sql Update command Error
-
I have some sql Update command error. I get the following error message when i run my project. " ERROR [42000] [Microsoft] [ODBC Microsoft Access Driver] Syntax error in UPDATE statement " some of my code is following.... Dim CW As Integer Dim RCW As Integer ------------------------------------------------------------------------------------------------------------------------ Dim level As String = CStr(ComboBox1.SelectedItem.ToString) Dim exercise As String = CStr(ComboBox2.SelectedItem.ToString) Dim FWds As String = CStr(lblFalseWords.Text) Dim SpanTime As String = CStr(hour ) "UPDATE tblSave SET Level=' " & level & " ',Exercise=' " & exercise & " ',CWords=" & CW & ",FWords=' " & FWds & " ',WPM=" & RCW & ",SpanTime=' " & SpanTime & " ' WHERE tblSave.UserName=' " & CurrentUser & " ' " Please tell me some suggestion.....:confused:
-
I have some sql Update command error. I get the following error message when i run my project. " ERROR [42000] [Microsoft] [ODBC Microsoft Access Driver] Syntax error in UPDATE statement " some of my code is following.... Dim CW As Integer Dim RCW As Integer ------------------------------------------------------------------------------------------------------------------------ Dim level As String = CStr(ComboBox1.SelectedItem.ToString) Dim exercise As String = CStr(ComboBox2.SelectedItem.ToString) Dim FWds As String = CStr(lblFalseWords.Text) Dim SpanTime As String = CStr(hour ) "UPDATE tblSave SET Level=' " & level & " ',Exercise=' " & exercise & " ',CWords=" & CW & ",FWords=' " & FWds & " ',WPM=" & RCW & ",SpanTime=' " & SpanTime & " ' WHERE tblSave.UserName=' " & CurrentUser & " ' " Please tell me some suggestion.....:confused:
Well my first suggestion is to read up on SQL injection attacks, to understand why you should never allow any system to use this code, ever. Next, I would point out that CW and RCW are used without you giving them a value. However, I'd say your core issue is simply that you're doing your own bit of SQL injection, that values in the strings you're passing through are what's causing this SQL to break. Did you go into the debugger to look at the final SQL string and see what the final SQL line looks like ? Perhaps if you copied and pasted it into SQL Server, it would explain it even better, but the solution is to use stored procs and pass your parameters in a sane way, not by string mashing
Christian Graus - Microsoft MVP - C++ "also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
-
I have some sql Update command error. I get the following error message when i run my project. " ERROR [42000] [Microsoft] [ODBC Microsoft Access Driver] Syntax error in UPDATE statement " some of my code is following.... Dim CW As Integer Dim RCW As Integer ------------------------------------------------------------------------------------------------------------------------ Dim level As String = CStr(ComboBox1.SelectedItem.ToString) Dim exercise As String = CStr(ComboBox2.SelectedItem.ToString) Dim FWds As String = CStr(lblFalseWords.Text) Dim SpanTime As String = CStr(hour ) "UPDATE tblSave SET Level=' " & level & " ',Exercise=' " & exercise & " ',CWords=" & CW & ",FWords=' " & FWds & " ',WPM=" & RCW & ",SpanTime=' " & SpanTime & " ' WHERE tblSave.UserName=' " & CurrentUser & " ' " Please tell me some suggestion.....:confused:
In "tblSave" table, if CWords and WPM columns are of VarChar Datatype then you have to alter update query as below: 'UPDATE tblSave SET Level='" & level & "',Exercise='" & exercise & "',CWords='" & CW & "',FWords='" & FWds & "',WPM='" & RCW & "',SpanTime='" & SpanTime & "' WHERE tblSave.UserName='" & CurrentUser & "'" And For Level, Excercise, FWords and SpanTime columns ur giving one space after single quote, if the query runs successfully that space will also insert into the database.
-
In "tblSave" table, if CWords and WPM columns are of VarChar Datatype then you have to alter update query as below: 'UPDATE tblSave SET Level='" & level & "',Exercise='" & exercise & "',CWords='" & CW & "',FWords='" & FWds & "',WPM='" & RCW & "',SpanTime='" & SpanTime & "' WHERE tblSave.UserName='" & CurrentUser & "'" And For Level, Excercise, FWords and SpanTime columns ur giving one space after single quote, if the query runs successfully that space will also insert into the database.
Now i get success by adding [] in Level field. Now my success code is "UPDATE tblSave SET [Level]='" & level & "',Exercise='" & exercise & "',CWords=" & CW & ",FWords='" & FWds & "',WPM=' & RCW & ",SpanTime='" & SpanTime & "' WHERE tblSave.UserName='" & CurrentUser & "'" Plese tell me how do u think for above metter?
-
Now i get success by adding [] in Level field. Now my success code is "UPDATE tblSave SET [Level]='" & level & "',Exercise='" & exercise & "',CWords=" & CW & ",FWords='" & FWds & "',WPM=' & RCW & ",SpanTime='" & SpanTime & "' WHERE tblSave.UserName='" & CurrentUser & "'" Plese tell me how do u think for above metter?
sounds like "Level" is a keyword and has to be put into [] if used as column.