Click here to Skip to main content
15,881,841 members
Search within:


I am using access database and I am developing update code. It gives me error like "Syntax error in UPDATE statement." . So please help me for this error.
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
OleDb
Syntax error in UPDATE statement:-
VB
public int UpdateClientInfo(ClientMaster currentSelectedItem)
{
   string strQuery = "UPDATE ClientMaster SET " +
   "SubgroupName = '" + currentSelectedItem.Subgroup_Name + "' , " +
   "FirstName = '" + currentSelectedItem.FirstName + "' , " +
   "FirstAge = '" + currentSelectedItem.FirstAge + "' , " +
   "FirstPAN = '" + currentSelectedItem.FirstPAN + "' , " +
   "FatherHusbandName = '" + currentSelectedItem.Father_husbandName + "' , " +
   "Address1 = '" + currentSelectedItem.Address1 + "' , " +
   "Area = '" + currentSelectedItem.Area + "' , " +
   "City = '" + currentSelectedItem.City + "' , " +
   "Pincode = '" + currentSelectedItem.Pincode + "' , " +
   "Mobile = '" + currentSelectedItem.Mobile + "' , " +
   "DPName = '" + currentSelectedItem.DP_Name + "' , " +
   "DematNo = '" + currentSelectedItem.Demat_No + "' , " +
   "BankName = '" + currentSelectedItem.BankName + "' , " +
   "BranchName = '" + currentSelectedItem.BranchName + "' , " +
   "WHERE Id = " + currentSelectedItem.Client_Id;
   return oConnectionClass.ExecuteNonQuery(strQuery);
}
Posted
Updated 14-Oct-15 23:42pm
v3
Add a Solution
Comments
$*Developer - Vaibhav*$ 15-Oct-15 5:51am    
Please database table structure...so it will be easy to identify.......

2 solutions

Never, ever construct a SQL statement by concatenating strings obtained from user inputs. This leaves your code wide open to SQL injection attacks.
Better user parameterized queries instead.
Something like:
C#
string query = "UPDATE ClientMaster SET SubGroupName = @subGroupName, FirstName = @firstName, FirstAge = @firstAge, FirstPAN = @firstPAN, FatherHusbandName = @fatherHusbandName, Address1 = @address1, Area = @area, City = @city, PinCode = @pinCode, Mobile = @mobile, DPName = @dpName, DematNo = @dematNo, BankName = @bankName, BranchName = @branchName WHERE Id = @id";
using (SqlConnection connection = /* construct your connection here */)
using (SqlCommand command = new SqlCommand(query, connection))
{
   connection.Open();
   command.Parameters.AddWithValue("@subGroupName", currentSelectedItem.Subgroup_Name);
   command.Parameters.AddWithValue(/* etc. */);
   // ...
   return command.ExecuteNonQuery();
}
 
Share this answer
 
Posted
Updated 14-Oct-15 23:51pm
v2
Change

SQL
"BranchName = '" + currentSelectedItem.BranchName + "' , " +
   "WHERE Id = " + currentSelectedItem.Client_Id;


to

SQL
"BranchName = '" + currentSelectedItem.BranchName + "' " +
   "WHERE Id = " + currentSelectedItem.Client_Id;


However you'll also get this error if any of your text fields have an apostrophe in them. And the code also leaves you open to sql injection attacks. Use parameterised queries instead (google for examples).
 
Share this answer
 
Posted
Comments
phil.o 15-Oct-15 5:56am    
Good catch for the last comma :)
5'd
keyur_raval 15-Oct-15 6:23am    
Thank you very much I solve this error.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Oct 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900