Click here to Skip to main content
15,887,135 members
Search within:


I have some problem here about syntax update error
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
VB
VB10
Dim sqlupdate As String = "Update datasiswa set Name='" & TextBox2.Text & "', Alamat='" & TextBox3.Text & "', Kota='" & ComboBox1.Text & "', Provinsi='" & ComboBox2.Text & "', Jenis Kelamin='" & ComboBox3.Text & "', Umur='" & TextBox4.Text & "', Jurusan='" & ComboBox4.Text & "', Kelas='" & TextBox5.Text & "', where NIS='" & TextBox1.Text & "'"
cmd = New OleDbCommand(sqlupdate, conn)
cmd.ExecuteNonQuery()
Call Tampil()
End If
End If
End Sub

What I have tried:

i've tried checking but still same error please help me
Posted
Updated 15-Dec-18 0:21am
Add a Solution

2 solutions

Yeah, that massive pile of string concatenation is why you're having a problem and you've also opened yourself up to having your database completely destroyed by an SQL Injection attack.

Google for "SQL Injection" to find out why what you're doing is so bad.

Then Google for "VB.NET sql parameterized queries" to find out how to fix this. It will also have the effect of fixing your UPDATE statement problem and make your code far easier to debug and support.

To start, this abomination:
"Update datasiswa set Name='" & TextBox2.Text & "', Alamat='" & TextBox3.Text & "', Kota='" & ComboBox1.Text & "', Provinsi='" & ComboBox2.Text & "', Jenis Kelamin='" & ComboBox3.Text & "', Umur='" & TextBox4.Text & "', Jurusan='" & ComboBox4.Text & "', Kelas='" & TextBox5.Text & "', where NIS='" & TextBox1.Text & "'"

becomes this:
"UPDATE datasiswa SET Name=@Name, Alamat=@Alamat, Kota=@Kota, Provinsi=@Provinsi, [Jenis Kelamin]=@Jenis, Umur=@Umur, Jurusan=@Jurusan, Kelas=@Kelas WHERE NIS=@NIS"

Oh, and it's not a good idea to have spaces in table and column names. If you do, they much be enclosed in square brackets. Just avoid putting the spaces in there to begin with and make your life easier.
 
Share this answer
 
Posted
VB
Dim sqlupdate As String = "Update datasiswa set Name='" & TextBox2.Text & "', Alamat='" & TextBox3.Text & "', Kota='" & ComboBox1.Text & "', Provinsi='" & ComboBox2.Text & "', Jenis Kelamin='" & ComboBox3.Text & "', Umur='" & TextBox4.Text & "', Jurusan='" & ComboBox4.Text & "', Kelas='" & TextBox5.Text & "', where NIS='" & TextBox1.Text & "'"

Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
i have problem in update:syntax error
Update excel : syntax error in UPDATE statement
Problem with wordpress database error: [you have an error in your SQL syntax;
Syntax error in UPDATE statement
syntax error in update statement
Syntax error in update statement
Syntax error in UPDATE statement
Parse error: syntax error, unexpected '? ' tell me ans
You have an error in your SQL syntax; check the manual that corresponds to your mariadb server version for the right syntax to use near .. At line 1
It say's you have an error in your SQL syntax

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Dec 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900