VB.NET - syntax error in update statement - Asked By rahul krishna on 07-Aug-13 08:15 AM

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        connect()
        con.Open()
        cmd = New OleDbCommand("update a set password='" & TextBox4.Text & "' where username='" & TextBox1.Text & "'", con)



        cmd.ExecuteNonQuery()


        MsgBox("updated")
        con.Close()
    End Sub
this is my code here why it is showing syntax error the error details are below
System.Data.OleDb.OleDbException was unhandled
  ErrorCode=-2147217900
  Message="Syntax error in UPDATE statement."
  Source="Microsoft Office Access Database Engine"
  StackTrace:
       at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)
       at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult)
       at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult)
       at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult)
       at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)
       at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()
       at WindowsApplication11.Form2.Button1_Click(Object sender, EventArgs e) in C:\Users\rathikumar\Desktop\vb.nt\WindowsApplication11\WindowsApplication11\Form2.vb:line 15
       at System.Windows.Forms.Control.OnClick(EventArgs e)
       at System.Windows.Forms.Button.OnClick(EventArgs e)
       at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
       at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ButtonBase.WndProc(Message& m)
       at System.Windows.Forms.Button.WndProc(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
       at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
       at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Int32 dwComponentID, Int32 reason, Int32 pvLoopData)
       at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
       at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
       at System.Windows.Forms.Application.Run(ApplicationContext context)
       at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
       at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
       at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)
       at WindowsApplication11.My.MyApplication.Main(String[] Args) in 17d14f5c-a337-4978-8281-53493378c1071.vb:line 81
       at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException: 

pls send me reply soon
Robbe Morris replied to rahul krishna on 07-Aug-13 09:44 AM
I suspect "password is a keyword in Microsoft Access.  In SQL Server, you'd surround it with brackets.  By the way, your code is WIDE OPEN to sql injection attacks.  I wouldn't use this coding technique on anything that is important in your company.

"update a set [password]='" & TextBox4.Text & "' where username='" & TextBox1.Text & "'"
rahul krishna replied to Robbe Morris on 10-Aug-13 05:22 AM
thank you very much sir its working
rahul krishna replied to rahul krishna on 11-Mar-14 12:57 AM
hi sir ,
good morning ,am creating one software for point of sale system using vb.net and ms access 2010 ,in that i want to keep one separate button for backup facility,i have tried so many types of   coding its working when it is a project when i make as a exe file it is not working can u help me please am awaiting for ur reply