Click here to Skip to main content
15,887,596 members
Search within:


'Syntax error in from clause.' VB.NET - access
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
VB
MS-Access
At first, when it showed this error
i did put [*FROM] before the From statement
e.g: ["Delete student_id *FROM student]

Still it doesn't work

Can someone pls help me on this

What I have tried:

VB
Private Sub btndelete_Click_1(sender As Object, e As EventArgs) Handles btndelete.Click
        cmdDelete.CommandText = "Delete [student_id] FROM student as S1 join payment as S2 on S1.student_id=S2.student_id where S1.student_id=(" + txtsid.Text + ");"
        cmdDelete.CommandType = CommandType.Text
        cmdDelete.Connection = cnnOLEDB
        cmdDelete.ExecuteNonQuery()
        MessageBox.Show("Are You Sure You Want To Delete?", "Deletion", MessageBoxButtons.YesNo, MessageBoxIcon.Question)
        If DialogResult.Yes Then
            UserHomepage.Show()
            Me.Hide()
        ElseIf DialogResult.No Then
            Me.Show()
            UserHomepage.Hide()
            lblname.Hide()
            txtsid.ResetText()
        End If
    End Sub
Posted
Updated 8-Jun-18 10:23am
v2
Add a Solution
Comments
MadMyche 8-Jun-18 17:26pm    
Please explain why the Payment table (S2) is being referenced; will help fix your coding issues
MC LENGDING 27 22-Sep-23 3:27am    
AN ERROR MESSAGE "SYNTAX ERROR FROM CLAUSE WHEN I WANT IT TO DISPLAY DATAFIEDS IN VB"HOW DO I GO ABOUT SOMEONE HELP

3 solutions

As the error says, your DELETE syntax is incorrect.

Your code is also vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

And you probably want to ask the user whether or not they want to delete the record BEFORE you actually delete the record! :)
VB.NET
cmdDelete.CommandText = "Delete student.* FROM student as S1 join payment as S2 on S1.student_id=S2.student_id where S1.student_id = ?"
cmdDelete.Parameters.AddWithValue("sid", txtsid.Text)

EDIT: As pointed out in solution 3, Access doesn't support joins in the DELETE statement:
DELETE Statement (Microsoft Access SQL)[^]
VB.NET
cmdDelete.CommandText = "DELETE * FROM student WHERE Exists(SELECT 1 FROM payment WHERE payment.student_id = student.student_id) And student_id = ?"
cmdDelete.Parameters.AddWithValue("sid", txtsid.Text)

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
 
Share this answer
 
Posted
Updated 9-Jun-18 4:10am
v3
Comments
Dave Kreskowiak 8-Jun-18 10:46am    
Umm... "DELETE student.* FROM ..."??

I don't do that much SQL, but shouldn't that be "DELETE FROM student ..."?

I don't even think that join would need to be there either.
Richard Deeming 8-Jun-18 10:47am    
In SQL it would be, but the OP was asking about MS Access, which is a strange beast. :)
MadMyche 8-Jun-18 11:42am    
Perhaps he only wants to delete the student if said student has paid....
Member 13864666 8-Jun-18 14:19pm    
In the 5th line, last word which is "sid"
Is it the column name in my database?
If its not may i know what is it?
And why is tht for?
Thanks
Richard Deeming 8-Jun-18 14:37pm    
"sid" is the parameter name.

The OLE DB commands don't support named parameters, so you just need to give it a unique name within the command, and make sure you add the parameters in the same sequence as the placeholder characters - ? - in the command text.
Never, ever, construct an SQL query like you do by concatenating string obtained from user inputs. This leaves your code wide open to SQL injection attacks. Better use parameterized queries instead. This subject is discussed daily here on CP so you will not have a hard time finding some more informations about it (search sql injection in qa, for example).

Moreover, about your SQL query, to delete a row in a table you do not need to specify a column name, a DELETE statement is not a SELECT statement.
Plus, to delete a row in table S1, you do not need any join to S2 either.
So, all this would resort to a block of code which would look like:
cmdDelete.CommandText = "Delete FROM student where student_id=@id;"
cmdDelete.Paramaters.AddWithValue("@id", txtsid.Text)
...

If student_id column is of integer type, you may have to write:
VB
cmdDelete.CommandText = "Delete FROM student where student_id=@id;"
Dim id as Integer
If (integer.TryParse(txtsid.Text, out id) Then
   cmdDelete.Paramaters.AddWithValue("@id", id)
Else
   '' Error: provided id was not a valid integer representation
End If

instead.
 
Share this answer
 
Posted
Comments
MadMyche 8-Jun-18 11:41am    
OleDB provider does not support named parameters.
Maciej Los 8-Jun-18 16:11pm    
MS Access database engine supports named parameters. Check to find out ;)
MadMyche 8-Jun-18 17:12pm    
Please cite your source for that; the documentation specifically says is does not
phil.o 8-Jun-18 12:51pm    
Yes, Access has a special syntax for query parameters. Please hae a look at solution 1 below, the correct syntax is indicated (using ? instead of named parameter).
As far as i know, MS Access does not support DELETE + JOIN. You have to change your sql command to below form:
SQL
DELETE Table1.*
FROM Table1
WHERE EXISTS( Select 1 From Table2 Where Table2.Name = Table1.Name )


But, when i did look on you query again, i think you need only:
SQL
DELETE
FROM student
WHERE student_id=?;
 
Share this answer
 
Posted
Comments
MadMyche 8-Jun-18 17:30pm    
Why aren't you using named parameters?
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 Jun 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900