I have a button which when pressed, sets the user’s rights in the db. (If Administrator UserTypeID is set to ‘2’ and if Customer it is set to ‘1’). However when I run the below code, everything remains the same. I think it’s from the SQL statement but I;m not sure. Can anyone help please?
Protected Sub btnSetUser_Click(sender As Object, e As System.EventArgs) _
Handles btnSetUser.Click
Dim conn As New OleDbConnection( _
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\...\WebSite3\db.mdb;")
Dim cmd As OleDbCommand = _
New OleDbCommand("UPDATE [User] SET [UserTypeID] WHERE Username=?", conn)
conn.Open()
cmd.Parameters.AddWithValue("@Username", txtUser.Text)
If ddUserType.SelectedItem.Text = "Administrator" Then
cmd.Parameters.AddWithValue("@UserTypeID", "2")
cmd.ExecuteNonQuery()
lblSetUser.Text = txtUser.Text + "was set to Administrator."
ElseIf ddUserType.SelectedItem.Text = "Customer" Then
cmd.Parameters.AddWithValue("@UserTypeID", "1")
cmd.ExecuteNonQuery()
lblSetUser.Text = txtUser.Text + "was set to Customer."
End If
conn.Close()
End Sub
End Class
If you add a parameter
@Usernameyour command should have such a parameterAlso, you add an additional parameter later, which does not occur at all in your query! You call
cmd.ExecuteNonQuery(), which works only for INSERT, UPDATE and DELETE queries.Your query should probably look like this
UPDATE (some clarifications)
In
"UDATE [User] SET UserTypeID = @UserTypeID WHERE Username = @Username"[User]is the name of the tableUserTypeIDis the name of the user type id column@UserTypeIDis the name of the user type id parameter (the new value)Usernameis the name of the user name column@Usernameis the name of the user name parameterYou might have to change these names in order to match your actual situation.