Click here to Skip to main content
15,065,914 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am using (2010) for database management with a MSAccess 2003 database on Windows10. For deletion of a record I using sql query:

query = "DELETE * FROM monthOverAll WHERE actDate =" + catchDate + "AND doneBy =" + catchDoneBy + "AND (Training > 0) OR (EA > 0) OR (OFT > 0) OR (FLD > 0) OR (splEvent > 0) OR (farmProd > 0) OR (CovidActivity > 0) OR (CFLD > 0))"

monthOverAll is the table
actDate, doneBy, Training, EA, OFT, FLD, splEvent, farmProd, CovidActivity, CFLD are database fields.
catchDate, catchDoneBy are variables.

while executing it I get the following error. Can anyone please help me with this. Thanks in advance.

Syntax error (missing operator) in query expression 'actDate =03-Aug-21AND doneBy =DR GPM SINGHAND (Training > 0) OR (EA > 0) OR (OFT > 0) OR (FLD > 0) OR (splEvent > 0) OR (farmProd > 0) OR (CovidActivity > 0) OR (CFLD > 0))'.

What I have tried:

I have tried all sorts combinations but nothing seems to work.
Updated 2-Aug-21 23:08pm

CPallini 3-Aug-21 5:09am
Maciej Los 3-Aug-21 9:40am
Thank you, Carlo!
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Fix that security vulnerability, and remove the extra closing parenthesis, and you'll also fix your error.
Using cmd As New OleDbCommand()
    cmd.Connection = conn
    cmd.CommandText = "DELETE FROM monthOverAll WHERE actDate = ? AND doneBy = ? And (Training > 0) OR (EA > 0) OR (OFT > 0) OR (FLD > 0) OR (splEvent > 0) OR (farmProd > 0) OR (CovidActivity > 0) OR (CFLD > 0)"
    cmd.Parameters.AddWithValue("actDate", catchDate)
    cmd.Parameters.AddWithValue("doneBy", catchDoneBy)
End Using

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
Maciej Los 3-Aug-21 5:09am
CPallini 3-Aug-21 5:09am
Thanks very much Richard. This works fine.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900