I have this sql statement to update a column in access db from vb

Question

0

Asked: June 2, 20262026-06-02T07:53:31+00:00 2026-06-02T07:53:31+00:00

I have this sql statement to update a column in access db from vb

0

I have this sql statement to update a column in access db from vb but when I run the program it shows that there is a syntax error in the statement. The code:

cmd.Connection = cnn
cmd.CommandText = 
    "UPDATE users SET password='" & 
    Me.pd.Text.Trim & "' WHERE password='" & Me.pd.Tag.ToString & "'"
cmd.ExecuteNonQuery()`

The error shows that there is a syntax error in update statement. I’ve tried to find the error but in vain.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-02T07:53:32+00:00

First of all you should do the update by a different field (e.g. user id, name, email) and not by the current password.

Try to use named parameters instead of string concatenation to avoid errors due to values containing ' and SQL Injection.

You could also use [name] to escape the name of tables or fields (assuming you are using SQL Server).

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparametercollection.addwithvalue.aspx#Y684

cmd.CommandText = "UPDATE [users] SET [password]=@current_password WHERE [password]=@new_password"
cmd.Parameters.AddWithValue("@current_password", Me.pd.Text.Trim)
cmd.Parameters.AddWithValue("@new_password", Me.pd.Tag.ToString)
cmd.ExecuteNonQuery()

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have this sql statement to update a column in access db from vb

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply