When ever I click on the UPDATE button it showing me the error as "Syntax error (missing operators) in query expression" but the save and refresh functions are working fine. I don't know what is the syntax error in the update button.
Here is my code:
Private Sub FillDataGridView(ByVal Query As String)
da = New OleDbDataAdapter(Query, cn)
dt.Clear()
da.Fill(dt)
With DataGridView1
.DataSource = dt
.Columns(0).HeaderText = "ID"
.Columns(1).HeaderText = "Name"
.Columns(2).HeaderText = "Age"
.Columns(1).AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill
End With
End Sub
Private Sub BtnSearch_Click(sender As Object, e As EventArgs) Handles BtnSearch.Click
Try
FillDataGridView("select * from [edit$] where ID='" & TxtId.Text & "'")
TxtFamilyname.Text = dt.Rows(0).Item(1)
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, Text)
End Try
End Sub
Private Sub BtnSave_Click(sender As Object, e As EventArgs) Handles BtnSave.Click
Try
With cm
.Connection = cn
.CommandText = "insert into [edit$]values('" & TxtId.Text & "','" & TxtFamilyname.Text & "', '" & TxtAge.Text & "')"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, Text)
Return
End Try
MsgBox("successfully Saved!", MsgBoxStyle.Information, Text)
End Sub
Private Sub BtnUpdate_Click(sender As Object, e As EventArgs) Handles BtnUpdate.Click
Try
With cm
.Connection = cn
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where id ='" & TxtId.Text & "' where Age= '" & TxtAge.Text & "'"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information, Text)
Return
End Try
MsgBox("Successfully updated!", MsgBoxStyle.Information, Text)
End Sub
Use AND with WHERE clause between two or more conditions
where id ='" & TxtId.Text & "' AND Age= '" & TxtAge.Text & "'"
You probably shouldn't have single quotes around your id and age fields (assuming these are numeric data types) Also - you have two where clauses which is not allowed.
So it should look more like this:
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where id =" & TxtId.Text & " AND Age= " & TxtAge.Text
But having said that you shouldn't write sql queries like this anyway. Search for Little Bobby Tables, then search for parameterised queries - you don't need to worry about single quotes when using parameterised queries
You cant have two where clauses...
Use "AND"/"OR" to extend your query.
SQL AND & OR Operators
There are two WHERE statements in your Update CommanText, try the following;
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where id ='" & TxtId.Text & "' and Age= '" & TxtAge.Text & "'"
You can't have two where clauses in the update. Use and between the conditions:
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where id ='" & TxtId.Text & "' and Age= '" & TxtAge.Text & "'"
That said, your code is wide open for SQL injection attacks. You should rather use parameterised queries than to concatenate the values into the queries. Example:
With cm
.Connection = cn
.CommandText = "Update [edit$] set [Family Name] = #name where id = #id and Age = #age"
.Parameters.AddWithValue("#name", TxtFamilyname.Text)
.Parameters.AddWithValue("#id", TxtId.Text)
.Parameters.AddWithValue("#age", TxtAge.Text)
.ExecuteNonQuery()
End With
Related
If ComboBox1.Text = "New Student" Then
Dim result As Integer = MessageBox.Show("Are you sure you want to add the student as a " & ComboBox1.Text, "Added", MessageBoxButtons.YesNo)
If result = DialogResult.Yes Then
Command.Connection = Connection
Command.CommandText = "UPDATE [Student] SET [Status] =#stat WHERE [RegistrationNumber] = '" & TextBox10.Text & "'"
Command.Parameters.AddWithValue("#stat", ComboBox1.Text)
Command.ExecuteNonQuery()
MsgBox("Student Status is " & ComboBox1.Text)
StudentRegister.loaded()
StudentRegister.Show()
Me.Hide()
ElseIf result = DialogResult.No Then
Me.Show()
End If
I don't know what was the wrong with the code, (data type mismatch) please help. thank you.
I have gotten this error several times but the problems is always coming from the values you are passing not corresponding with the datatype of that table in the db
In this case
Command.CommandText = "UPDATE [Student] SET [Status] =#stat WHERE [RegistrationNumber] = '" & TextBox10.Text & "'
RegistrationNumber might be an integer in your db.
Passing it as
Command.CommandText = "UPDATE [Student] SET [Status] =#stat WHERE [RegistrationNumber] = val('" & TextBox10.Text & "')" would do the magic. Good luck
If ComboBox1.Text = "New Student" Then
Dim result As Integer = MessageBox.Show("Are you sure you want to add the student as a " & ComboBox1.Text, "Added", MessageBoxButtons.YesNo)
If result = DialogResult.Yes Then
Command.Connection = Connection
Command.CommandText = "UPDATE [Student] SET [Status] = '" & ComboBox1.Text & "' WHERE [RegistrationNumber] = '" & TextBox10.Text & "'"
Command.ExecuteNonQuery()
MsgBox("Student Status is " & ComboBox1.Text)
StudentRegister.loaded()
StudentRegister.Show()
Me.Hide()
ElseIf result = DialogResult.No Then
Me.Show()
End If
''I Just redirected the ComboBox1.Text to the Command.CommandText instead of adding a Shortcut: (#stat)
I don't know where I should put the semicolon. Here's my code:
Try
cn.Open()
Dim query As String = "INSERT INTO CheckoutTable(PatientID,_Name,_Age,_Gender,_Phone,_Address,_Disease,_DateIN,_DateOUT,_Building,_RoomNo,_RoomType,_UnitPrice,_Status,_MASP,_Price) VALUES('" & txtPID.Text & "','" & txtName.Text & "','" & txtAge.Text & "','" & cmbGender.Text & "','" & txtPhone.Text & "','" & txtAddress.Text & "','" & txtDisease.Text & "',' " & txtDI.Text & " ',' " & txtDO.Text & " ','" & txtRT.Text & "','" & txtBuilding.Text & "','" & txtRN.Text & "',' " & txtMNS.Text & " ',' " & txtUnitPrice.Text & " ',' " & cmbStatus.Text & " ','" & txtPrice.Text & "')" & _
"DELETE From RegistrationTable where [_Name]='" & ListBox1.Text & "'" & _
"Select * from RegistrationTable"
Dim cmds As New OleDbCommand
With cmds
.CommandText = query
.Connection = cn
.ExecuteNonQuery()
End With
MsgBox("Checkout Success", MsgBoxStyle.Information)
cn.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
Try
cn.Open()
Dim insertQuery as String = "INSERT INTO CheckoutTable(PatientID,_Name,_Age,_Gender,_Phone,_Address,_Disease,_DateIN,_DateOUT,_Building,_RoomNo,_RoomType,_UnitPrice,_Status,_MASP,_Price) " & _
"VALUES(#PatientID, #Name, #Age, #Gender, #Phone, #Address, #Disease , #DateIn, #DateOut, #Building, #RoomNo, #RoomType, #UnitPrice, #Status, #MASP, #Price) "
Dim deleteQuery as String = "DELETE From RegistrationTable where [_Name]= #RegName "
Dim selectQuery as String = "Select * from RegistrationTable"
Dim insertCmd As New OleDbCommand
Dim deleteCmd as New OleDbCommand
With insertCmd
.Connection = cn
.CommandText = insertQuery
.Parameters.AddWithValue("#PatientID", txtPID.Text)
.Parameters.AddWithValue("#Name", txtName.Text)
.Parameters.AddWithValue("#Age", txtAge.Text)
.Parameters.AddWithValue("#Gender", cmbGender.Text)
.Parameters.AddWithValue("#Phone", txtPhone.Text)
.Parameters.AddWithValue("#Address", txtAddress.Text)
.Parameters.AddWithValue("#Disease", txtDisease.Text)
.Parameters.AddWithValue("#DateIn", txtDI.Text)
.Parameters.AddWithValue("#DateOUT", txtDO.Text)
.Parameters.AddWithValue("#Building", txtBuilding.Text)
.Parameters.AddWithValue("#RoomNo", txtRN.Text)
.Parameters.AddWithValue("#RoomType", txtRT.Text)
.Parameters.AddWithValue("#UnitPrice", txtUnitPrice.Text)
.Parameters.AddWithValue("#MASP", txtMNS.Text)
.Parameters.AddWithValue("#Status", cmbStatus.Text)
.Parameters.AddWithValue("#Price", txtPrice.Text)
.ExecuteNonQuery()
End With
With deleteCmd
.Connection = cn
.CommandText = deleteQuery
.Parameters.AddWithValue("#RegName", ListBox1.Text)
.ExecuteNonQuery()
End With
MsgBox("Checkout Success", MsgBoxStyle.Information)
cn.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
#StingyJack is right, I could break your db 6 ways from sunday if I had access to your interface as you're currently not doing ANYTHING to mitigate SQL injection. In addition to parameterizing your queries to protect against injection, I removed the need to HAVE a ; at the end of each DML statement in your query, by breaking them into separate commands. The select and displaying it's results, I leave to you.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I don't know why when ever I click on the update button, I get an error
Syntax error in UPDATE statement
I have no idea what's going wrong in my code
This is my code:
Public Class Form1
Private Function vld(ByVal ParamArray ctl() As Object) As Boolean
For i As Integer = 0 To UBound(ctl)
If ctl(i).text = "" Then
ErrorProvider1.SetError(ctl(i), ctl(i).tag)
Return False
Exit For
End If
Next
Return True
End Function
Dim cn As New OleDbConnection
Dim cm As New OleDbCommand
Dim da As OleDbDataAdapter
Dim dt As New DataTable
Private Sub Form1_FormClosing(sender As Object, e As System.Windows.Forms.FormClosingEventArgs) Handles Me.FormClosing
cn.Close()
End Sub
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
TxtExamtime.Format = DateTimePickerFormat.Custom
TxtExamtime.CustomFormat = "hh:MM tt"
cn.ConnectionString = "provider=microsoft.jet.oledb.4.0; Data Source=C:\psave\New folder\save.xls;Extended Properties=Excel 8.0;"
cn.Open()
FillDataGridView("select ID, Family Name, Given Name, Gender, DOB, Exam Date, Exam Time, Street Name, House Nr, PLZ, City from [edit$]")
End Sub
Private Sub FillDataGridView(ByVal Query As String)
da = New OleDbDataAdapter(Query, cn)
dt.Clear()
da.Fill(dt)
With DataGridView1
.DataSource = dt
.Columns(0).HeaderText = "ID"
.Columns(1).HeaderText = "Family Name"
.Columns(2).HeaderText = "Given Name"
.Columns(3).HeaderText = "Gender"
.Columns(4).HeaderText = "DOB"
.Columns(5).HeaderText = "Exam Date"
.Columns(6).HeaderText = "Exam Time"
.Columns(7).HeaderText = "Street Name"
.Columns(8).HeaderText = "House Nr"
.Columns(9).HeaderText = "PLZ"
.Columns(10).HeaderText = "City"
.Columns(10).AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill
End With
End Sub
Private Sub BtnSearch_Click(sender As Object, e As EventArgs) Handles BtnSearch.Click
Try
FillDataGridView("select * from [edit$] where ID='" & TxtId.Text & "'")
TxtFamilyname.Text = dt.Rows(0).Item(1)
TxtGivenname.Text = dt.Rows(0).Item(2)
TxtGender.Text = dt.Rows(0).Item(3)
TxtDob.Text = dt.Rows(0).Item(4)
TxtExamdate.Text = dt.Rows(0).Item(5)
TxtExamtime.Text = dt.Rows(0).Item(6)
TxtStreet.Text = dt.Rows(0).Item(7)
TxtHouse.Text = dt.Rows(0).Item(8)
TxtPlz.Text = dt.Rows(0).Item(9)
TxtCity.Text = dt.Rows(0).Item(10)
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, Text)
End Try
End Sub
Private Sub BtnSave_Click(sender As Object, e As EventArgs) Handles BtnSave.Click
If vld(TxtId, TxtFamilyname, TxtGivenname, TxtGender, TxtDob, TxtExamdate, TxtExamtime, TxtStreet, TxtHouse, TxtPlz, TxtCity) = False Then
Exit Sub
Else
End If
Try
With cm
.Connection = cn
.CommandText = "insert into [edit$]values('" & TxtId.Text & "','" & TxtFamilyname.Text & "','" & TxtGivenname.Text & "','" & TxtGender.Text & "','" & TxtDob.Text & "','" & TxtExamdate.Text & "','" & TxtExamtime.Text & "','" & TxtStreet.Text & "','" & TxtHouse.Text & "','" & TxtPlz.Text & "','" & TxtCity.Text & "' )"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, Text)
Return
End Try
MsgBox("succefully Saved!", MsgBoxStyle.Information, Text)
End Sub
Private Sub BtnUpdate_Click(sender As Object, e As EventArgs) Handles Btnupdate.Click
Try
With cm
.Connection = cn
.CommandText = "Update from [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where ID ='" & TxtId.Text & "' and Given Name = '" & TxtGivenname.Text & "' and Gender = '" & TxtGender.Text & "'and DOB = '" & TxtDob.Text & "'and Exam Date'" & TxtExamdate.Text & "'and Exam Time = '" & TxtExamtime.Text & "'and Street Name = '" & TxtStreet.Text & "'and House Nr = '" & TxtHouse.Text & "'and PLZ = '" & TxtPlz.Text & "'and CITY = '" & TxtCity.Text & "'"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information, Text)
Return
End Try
MsgBox("Succesfully updated!", MsgBoxStyle.Information, Text)
End Sub
Private Sub BtnClose_Click(sender As Object, e As EventArgs) Handles BtnClose.Click
Close()
End Sub
Private Sub BtnClear_Click(sender As Object, e As EventArgs) Handles BtnClear.Click
TxtId.Clear()
TxtFamilyname.Clear()
TxtGivenname.Clear()
TxtStreet.Clear()
TxtHouse.Clear()
TxtPlz.Clear()
TxtCity.Clear()
'To see all the data in DataGridView
FillDataGridView("select * from[edit$]")
End Sub
Private Sub BtnDelete_Click(sender As Object, e As EventArgs) Handles BtnDelete.Click
Try
With cm
.Connection = cn
.CommandText = "Delete from [edit$] where [Family Name] = '" & TxtFamilyname.Text & "' and ID ='" & TxtId.Text & "' and [Given Name] = '" & TxtGivenname.Text & "'and Gender = '" & TxtGender.Text & "'and DOB = '" & TxtDob.Text & "'and [Exam Date]'" & TxtExamdate.Text & "'and [Exam Time] = '" & TxtExamtime.Text & "'and [Street Name] = '" & TxtStreet.Text & "'and [House Nr] = '" & TxtHouse.Text & "'and PLZ = '" & TxtPlz.Text & "'and CITY = '" & TxtCity.Text & "'"
.ExecuteNonQuery()
End With
MsgBox("Succesfully Deleted!", MsgBoxStyle.Information, Text)
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information, Text)
End Try
End Sub
End Class
An Update statement does not have a "From" in it, so it should start with...
Update [Edit$]
There's a couple of other things wrong too. If the ID is a number then it probably doesn't need bounding single quotes, through they won't stop it either...
Where ID = " & txtId.text & "
Columns names that have embedded white space need bounding brackets...
and [Given Name] = '" & txtGivenName.text & "'
Finally, this statement is wide open to SQL Injection, where someone could do serious damage to your table by entering SQL into one of your text boxes. Please consider using parameters instead.
You should also consider using Microsoft.ACE.OLEDB.12.0 as the one you are using is quite old now.
You should probably have other parameters in your extended properties if you want to use Excel as a database, in particular you will need HDR=Yes...
Extended Properties=""Excel 8.0;HDR=Yes"""
This tells OLEDB that the first line of your sheet contains the column names, otherwise it will use F1...Fn (I think but it may be C1...Cn)
Beside some other issues with your code (e.g. you should almost always use parameterized queries), Update from [edit$] set... is wrong.
Just use Update [edit$] set....
Your Syntax for Update statment is clearly not correct :
please find below code :
Private Sub BtnUpdate_Click(sender As Object, e As EventArgs) Handles Btnupdate.Click
Try
With cm
.Connection = cn
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where ID ='" & TxtId.Text & "' and [Given Name] = '" & TxtGivenname.Text & "' and Gender = '" & TxtGender.Text & "'and DOB = '" & TxtDob.Text & "'and [Exam Date]='" & TxtExamdate.Text & "'and [Exam Time]= '" & TxtExamtime.Text & "'and [Street Name] = '" & TxtStreet.Text & "'and [House Nr]= '" & TxtHouse.Text & "'and PLZ = '" & TxtPlz.Text & "'and CITY = '" & TxtCity.Text & "'"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information, Text)
Return
End Try
MsgBox("Succesfully updated!", MsgBoxStyle.Information, Text)
End Sub
Place all column names inside [ ] other wise the query will be interpreted wrongly because it might ignore the rest of the query as soon as it encounters a white space
You have done it correctly for family name but certainly ignored other column names which have a space in between them
I don't know why when ever I click on the update button, I get an error
Syntax error in UPDATE statement
I have no idea what's going wrong in my code
This is my code:
Public Class Form1
Private Function vld(ByVal ParamArray ctl() As Object) As Boolean
For i As Integer = 0 To UBound(ctl)
If ctl(i).text = "" Then
ErrorProvider1.SetError(ctl(i), ctl(i).tag)
Return False
Exit For
End If
Next
Return True
End Function
Dim cn As New OleDbConnection
Dim cm As New OleDbCommand
Dim da As OleDbDataAdapter
Dim dt As New DataTable
Private Sub Form1_FormClosing(sender As Object, e As System.Windows.Forms.FormClosingEventArgs) Handles Me.FormClosing
cn.Close()
End Sub
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
TxtExamtime.Format = DateTimePickerFormat.Custom
TxtExamtime.CustomFormat = "hh:MM tt"
cn.ConnectionString = "provider=microsoft.jet.oledb.4.0; Data Source=C:\psave\New folder\save.xls;Extended Properties=Excel 8.0;"
cn.Open()
FillDataGridView("select ID, Family Name, Given Name, Gender, DOB, Exam Date, Exam Time, Street Name, House Nr, PLZ, City from [edit$]")
End Sub
Private Sub FillDataGridView(ByVal Query As String)
da = New OleDbDataAdapter(Query, cn)
dt.Clear()
da.Fill(dt)
With DataGridView1
.DataSource = dt
.Columns(0).HeaderText = "ID"
.Columns(1).HeaderText = "Family Name"
.Columns(2).HeaderText = "Given Name"
.Columns(3).HeaderText = "Gender"
.Columns(4).HeaderText = "DOB"
.Columns(5).HeaderText = "Exam Date"
.Columns(6).HeaderText = "Exam Time"
.Columns(7).HeaderText = "Street Name"
.Columns(8).HeaderText = "House Nr"
.Columns(9).HeaderText = "PLZ"
.Columns(10).HeaderText = "City"
.Columns(10).AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill
End With
End Sub
Private Sub BtnSearch_Click(sender As Object, e As EventArgs) Handles BtnSearch.Click
Try
FillDataGridView("select * from [edit$] where ID='" & TxtId.Text & "'")
TxtFamilyname.Text = dt.Rows(0).Item(1)
TxtGivenname.Text = dt.Rows(0).Item(2)
TxtGender.Text = dt.Rows(0).Item(3)
TxtDob.Text = dt.Rows(0).Item(4)
TxtExamdate.Text = dt.Rows(0).Item(5)
TxtExamtime.Text = dt.Rows(0).Item(6)
TxtStreet.Text = dt.Rows(0).Item(7)
TxtHouse.Text = dt.Rows(0).Item(8)
TxtPlz.Text = dt.Rows(0).Item(9)
TxtCity.Text = dt.Rows(0).Item(10)
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, Text)
End Try
End Sub
Private Sub BtnSave_Click(sender As Object, e As EventArgs) Handles BtnSave.Click
If vld(TxtId, TxtFamilyname, TxtGivenname, TxtGender, TxtDob, TxtExamdate, TxtExamtime, TxtStreet, TxtHouse, TxtPlz, TxtCity) = False Then
Exit Sub
Else
End If
Try
With cm
.Connection = cn
.CommandText = "insert into [edit$]values('" & TxtId.Text & "','" & TxtFamilyname.Text & "','" & TxtGivenname.Text & "','" & TxtGender.Text & "','" & TxtDob.Text & "','" & TxtExamdate.Text & "','" & TxtExamtime.Text & "','" & TxtStreet.Text & "','" & TxtHouse.Text & "','" & TxtPlz.Text & "','" & TxtCity.Text & "' )"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, Text)
Return
End Try
MsgBox("succefully Saved!", MsgBoxStyle.Information, Text)
End Sub
Private Sub BtnUpdate_Click(sender As Object, e As EventArgs) Handles Btnupdate.Click
Try
With cm
.Connection = cn
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where [ID] ='" & TxtId.Text & "' and [Given Name] = '" & TxtGivenname.Text & "' and [Gender] = '" & TxtGender.Text & "'and [DOB] = '" & TxtDob.Text & "'and [Exam Date]'" & TxtExamdate.Text & "'and [Exam Time] = '" & TxtExamtime.Text & "'and [Street Name] = '" & TxtStreet.Text & "'and [House Nr] = '" & TxtHouse.Text & "'and [PLZ] = '" & TxtPlz.Text & "'and [CITY] = '" & TxtCity.Text & "'"
.ExecuteNonQuery()
End With
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information, Text)
Return
End Try
MsgBox("Succesfully updated!", MsgBoxStyle.Information, Text)
End Sub
Private Sub BtnClose_Click(sender As Object, e As EventArgs) Handles BtnClose.Click
Close()
End Sub
Private Sub BtnClear_Click(sender As Object, e As EventArgs) Handles BtnClear.Click
TxtId.Clear()
TxtFamilyname.Clear()
TxtGivenname.Clear()
TxtStreet.Clear()
TxtHouse.Clear()
TxtPlz.Clear()
TxtCity.Clear()
'To see all the data in DataGridView
FillDataGridView("select * from[edit$]")
End Sub
Private Sub BtnDelete_Click(sender As Object, e As EventArgs) Handles BtnDelete.Click
Try
With cm
.Connection = cn
.CommandText = "Delete from [edit$] where [Family Name] = '" & TxtFamilyname.Text & "' and [ID] ='" & TxtId.Text & "' and [Given Name] = '" & TxtGivenname.Text & "'and [Gender] = '" & TxtGender.Text & "'and [DOB] = '" & TxtDob.Text & "'and [Exam Date]'" & TxtExamdate.Text & "'and [Exam Time] = '" & TxtExamtime.Text & "'and [Street Name] = '" & TxtStreet.Text & "'and [House Nr] = '" & TxtHouse.Text & "'and [PLZ] = '" & TxtPlz.Text & "'and [CITY] = '" & TxtCity.Text & "'"
.ExecuteNonQuery()
End With
MsgBox("Succesfully Deleted!", MsgBoxStyle.Information, Text)
FillDataGridView("select * from [edit$]")
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Information, Text)
End Try
End Sub
End Class
See if this helps you:
.CommandText = "Update [edit$] set [Family Name] = '" & TxtFamilyname.Text & "' where ID = '" & TxtId.Text & "' and [Given Name] = '" & TxtGivenname.Text & "' and Gender = '" & TxtGender.Text & "' and DOB = '" & TxtDob.Text & "' and [Exam Date] = '" & TxtExamdate.Text & "' and [Exam Time] = '" & TxtExamtime.Text & "' and [Street Name] = '" & TxtStreet.Text & "' and [House Nr] = '" & TxtHouse.Text & "' and PLZ = '" & TxtPlz.Text & "' and CITY = '" & TxtCity.Text & "'"
Changes I made:
Added spaces in between values and the AND keyword (for example, TxtExamdate.Text & "'and [Exam Time] needs a space before "and")
Added missing equal signs between field names and values (for example, and [Exam Date]'" & TxtExamdate.Text should look more like and [Exam Date] = '" & TxtExamdate.Text)
Got rid of extraneous brackets
If you still have problems, consider that you are inserting strings (which could potentially contain any printable character (and non-printable characters!) from textboxes, directly into your statement. If these strings contain illegal characters (for example, single or double quotes) they will change the meaning of your UPDATE statement, and possibly invalidate the syntax. It has been suggested before (in the other question) that you should use parametrized queries. Finally, you may get a Data Type Mismatch error if any of your table columns are not strings (like "ID"), because you're sending them all as strings (enclosed in double quotes).
And please, only post a question once, from a single account.
I cant figure out whats wrong with this,when i update a record from my list view a pop up appears saying no value given for one or more required parameters.
heres my code:
Private Sub BtnUpdate_Click(sender As Object, e As EventArgs) Handles BtnUpdate.Click
Try
Dim SqlQuery As String = "UPDATE UsersTable Set AccountType = '" & CmbAccountType.Text & "' , Username = '" & TxtUsername.Text & "' , UserPassword = '" & TxtPassword.Text & "' , Firstname = '" & TxtFirstname.Text & "' , Lastname = '" & TxtLastname.Text & "' , Sex = '" & CmbSex.Text & "',Birthdate = '" & DateTimePickerBirthdate.Text & "' , ContactNumber = '" & TxtContact.Text & "' , Address = '" & TxtAddress.Text & "' WHERE UserID = " & id & ";"
Dim SqlCommand As New OleDbCommand
With SqlCommand
.CommandText = SqlQuery
.Connection = Conn
.ExecuteNonQuery()
End With
MsgBox("Account successfully updated!")
loadlistview()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Private Sub BtnDelete_Click(sender As Object, e As EventArgs) Handles BtnDelete.Click
Try
Dim SqlQuery As String = "DELETE FROM ProductTable WHERE UserID = " & id & ";"
Dim SqlCommand As New OleDbCommand
With SqlCommand
.CommandText = SqlQuery
.Connection = Conn
.ExecuteNonQuery()
End With
MsgBox("Account deleted.")
loadlistview()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
The problem is in the WHERE condition which you used in your query. so you can correct it by using the following query
In update query :
Dim SqlQuery As String = "UPDATE UsersTable Set AccountType = '" & CmbAccountType.Text & "'....................." & _
"WHERE UserID = '" & id & "';" '<----- you miss a single quote in where clause.
In Delete query :
Dim SqlQuery As String = "DELETE FROM ProductTable WHERE UserID = '" & id & "';"