cnsql = "delete TbProduct where ProductID= "" & ProductID & """
cn = New SqlClient.SqlConnection(cnstr)
cn.Open()
cm = New SqlClient.SqlCommand(cnsql, cn)
dr = cm.ExecuteReader <----Error! it says Invalid column name
Um.
SQL DELETE operations do not return an SqlReader - only SELECT operations do that - so the system is confused as to what you are trying to do.
Try this instead:
...
cm = New SqlClient.SqlCommand(cnsql, cn)
cm.ExecuteScalar
But the string looks wrong as well, and even if you fix it:
cnsql = "DELETE FROM TbProduct WHERE ProductID= " & ProductID
You are leavign yourself wide open to SQL injection attacks. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
[edit]"delete TbProduct..." changed to "DELETE FROM TbProduct..." - Oops...[/edit]