Start by fixing the
SQL Injection[
^] vulnerability in your code.
Also, there's no point updating the
USERNAME
column to the same value, so you can remove that part of the query.
You'll also need to wrap the
PASSWORD
column in square brackets (ie:
[PASSWORD]
), as it's a reserved word in Access.
Sub gantiid()
sql = "update USERLIST set [PASSWORD] = ? where USERNAME = ?"
kns.Open()
da.UpdateCommand = New OleDbCommand(sql, kns)
da.UpdateCommand.Parameters.AddWithValue("p0", renew.Text)
da.UpdateCommand.Parameters.AddWithValue("p1", LOGIN.USERNAME.Text)
da.UpdateCommand.ExecuteNonQuery()
kns.Close()
End Sub
Once you've fixed that, you then need to review your password storage. You're currently storing passwords in plain-text, which is a really bad idea. You should be storing a salted hash of the password - see:
Salted Password Hashing - Doing it Right[
^]