By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,524 Members | 1,593 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,524 IT Pros & Developers. It's quick & easy.

Syntax error in INSERT INTO statement

P: 1
Expand|Select|Wrap|Line Numbers
  1. If TxtName2.Text = "" Then
  2.             MsgBox("please give a Folder Name")
  3.             Exit Sub
  4.  
  5.         Else
  6.             qry1 = "insert into soft (Folderneym"
  7.             qry2 = ") values ( " & TxtName2.Text & "'"
  8.         End If
--> what could be the problem with this code? I erased a double quote, and spaces but it all appears to have DATABASE ERROR, either its a (missing operator) in query expression or an error in string in query..please help asap.. thank you very much. Godbless
Jun 29 '12 #1
Share this Question
Share on Google+
2 Replies


Rabbit
Expert Mod 10K+
P: 12,382
Please use code tags when posting code.

If it's a text field, then you will need to surround the value in quotes. You're also missing your closing parenthesis.
Jun 29 '12 #2

PsychoCoder
Expert Mod 100+
P: 465
Just for reference, you want to use Parametrized queries, otherwise you're opening yourself up to Sql Injection attacks.

Given that here's an example of using SqlParameterCollection.AddWithValue

Expand|Select|Wrap|Line Numbers
  1. Public Function LoginToSystemParameterized(un As String, pwd As String) As Boolean
  2.     Dim count As Integer = 0
  3.     Using conn = New SqlConnection("YourConnectionStringHere")
  4.         Dim sql As String = "SELECT COUNT(userId) FROM users WHERE userName = @username AND password = @password"
  5.         Using cmd = New SqlCommand(sql, conn)
  6.             conn.Open()
  7.             cmd.CommandType = System.Data.CommandType.Text
  8.             'now add our parameters
  9.             cmd.Parameters.AddWithValue("@username", un)
  10.          cmd.Parameters.AddWithValue("@password", pwd)
  11.             count = Convert.ToInteger(cmd.ExecuteScalar())
  12.         End Using
  13.     End Using
  14.  
  15.     Return If(count > 0, True, False)
  16. End Function
Jun 30 '12 #3

Post your reply

Sign in to post your reply or Sign up for a free account.