We Keep Coding

VB.net - Syntax error in ms access SQL update query

I have prepared my project in vb.net with access database, but I am getting an error like "syntax error in update statement"
I have used following code:
Dim cn As New OleDb.OleDbConnection
Dim cm As New OleDb.OleDbCommand
cn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\NAV Vikram\DATABASE NAVPREET.mdb"
cn.Open()
cm.Connection = cn
cm.CommandText = "UPDATE DATAENTRY2 set [DIAGNOSIS]='" & TextBox13.Text & "',WHERE[opdno]='" & TextBox1.Text & "' "
cm.ExecuteNonQuery()
Any help would be appreciated.

omit , before WHERE and add space after it. Change:
cm.CommandText = "UPDATE DATAENTRY2 set [DIAGNOSIS]='" & TextBox13.Text & "',WHERE[opdno]='" & TextBox1.Text & "' "
to:
cm.CommandText = "UPDATE DATAENTRY2 set [DIAGNOSIS]='" & TextBox13.Text & "' WHERE [opdno]='" & TextBox1.Text & "' "
Also Use SQL parameters. (Not very keen to vb to show you example)

You have syntax error in your query. Please remove comma (,) you have used before where clause from query, as it is used to separate two different column
Dim cn As New OleDb.OleDbConnection
Dim cm As New OleDb.OleDbCommand
cn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\NAV Vikram\DATABASE NAVPREET.mdb"
cn.Open()
cm.Connection = cn
cm.CommandText = "UPDATE DATAENTRY2 set [DIAGNOSIS]='" & TextBox13.Text & "' WHERE[opdno]='" & TextBox1.Text & "' "
cm.ExecuteNonQuery()

Solve error in update query

I have code that throws an error - I need your help to solve it.
The error is
Syntax error in update statement
My code:
Try
Dim conn As OleDbConnection = New OleDbConnection(My.Resources.ConnectionString)
Dim cmd As OleDbCommand
conn.Open()
Dim Sql As String = "select * from Administretor"
cmd = New OleDbCommand(Sql, conn)
Dim userE, userR As String
userE = txtOldPass.Text
Dim reder As OleDbDataReader = cmd.ExecuteReader()
While reder.Read()
userR = reder.Item(0)
End While
If userE = userR Then
If txtNewPass.Text = txtNewConfromPass.Text And txtNewConfromPass.Text <> "" And txtNewPass.Text <> "" Then
Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
Dim cmd0 As OleDbCommand = New OleDbCommand(Sql, conn)
cmd0.ExecuteNonQuery()
Else
MsgBox("Make sure that you have entered new password in both text Box and they both are same...!")
End If
Else
MsgBox("Enter the correct Username")
End If
MsgBox("Done 2")
Catch ex As OleDbException
MsgBox(ex.Message)
End Try

Two errors
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| |
Missing single quote here---+ |
|
LogIn_Id will never equal the old password--------------------------------+
But apart from the simple syntax errors you have a huge SQL injection vulnerability from building the SQL out of pieces including user input.

In this part,
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where ...
The PASSWORD will have a single quote before it, and no single quote after it.
Change it to:
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & "' where ...
Notice the extra single quote here ----------------------------------------^

Add this syntax :
Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
Clipboard.SetText(Sql)
The query will be in your clipboard. Run it on SQL(whichever you are using), and see if the query runs smoothly?
Please show us what the query generation holds and what the error it produce when running directly from the SQL.

is it possible to set a parameter for selecting a table?

sorry for the noob question..but here's what i did
Dim cmd As New SqlCommand("Declare #mychar varchar(60) " & _
"Set #mychar = '" & TextBox2.Text & "'" & _
"Select * from #mychar", conn)
Dim rdr As SqlDataReader = cmd.ExecuteReader
While rdr.Read()
ListView2.Items.Add(rdr("Account"))
End While
rdr.Close()
but i get an error saying "Must declare the table variable "#mychar"." what's wrong ? or is this not just possible ? thanks in advance..

Dim cmd As New SqlCommand(" Select * from " & TextBox2.Text & " ", conn)
Dim rdr As SqlDataReader = cmd.ExecuteReader
While rdr.Read()
ListView2.Items.Add(rdr("Account"))
End While
rdr.Close()

syntax error in FROM clause in vb.net

Dim nm As String
Dim pass As String
nm = TextBox1.Text
pass = TextBox2.Text
Try
cn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Pavilion\Documents\Visual Studio 2010\Projects\WindowsApplication5\Ent.accdb"
cn.Open()
Dim sql As String
sql = "SELECT * FROM user WHERE UName='" & nm & "'AND Pwd='" & pass & "'"
cmd = New OleDbCommand(sql, cn)
dr = cmd.ExecuteReader
While (dr.Read())
If ((nm.Equals(dr(0))) And pass.Equals(dr(1))) Then
MessageBox.Show("Login Sucessful")
End If
End While
Catch ex As Exception
MsgBox("Login Failed :" & ex.Message)
End Try
This code is giving the following error syntax error in FROM clause

#Tim is correct, but I think you might also have problem with your SQL as user is a reserved word. If I execute
SELECT * FROM user WHERE UName='fred' AND Pwd='123'
in SQL Server
I get told Incorrect syntax near the keyword 'user'.
You can overcome this by putting [] around the tablename, i.e.
Select * FROM [user] WHERE UName='fred' AND Pwd='123'

If the code you posted is copy and paste, you're missing a space between the username and the AND keyword.
Your code:
"SELECT * FROM user WHERE UName='" & nm & "'AND Pwd='" & pass & "'"
Should be:
"SELECT * FROM user WHERE UName='" & nm & "' AND Pwd='" & pass & "'"
However, you should use parameterized queries to avoid the possibility of SQL injection attacks. Something like this:
sql = "SELECT * FROM user WHERE UName=#nm AND Pwd=#pass"
cmd = New OleDbCommand(sql, cn)
cmd.Parameters.AddWithValue("#nm", TextBox1.Text)
cmd.Parameters.AddWithValue("#pass", TextBox2.Text)
cmd.CommandType = CommandType.Text
dr = cmd.ExecuteReader

Try
cn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Pavilion\Documents\Visual Studio 2010\Projects\WindowsApplication5\Ent.accdb"
cn.Open()
Dim sql As String
sql = "SELECT * FROM user WHERE UName='" + nm + "'AND Pwd='" + pass + "'"
cmd = New OleDbCommand(sql, cn)
dr = cmd.ExecuteReader
While (dr.Read())
If ((nm.Equals(dr(0))) And pass.Equals(dr(1))) Then
MessageBox.Show("Login Sucessful")
End If
End While
Catch ex As Exception
MsgBox("Login Failed :" & ex.Message)
End Try

"SELECT Firstname FROM [RegUser] where Firstname=#d3 and password=#d4"
i just enclose my table name into brackets and its done.. it works actually
i hope this will help you a lot..

execute multiple command for update vb.net

i am working on a vb project . in this i need to save some record to one table and update some records in another table in one event or click .. i am doing like this .
dim simpan as new sqlcommand
conn = New SqlConnection(connectionstring)
conn.Open()
simpan = New SqlCommand()
simpan.Connection = conn
simpan.CommandType = CommandType.Text
simpan.CommandText = "update barang set (nama_barang,harga)values(" & TextBox3.Text & ",'" & TextBox4.Text & "') where kode_barang = '" & TextBox2.Text & "'"
simpan.ExecuteNonQuery()
tampil()
MsgBox("Data Berhasil Diubah", MsgBoxStyle.Information, "Informasi")
conn.Close()
but it giving error as "incorrect syntax near '('" .. i am not getting where i go wrong .. please help me

I see a couple issues with this...
Your Syntax is wrong on your update statement (Al-3sli beat me to that one).
Your textbox values will cause issues if a user types a single quote in the text box (For Example: The word "Wasn't".
Add the replace function to each textbox TextBox3.text.Replace("'","''") That will replace single ticks with two single ticks.
You might also consider using parameterized queries

You can't use update like this, change your code like so:
simpan.CommandText = "update barang set nama_barang = '" & TextBox3.Text & "',harga ='" & TextBox4.Text & "' where kode_barang = '" & TextBox2.Text & "'"
simpan.ExecuteNonQuery()