question

technette avatar image
technette asked

Command Text Syntax

I'm getting a syntax error near the 'MgrName' value that in the sql statement. How do you format the command text? Using cmd2 As SqlCommand = New SqlCommand("UPDATE DetalTable SET MgrName =" _ & MgrName & "Where EmployeeID=" & EmpDeptID, conn2)
sql-server-2005ado.net
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Magnus Ahlkvist avatar image
Magnus Ahlkvist answered
You haven't put the value inside single quotes (I'm guessing it's a string value). But I would also recommend you using SqlParameter object instead of using your string handling, in order to avoid SQL Injection. Like this: Using cmd2 as SqlCommand = New SqlCommand( _ "UPDATE DetalTable SET MgrName =@MgrName Where EmployeeID=@EmpDeptID", conn2) cmd2.Parameters.AddWithValue("@MgrName",MgrName) cmd2.Parameters.AddWithValue("@EmpDeptID", EmpDeptID)
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

technette avatar image technette commented ·
Thank you very much. Saved alot of time trying to figure this one out.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.