Click here to Skip to main content
15,902,886 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi all,

I am using windows application with ms-access DB
When i am trying to update the query it shows error as syntax error in update statement

My Code is
VB
cmd.CommandText = "UPDATE Wsr_UserDetails SET Password='" & txtnpwd.Text & "',Confirm_Password='" & txtcpwd.Text & "',First_Login =1 WHERE UserId =" & UserId

           cmd.CommandType = CommandType.Text
           cmd.Connection = con
           cmd.ExecuteNonQuery()-------------> Getting error here

Thanks in Advance
Sucharitha
Posted
Updated 18-Jul-12 21:16pm
v2
Comments
Sandeep Mewara 19-Jul-12 3:15am    
Is UserId integer?
BTW, why confirm_password in DB?
Kaushik Saha from Kolkata,India 19-Jul-12 3:18am    
may be some column name or give datatype is not matched
Ranjith Reddy CSE 19-Jul-12 3:32am    
why dont you give concatenation +

I hope no-one is paying for this, because I'd fire you if you wrote this for me. Your syntax may or may not be correct, depending on the contents of those textboxes. Also, I can erase your database any time I like, by guessing that a bad programmer wrote code like this. Read up on SQL Injection attacks, you'll find everything you need to know about why this is unacceptable code, and how to write paramaterised queries.

your core issue was probably a ' in one of your textboxes. What is 'confirm_password' ? Surely that means the user typed it twice and you should be storing it once, after confirming they are the same ?
 
Share this answer
 
It's not obvious, there doesn't appear to be an obvious fault with your code. However, it it possible that it is caused by the way you are doing it.
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
VB
cmd.CommandText = "UPDATE Wsr_UserDetails SET Password=@PW,Confirm_Password=@CP,First_Login =1 WHERE UserId=@UI" 

cmd.CommandType = CommandType.Text
cmd.Parameters.AddWithValue("@PW", txtnpwd.Text)
cmd.Parameters.AddWithValue("@CP", txtcpwd.Text)
cmd.Parameters.AddWithValue("@UI", UserId)

Try that, and see if your problem goes away as well.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900