Error while inserting Guid value to Sql Server(UniqueIdentifier column). (Description Inside)

Question

I have one table in my DB, in which 2 columns where uniqueidentifier not null type. I'm trying to insert a row on that table from asp.net c# as follows,

sqlCmd.CommandText = string.Format("Insert Into Member(MemberNo,MemberEmpId,...) values({0},{1},... )", MemNo, MemEmpNo, ...);

It throws me the following exception,

"The floating point value '24e46222' is out of the range of computer representation (8 bytes). Incorrect syntax near 'a8c'. The floating point value '6664e7925' is out of the range of computer representation (8 bytes)."

I googled about this error, and got a reference, I tried that but still gives the same error . could someone help me to solve this. I don't find anything rather than this.

Thanks in Advance!

Answer 1

You are missing quotes on the Guid, that's why you were getting the error. You should actually be using parameterized query to avoid sql injection and issues like this (e.g. missing quotes)

Should be (but not advisable)

values({0},'{1}',... )  //<-- see the added quotes around the Guid part

Ideally, you should be using parameterized

values(@id,@guid,... ) //<--

and setting the values

cmd.Parameters.AddWithValue("@id", someValueHere);
cmd.Parameters.AddWithValue("@guid", someGuidValueHere");

Answer 2

As usual the problems arise from the string concatenation.
If you had used a parameterized query you would not have had any problems

sqlCmd.CommandText = "Insert Into Member(MemberNo,MemberEmpId,...) " + 
                     "values(@guid, @memID,... )";
sqlCmd.Parameters.AddWithValue("@guid", MemNo);
sqlCmd.Parameters.AddWithValue("@memID", MemEmpNo);
....

sqlCmd.ExecuteNonQuery();

In this way, the work to correctly parse the values, will be passed to the framework code who knows better how to handle Guids, strings with quotes, decimals, dates etc...