Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by [Event
Date] ASC

Any ideas what i'm missing.

Thanks in Advance

Re: "" is not a valid name. Make sure that it does not include invalid characters or punctuation and

am 23.01.2008 09:52:42 von Hans Kesting

rote explained on 23-1-2008 :
> Hello Everyone,
> I'm retrieving data from Excel from my asp.net page
> The WorkSheet name is StatusPasPorts.
>
> When i remove the column [Account Reference No.] it does work fine but if i
> use it i get error :
> '' is not a valid name. Make sure that it does not include invalid characters
> or punctuation and that it is not too long.
>
> SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
> Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$] where
> [Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by [Event
> Date] ASC
>
> Any ideas what i'm missing.
>
> Thanks in Advance

I have no experience with querying excel in this way, but the
errormessage suggests that there might be an invalid character. I think
the "." in [Account Reference No.] is a candidate. Try removing it
(also from the excel file).

Some other remarks:
I take it "TextBox1" is a TextBox? Then the .Text property is already a
string, so you don't need the ".ToString()".

What if someone used a "mobile number" the string "x' OR '1'='1"?
Then your query would return everything. This is "sql injection". In
normal database queries you can use parameters to guard against that.

Hans Kesting

Re: "" is not a valid name. Make sure that it does not include invalid characters or punctuation and

am 23.01.2008 16:07:34 von Mark Fitzpatrick

also, test to make sure that you're really getting a value in TextBox1.Text.
The '' usually means an empty string which, if the TextBox1 was empty, would
look exactly like ''.

When passing dynamic queries, it's often easiest to set the query to a
string variable first so you easily see what you're about to pass to the
database query. Then you could use Trace.Write (or Response.Write for the
more old-fashioned classic asp approach) to see what the actual dynamic
query contains. Checking the query passed helps you from trying to figure
out what's wrong with the query when the query could be fine, it's the data
getting passed into it that's bad or non-existant.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression

"rote" wrote in message
news:uUQuLdXXIHA.4740@TK2MSFTNGP02.phx.gbl...
> Hello Everyone,
> I'm retrieving data from Excel from my asp.net page
> The WorkSheet name is StatusPasPorts.
>
> When i remove the column [Account Reference No.] it does work fine but if
> i use it i get error :
> '' is not a valid name. Make sure that it does not include invalid
> characters or punctuation and that it is not too long.
>
> SELECT [Event Date],[Mobile Number],[Event Type Name],[Identification
> Method],[Customer DOB],[Account Reference No.] FROM [StatusPasPorts$]
> where [Mobile Number] = '" + this.TextBox1.Text.ToString() + "' order by
> [Event Date] ASC
>
> Any ideas what i'm missing.
>
> Thanks in Advance
>
>
>
>