syntax error in update statement

Question

0.00/5 (No votes)

See more:

Hi all,

I am using windows application with ms-access DB
When i am trying to update the query it shows error as syntax error in update statement

My Code is

VB

cmd.CommandText = "UPDATE Wsr_UserDetails SET Password='" & txtnpwd.Text & "',Confirm_Password='" & txtcpwd.Text & "',First_Login =1 WHERE UserId =" & UserId

           cmd.CommandType = CommandType.Text
           cmd.Connection = con
           cmd.ExecuteNonQuery()-------------> Getting error here

Thanks in Advance
Sucharitha

Posted 18-Jul-12 21:08pm

RagSuchi

Updated 18-Jul-12 21:16pm

Sandeep Mewara

v2

Add a Solution

Comments

Sandeep Mewara 19-Jul-12 3:15am

Is UserId integer?
BTW, why confirm_password in DB?

Kaushik Saha from Kolkata,India 19-Jul-12 3:18am

may be some column name or give datatype is not matched

Ranjith Reddy CSE 19-Jul-12 3:32am

why dont you give concatenation +

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Christian Graus · Answer 1 · 2012-07-18T21:15:00

I hope no-one is paying for this, because I'd fire you if you wrote this for me. Your syntax may or may not be correct, depending on the contents of those textboxes. Also, I can erase your database any time I like, by guessing that a bad programmer wrote code like this. Read up on SQL Injection attacks, you'll find everything you need to know about why this is unacceptable code, and how to write paramaterised queries.

your core issue was probably a ' in one of your textboxes. What is 'confirm_password' ? Surely that means the user typed it twice and you should be storing it once, after confirming they are the same ?

OriginalGriff · Answer 2 · 2012-07-18T21:23:00

It's not obvious, there doesn't appear to be an obvious fault with your code. However, it it possible that it is caused by the way you are doing it.
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

VB

cmd.CommandText = "UPDATE Wsr_UserDetails SET Password=@PW,Confirm_Password=@CP,First_Login =1 WHERE UserId=@UI" 

cmd.CommandType = CommandType.Text
cmd.Parameters.AddWithValue("@PW", txtnpwd.Text)
cmd.Parameters.AddWithValue("@CP", txtcpwd.Text)
cmd.Parameters.AddWithValue("@UI", UserId)

Try that, and see if your problem goes away as well.

syntax error in update statement

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0