Do not use string concatenation in query strings, as its highly unsafe.
Your issue in your case is the missing
"
symbol and the
;
symbol for closing the statement as well as the query at then end of your query string.
string sq = ("Update BillTable Set Quantity = " + textBox5.Text + " where Id = " + textBox2.Text + ";");
In MySQL, SQL, you can use Named parameters like @Yourname in your query. But in OleDB you need to specify your parameters in the order of your query and use ? instead of @. See below:
String dStr = "Two";
String eStr = "Three";
OleDbCommand cmdcom = new OleDbCommand("Insert Into Opp [Year] VALUES (?eNum);", Conn);
cmdcom.Parameters.AddWithValue("?eNum", OledbType.VarChar).Value = dStr);
Parameters in OleDb queries are only assigned by position and the names are disregarded entirely. You can use named queries if added in an orderly way. Meaning; if your query has multiple placeholders
?
, they will be called in the order they are wrote. Example:
cmdcom.Parameters.AddWithValue("?dNum", OledbType.VarChar).Value = dStr);
cmdcom.Parameters.AddWithValue("?eNum", OledbType.VarChar).Value = eStr);
Also, some words are
Reserved Words In OleDB and are required to be wrapped in
[]
brackets. If Year were a reserved word (which it is), you would also wrap that in square brackets.