update syntax error ?

Question

1.00/5 (1 vote)

See more:

what could be possible syntax error in this ..

q1 = "UPDATE clients SET name='" & txtname.Text & "',add='" & txtadd.Text & "',contact='" & txtco.Text & "',email='" & txtemail.Text & "',bal=" & txtbal.Text & "where ID=" & cid & ";"

this command is showing as syntax error... :(

please help..

Posted 14-Jan-12 0:24am

cool aashi143

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-01-14T00:31:00

Would you like a list?

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. It also frequently causes problems like this.

What is the content of your textboxes? Since you are handing it to SQL as part of a string, it is very relevant when tryingf to diagnose a problem.

VB

q1 = "UPDATE clients SET name=@NAME,add=@ADD,contact=@CONT,email=@EMAIL,bal=@BAL WHERE ID=@ID"

Then hand the parameters to your SqlCommand object:

VB

cmd.Parameters.AddWithVAlue("@NAME", txtname.Text)
cmd.Parameters.AddWithVAlue("@ADD", txtadd.Text)
cmd.Parameters.AddWithVAlue("@CONT", txtco.Text)
cmd.Parameters.AddWithVAlue("@EMAIL", txtemail.Text)
cmd.Parameters.AddWithVAlue("@BAL", txtbal.Text)
cmd.Parameters.AddWithVAlue("@ID", cid)

Jαved · Answer 2 · 2012-01-15T02:14:00

Hi cool aashi143,

your error is near

VB

bal= txtbal.Text

change it to

VB

bal= cint(txtbal.Text)

Reason is when you send values to database the field with numeric values must be converted to Number/ Integer. Here CInt converts the value in the txtbal Textbox to integer as it was in String as everything in textbox is considered as String.

Thanks,

update syntax error ?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0