0

I have code that throws an error - I need your help to solve it.

The error is

Syntax error in update statement

My code:

Try
    Dim conn As OleDbConnection = New OleDbConnection(My.Resources.ConnectionString)
    Dim cmd As OleDbCommand

    conn.Open()

    Dim Sql As String = "select * from Administretor"
    cmd = New OleDbCommand(Sql, conn)

    Dim userE, userR As String
    userE = txtOldPass.Text

    Dim reder As OleDbDataReader = cmd.ExecuteReader()

    While reder.Read()
        userR = reder.Item(0)
    End While

    If userE = userR Then
        If txtNewPass.Text = txtNewConfromPass.Text And txtNewConfromPass.Text <> "" And txtNewPass.Text <> "" Then
            Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""

            Dim cmd0 As OleDbCommand = New OleDbCommand(Sql, conn)
            cmd0.ExecuteNonQuery()
        Else
            MsgBox("Make sure that you have entered new password in both text Box and they both are same...!")
        End If
    Else
        MsgBox("Enter the correct Username")
    End If

    MsgBox("Done 2")
Catch ex As OleDbException
    MsgBox(ex.Message)
End Try
Improve this question
2
  • It still fires an error it is the same Commented Jul 31, 2016 at 3:45
  • Which RDBMS is this for? Please add a tag to specify whether you're using mysql, postgresql, sql-server, oracle or db2 - or something else entirely. Commented Jul 31, 2016 at 7:17

3 Answers 3

Reset to default
1

Two errors

"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
                                                           ^      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                                                           |                  |
                               Missing single quote here---+                  |
                                                                              |
    LogIn_Id will never equal the old password--------------------------------+

But apart from the simple syntax errors you have a huge SQL injection vulnerability from building the SQL out of pieces including user input.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

In this part,
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where ...

The PASSWORD will have a single quote before it, and no single quote after it.

Change it to:
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & "' where ...
Notice the extra single quote here ----------------------------------------^

Improve this answer

4 Comments

Can u tell me how to do it with adepter
Just change your code, add the extra single quote where I showed you. What do you mean by adepter ?
Sorry, Then I can't help without clearer understanding and lots more information
Suggest you extract exact SQL being passed to the database server, and the error message you are getting, and post that....
0

Add this syntax :

Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""

Clipboard.SetText(Sql)

The query will be in your clipboard. Run it on SQL(whichever you are using), and see if the query runs smoothly?

Please show us what the query generation holds and what the error it produce when running directly from the SQL.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.