user594849
Reputation: 141
SQL Command error: "incorrect syntax near AND"
whats wrong in this query showing error ... incorrect syntax near AND
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim cmd As New Data.SqlClient.SqlCommand
Dim con As New Data.SqlClient.SqlConnection(constr)
Try
Dim strSql As String = "UPDATE hotels SET city = '" & TextBox1.Text & "' AND hotel = '" & TextBox2.Text & "' AND location = '" & TextBox3.Text & "' AND price = '" & TextBox4.Text & "' AND category = '" & Rating1.CurrentRating & "' AND short = '" & TextBox6.Text & "' AND details = '" & Editor1.Content & "' WHERE hotelid ='" & Request.QueryString("hotelid") & "'"
'------------"
con.Open()
cmd.Connection = con
cmd.CommandText = strSql
cmd.ExecuteNonQuery()
Catch ex As Exception
Response.Write(ex.Message)
Finally
cmd.Dispose()
con.Dispose()
End Try
End Sub
Upvotes: 0
Views: 131
Answers (3)
immutabl
Reputation: 6903
I don't think you need all those ANDs, use commas...
Incidentally
- using
string.Formator, better still Parameterised Queries or Stored Procedures is better than all this fiddly joining of strings.
Dim strSql As String
strSql = "UPDATE hotels SET city = '{0}', hotel = '{1}', location = '{2}', price = '{3}', category = '{4}', short = '{5}', details = '{6}' WHERE hotelid ='{7}'"
strSql = String.Format(strSql, ,TextBox1.Text.Trim(), TextBox2.Text.Trim(), TextBox3.Text.Trim(), TextBox4.Text.Trim(), Rating1.CurrentRating, TextBox6.Text,Editor1.Content,Request.QueryString("hotelid"))
- Its good practice to call
Trim()on text values from user-input data. This way you won't end up with pesky spaces in arguments/parameters.
Upvotes: 0
EKS
Reputation: 5623
You also need validate the input in the textboxes so ppl dont du injection exploits against you.
Upvotes: 0
Nirmal
Reputation: 1245
Dim strSql As String = "UPDATE hotels SET city = '" & TextBox1.Text & "' , hotel = '" & TextBox2.Text & "' , location = '" & TextBox3.Text & "' , price = '" & TextBox4.Text & "' , category = '" & Rating1.CurrentRating & "' , short = '" & TextBox6.Text & "' , details = '" & Editor1.Content & "' WHERE hotelid ='" & Request.QueryString("hotelid") & "'"
Try this
Upvotes: 2
Related Questions
- Syntax error (missing operator) in query
- SQL command error Incorrect Syntax near 'and'
- How to solve incorrect syntax in sql
- SQL error: "Incorrect syntax near AND"
- getting error when trying to execute an Sql command
- SqlException: Incorrect syntax near the keyword 'AND'
- sql syntax error in vb.net
- Syntax error in SQL query
- Sql Command Error (Asp.net)
- SQL ASP.NET [Sql Command error]