Click here to Skip to main content
15,796,738 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
Com2.CommandText = "update dbo.UserRecords set Last Login=" & dtpLastLog2.Value.ToString & "where " & txtEmailName.Text & "=Email"

The problem is the program is throwing an exception
System.Data.SqlClient.SqlException: 'Incorrect syntax near 'Login'.'

What I have tried:

I am trying to change time and date once I log in again(Value of dtpLastLog2) and display the time and date in the database (dbo.UserRecord). Where statement I am trying to compare the email saved in my database and the email I type in a textbox name txtEmailName if they have the same value. If they are, the changes will occur.
Updated 7-May-23 23:18pm
Richard Deeming 10-May-23 5:17am    
Com2.CommandText = "update dbo.UserRecords set [Last Login] = @LastLogin WHERE Email = @Email"
Com2.Parameters.AddWithValue("@LastLogin", dtpLastLog2.Value)
Com2.Parameters.AddWithValue("@Email", txtEmailName.Text)

1 solution

Look at the part before that word: set Last Login. What is "Last" in there for? Is the column's actual name two words, or is there a link character missing? If it is the actual name of the column then it needs to be surrounded by square brackets: set [Last Login].

But you have a much more serious problem with the above code, in that you are using string concatenation to build the statement without any checks on the validity of the input values. So your database is vulnerable to SQL injection attack which can compromise, or totally destroy, your system. You need to use parameterised queries for database access in all cases. See A guide to preventing SQL injection[^].
Share this answer
Rainy Plant 18-May-23 6:34am    
Slr and thank you, this solve my problem.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900