Exception causing VB.NET code to not run properly

Question

I am getting an exception when I run the below VB.NET code to validate a user..The exception says that "Incorrect syntax near variable user"

Can anyone tell me where am I going wrong ?

      Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

    If TextBox1.Text.Trim().Length = 0 Or TextBox2.Text.Trim().Length = 0 Then
        MsgBox("Enter a user id and password")
        Return 'Terminate this method
    End If

    Dim myconnection As SqlConnection
    Dim mycommand As SqlCommand
    Dim dr As SqlDataReader
    Dim userid = TextBox1.Text
    Dim password = TextBox2.Text

    Try
        myconnection = New SqlConnection("server=PARTH- PC\SQLEXPRESS;uid=sa;pwd=parth;database=fcrit")

        myconnection.Open()
        mycommand = New SqlCommand("select * from user where [user id]=@userid and [password]=@password", myconnection)
        mycommand.Parameters.Add("@userid", SqlDbType.VarChar, 30).Value = userid
        mycommand.Parameters.Add("@password", SqlDbType.VarChar, 30).Value = password

        'mycommand = New SqlCommand("select * from user where user id='" & TextBox1.Text & "' and password='" & TextBox2.Text & "'", myconnection)
        dr = mycommand.ExecuteReader()

        If (dr IsNot Nothing) Then
            If (dr.Read()) Then
                MsgBox("User is authenticated")
                Form2.Show()
            Else
                MsgBox("Please enter correct username and password")
            End If
        End If
        myconnection.Close()
    Catch ex As Exception
        Throw

    Finally
    End Try
  End Sub

Guffa · Accepted Answer

User is a reserved word in SQL Server.

Put brackets around the table name:

mycommand = New SqlCommand("select * from [user] where [user id]=@userid and [password]=@password", myconnection)

Exception causing VB.NET code to not run properly

Answers (2)

Related Questions