VBA SQL Syntax Problems - sql

I have the following SQL:
SQL = "UPDATE [TBLTMP] SET TBLTMP24 '" & Me.TOWN & "' WHERE TBLTMP00 = '" & "1" & "';"
Table name TBLTMP
Field to update TBLTMP24
Record to update TBLTMP00
I want to store the value of ‘Me.Town’ in the field TBLTMP24 which is in the table TBLTMP, record number 1, anyone have any ideas what might work?

You're missing an = in your SQL Statement after TBLTMP24. You're statement should be:
SQL = "UPDATE [TBLTMP] SET TBLTMP24 = '" & Me.TOWN & "' WHERE TBLTMP00 = '" & "1" & "';"

I think all you need is to add = into your query, like below:
SQL = "UPDATE TBLTMP SET TBLTMP24 = '" & Me.TOWN & "' WHERE TBLTMP00 = '" & "1" & "';"
If you want to change some columns add commas, like below:
SQL = "UPDATE TBLTMP SET TBLTMP24 = '" & Me.TOWN & "', another_col = '" & Me.another & "' WHERE TBLTMP00 = '" & "1" & "';"

Related

UPDATE Query in MS Access using SQL in VBA with declared strings

been a while since I've posted so please forgive any formatting issues. Looking to update a table field with a value from another record in the same field in the same table.
I've declared two strings, and the strDeal string is coming back with the correct values when debugging. However when I introduce the string into the sql statement I can't the query to update the field. I'm not sure exactly what isn't working correctly, so any help would be appreciated.
The basics are I'm trying to update the Case_Qty field with a value from the same field in the same table based on the returned value from a subquery. Thanks!
Dim strDeal As String
Dim strSQL As String
strDeal = DMax("[Deal_No]", "[tblStructuresNoDAworking]", "[Structure_Name] = Forms!frmStructNoDASetup!Structure_Name AND [FG_Ind] = 0 AND [Deal_No] < Forms!frmStructNoDASetup!Deal_No")
strSQL = "UPDATE tblStructuresNoDAworking SET tblStructuresNoDAworking.Case_Qty = (SELECT [Case_Qty] FROM tblStructuresNoDAworking WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & strDeal & "') WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & Me.Deal_No.Value & "'"
DoCmd.RunSQL (strSQL)
Try this where you concatenate the values from the form:
Dim strDeal As String
Dim strSQL As String
strDeal = DMax("[Deal_No]", "[tblStructuresNoDAworking]", "[Structure_Name] = '" & Forms!frmStructNoDASetup!Structure_Name & "' AND [FG_Ind] = 0 AND [Deal_No] < '" & Forms!frmStructNoDASetup!Deal_No & "'")
strSQL = "UPDATE tblStructuresNoDAworking " & _
"SET tblStructuresNoDAworking.Case_Qty = " & _
" (SELECT [Case_Qty] " & _
" FROM tblStructuresNoDAworking " & _
" WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & strDeal & "') " & _
"WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = '" & Me.Deal_No.Value & "'"
DoCmd.RunSQL strSQL
For numeric Deal:
Dim Deal As Long
Dim strSQL As String
Deal = DMax("[Deal_No]", "[tblStructuresNoDAworking]", "[Structure_Name] = '" & Forms!frmStructNoDASetup!Structure_Name & "' AND [FG_Ind] = 0 AND [Deal_No] < '" & Forms!frmStructNoDASetup!Deal_No & "'")
strSQL = "UPDATE tblStructuresNoDAworking " & _
"SET tblStructuresNoDAworking.Case_Qty = " & _
" (SELECT [Case_Qty] " & _
" FROM tblStructuresNoDAworking " & _
" WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = " & Deal & ") " & _
"WHERE [Structure_Name] = '" & Me.Structure_Name.Value & "' AND [Deal_No] = " & Me.Deal_No.Value & ""
DoCmd.RunSQL strSQL

How to use multiple conditions which are variables in SQL in VBA code?

I am trying to run a select query statement like this in a table from VBA:
variable_a = 1
variable_b = 2
after proper database connection the query goes like:
SQry = "select CONCAT(Col1,Colb) as TOTAL from MyTable where Col1 = '" & variable_a & "' AND '" & variable_b & "'"
But it fails.\
How can I use that "AND" in between 2 or more statements which are variables of VBA? It works fine with one condition but the "AND" or "OR" part messes it up.
Thank you
Tried dividing the query into several lines like:
sq1 = "select CONCAT(Col1,Colb) AS TOTAL from MyTable" &
sq2 = "where Col1 = " & _
sq3 = " '" & variable_a & "'" & _
sq4 = " ' and ' " & _
sq5 = " Col2 = '" & variable_b & "'"

Incorrect Syntax Near "("

So I was trying to do Update my database using buttons in VB.Net. I tried following different syntax in Updating tables but it still come up with the same error. It is so frustrating because we are running out of time to finish our system because of this. Please help me :'(
So this is my code wherein it will called after the button is clicked. What is wrong with my syntax here?
Public Sub UpdateClient(Client_ID As Integer, _ClientName As String, _Company_Add As String, _Email_Add As String,
_Tin_No As String, _Contact_Person As String, _Mobile_No As String, _Telephone_No As String,
_Remarks As String, _User As String)
Try
Dim strInsert As String = "UPDATE CLIENTS SET (ClientID = '" & Client_ID & "', ClientName = '" & _ClientName & "', Company_Add = '" & _Company_Add & "', Email_Add = '" & _Email_Add & "', Tin_No = '" & _Tin_No & "', Contact_Person = '" & _Contact_Person & "', Mobile_No = '" & _Mobile_No & "', Telephone_No = '" & _Telephone_No & "', Remarks = '" & _Remarks & "', User_ = '" & _User & "') WHERE (ClientID = '" & Client_ID & "') "
SQLCon.Open()
SqlCmd = New SqlCommand(strInsert, SQLCon)
SqlCmd.ExecuteNonQuery()
SQLCon.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Then here is my code on the button event:
Public Sub Update_Client()
SQL.UpdateClient(ClientIDLabel1.Text, txtCnamee.Text, txtCadd.Text, txtEadd.Text, txtTin.Text, txtCper.Text, txtMno.Text, txtTel.Text, txtRem.Text, User_Label1.Text)
End Sub
I'm pretty sure the error is in my sql string. What could it be? Please please help me :'(
P.s. I'm new to using VB.Net. Please bear with me :( Thank you.
Here is the immediate problem with your code: the syntax of UPDATE is as follows:
UPDATE <table> SET <field1>=<value1>, <field2>=<value2> ...
Note that the list of variables that you set is not enclosed in parentheses. You need to remove ( and ) from your parenthesized list to fix the syntax problem in your SQL:
Dim strInsert As String = "UPDATE CLIENTS SET ClientID = '" & Client_ID & "', ClientName = '" & _ClientName & "', Company_Add = '" & _Company_Add & "', Email_Add = '" & _Email_Add & "', Tin_No = '" & _Tin_No & "', Contact_Person = '" & _Contact_Person & "', Mobile_No = '" & _Mobile_No & "', Telephone_No = '" & _Telephone_No & "', Remarks = '" & _Remarks & "', User_ = '" & _User & "' WHERE (ClientID = '" & Client_ID & "') "
However, there is a much bigger problem: your program can be broken by =SQL injection attacks, which is very dangerous. You need to rewrite your SQL to accept parameters, and use parameterized SQL to fix this vulnerability. See an answer to this question for a quick example of how to parameterize your query.

SQL access 2007 query error "Data type mismatch in criteria expression.”

I'm trying to make a query in Access 2007, but it keeps giving me this error
Data type mismatch in criteria expression.
The query is
Dim SqlQuery As String = "UPDATE FullNameTable
SET FirstName = '" & fname.Text & "',
MiddleName = '" & mname.Text & "',
LastName = '" & lname.Text & "'
WHERE ID = '" & id & "'"
Why do I get this error?

Trouble with updating database data

I'm having trouble with my UPDATE statement in which I'm trying to update table data through WHERE clause, which gives me error of data miss-match.
sqL = "UPDATE Customer SET name= '" & txtName.Text & "', adress= '" & txtAdress.Text & "', contact = '" & txtContact.Text & "' WHERE Customer_ID = '" & txtCustomerID.Text & "'"
I've also tried
sqL = "UPDATE Customer SET name= '" & txtName.Text & "', adress= '" & txtAdress.Text & "', contact = '" & txtContact.Text & "' WHERE Customer_ID = '" & Convert.ToInt32(txtCustomerID.Text) & "'"
with no luck.
Please use a parameterised query which is much cleaner and safer:
If you are on c#:
string sql = "UPDATE Customer SET name= #name, adress=#address, contact = #contact" +
" WHERE Customer_ID = #id";
using(SqlConnection conn = new SqlConnection("yourConnectionString"))
{
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("#name",txtName.Text);
cmd.Parameters.AddWithValue("#address",txtAdress.Text);
cmd.Parameters.AddWithValue("#contact",txtContact.Text);
/*
NOTE: Make sure Textbox value is convertible to Customer_ID data type
before executing the query. It should be done before the using statement.
Use string.Trim() method to remove any space characters at start/end
*/
cmd.Parameters.AddWithValue("#id",txtCustomerID.Text.Trim());
conn.Open();
cmd.ExecuteNonQuery();
}
It looks like the data type of Customer_ID is an int. In that case, remove the single quotes from around your convert statement.
sqL = "UPDATE Customer SET name= '" & txtName.Text & "', adress= '" & txtAdress.Text & "', contact = '" & txtContact.Text & "' WHERE Customer_ID = " & Convert.ToInt32(txtCustomerID.Text)
But do double check the data type in your table to be sure.
Your query will not compile :-
The string concatenation operator in C# is plus sign not ampersand.
however as kaf advised always use parametrized queries.
Try using plus sign instead of an ampersand.
"UPDATE Customer SET name= '" + txtName.Text + "', adress= '" + txtAdress.Text + "', contact = '" + txtContact.Text + "' WHERE Customer_ID = '" + txtCustomerID.Text + "'"
If customer ID is int ,convert it to int .