Never, ever, construct an SQL query like you do by concatenating string obtained from user inputs. This leaves your code wide open to SQL injection attacks. Better use parameterized queries instead. This subject is discussed daily here on CP so you will not have a hard time finding some more informations about it (search sql injection in qa, for example).
Moreover, about your SQL query, to delete a row in a table you do not need to specify a column name, a
DELETE
statement is not a
SELECT
statement.
Plus, to delete a row in table S1, you do not need any join to S2 either.
So, all this would resort to a block of code which would look like:
cmdDelete.CommandText = "Delete FROM student where student_id=@id;"
cmdDelete.Paramaters.AddWithValue("@id", txtsid.Text)
...
If
student_id
column is of integer type, you may have to write:
cmdDelete.CommandText = "Delete FROM student where student_id=@id;"
Dim id as Integer
If (integer.TryParse(txtsid.Text, out id) Then
cmdDelete.Paramaters.AddWithValue("@id", id)
Else
End If
instead.