-1 
sql = "Update tblUserAccount set username = '" & txtUsername.Text & "', password = '" & txtPassword.Text & "', AccessLevel = '" & cmbAccessLevel.Text & "', Attempts = '" & txtAttempts.Text & "', AccountStatus = '" & cmbAccountStatus.Text & "' where ID = '" & txtID.Text & "'"
cmd = New OleDbCommand(sql, cn)
cmd.ExecuteNonQuery()

The sql query works on Ms Access, but when I tried to run it in visual studio 2022 I receive this error code.

Improve this question
6
  • Can you put a breakpoint and show us an example of a fully constructed SQL statement? Your error may be within the text values such as unescaped single quotes like in the name O'brian. Commented Oct 9, 2024 at 13:03
  • 1
    "The sql query works on Ms Access" - That's an assumption, not an observation. What you're showing us is not a SQL query. It's code used to create a SQL query. You are currently assuming that code is doing what you expect and that all of the values used are what you expect. This assumption is likely to be false. Your first debugging step should be to observe the actual resulting SQL query being executed. It has a syntax error. Commented Oct 9, 2024 at 13:03
  • 3
    This is probably also a great time for you to start using parameterized queries. What you're showing here is wide open to SQL injection, which is very likely to be the cause of the error. Commented Oct 9, 2024 at 13:05
  • 1
    where ID = '" & txtID.Text & "'" ID is going into single quotes. Is it numeric? Commented Oct 9, 2024 at 14:27
  • 3
    Bracket the password field name ... [password] ... or rename that field to something else. See more details here. Commented Oct 9, 2024 at 14:55

1 Answer 1

Reset to default
1

Your code to construct the SQL statement appears valid.

sql = 
"
Update tblUserAccount 
set username  = '" & txtUsername.Text      & "', 
password      = '" & txtPassword.Text      & "', 
AccessLevel   = '" & cmbAccessLevel.Text   & "', 
Attempts      = '" & txtAttempts.Text      & "', 
AccountStatus = '" & cmbAccountStatus.Text & "' 
where ID      = '" & txtID.Text            & "'
"

The only way the resulting SQL statement could cause the error is if your data contains invalid characters. One way to avoid this is to use parameters. See Adding Parameters to OleDBConnection

sql = "UPDATE tblUserAccount SET
username      = @Username, 
password      = @Password, 
AccessLevel   = @AccessLevel, 
Attempts      = @Attempts, 
AccountStatus = @AccountStatus
WHERE ID      = @ID" 

Using cmd As New OleDb.OleDbCommand(sql, cn)
  cmd.Parameters.AddWithValue("@Username", txtUsername.Text)
  cmd.Parameters.AddWithValue("@Password", txtPassword.Text)
  cmd.Parameters.AddWithValue("@AccessLevel", cmbAccessLevel.Text)
  cmd.Parameters.AddWithValue("@Attempts", txtAttempts.Text)
  cmd.Parameters.AddWithValue("@AccountStatus", cmbAccountStatus.Text)
  cmd.Parameters.AddWithValue("@ID", txtID.Text)

  cmd.ExecuteNonQuery()
End Using 'cmd
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.