解决更新查询中的错误

时间:2016-07-31 02:58:02

标签: sql vb.net

我的代码会引发错误 - 我需要你的帮助来解决它。

错误是

  

更新语句中的语法错误

我的代码:

Try
    Dim conn As OleDbConnection = New OleDbConnection(My.Resources.ConnectionString)
    Dim cmd As OleDbCommand

    conn.Open()

    Dim Sql As String = "select * from Administretor"
    cmd = New OleDbCommand(Sql, conn)

    Dim userE, userR As String
    userE = txtOldPass.Text

    Dim reder As OleDbDataReader = cmd.ExecuteReader()

    While reder.Read()
        userR = reder.Item(0)
    End While

    If userE = userR Then
        If txtNewPass.Text = txtNewConfromPass.Text And txtNewConfromPass.Text <> "" And txtNewPass.Text <> "" Then
            Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""

            Dim cmd0 As OleDbCommand = New OleDbCommand(Sql, conn)
            cmd0.ExecuteNonQuery()
        Else
            MsgBox("Make sure that you have entered new password in both text Box and they both are same...!")
        End If
    Else
        MsgBox("Enter the correct Username")
    End If

    MsgBox("Done 2")
Catch ex As OleDbException
    MsgBox(ex.Message)
End Try

3 个答案:

答案 0 :(得分:1)

两个错误

"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""
                                                           ^      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                                                           |                  |
                               Missing single quote here---+                  |
                                                                              |
    LogIn_Id will never equal the old password--------------------------------+

但是除了简单的语法错误之外,您还会因构建SQL(包括用户输入)而产生巨大的SQL注入漏洞。

答案 1 :(得分:0)

在这部分中,
      "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where ...

密码在它之前会有一个单引号,之后没有单引号。

将其更改为:
      "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & "' where ...
请注意这里的额外单引号---------------------------------------- ^

答案 2 :(得分:0)

添加以下语法:

Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & ""

Clipboard.SetText(Sql)

查询将在您的剪贴板中。在SQL上运行它(无论你使用哪个),看看查询是否运行顺畅?

请向我们展示查询生成的内容以及直接从SQL运行时产生的错误。