Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SQL statement error

Status
Not open for further replies.
brd24gor

brd24gor

MIS
May 18, 2005
123
US
This one has me baffled. I have the following code for resetting a password:
Code: 
			using(PasswordReset resetter = new PasswordReset())
			{
				if(resetter.ShowDialog() == DialogResult.OK)
				{
					string sql = "UPDATE Users SET Password = '" + resetter.Password + "' WHERE " +
						"User_ID = '" + userList.SelectedItems[userList.SelectedItems.Count-1] + "'";
					OleDbCommand passwordCommand = new OleDbCommand(sql, aLib.SQLConnection);
					passwordCommand.ExecuteNonQuery();
					passwordCommand.Dispose();
					MessageBox.Show("Password updated successfully!");
				}

resetter is just a form with two textboxes that get a password and a confirm password. When I call my ExecuteNonQuery(), I get an error stating I have a syntax error in my UPDATE statement. I have copied and pasted the manufactured string into Access (the database I'm using), and it runs fine.

Any ideas?
--Brad
 
Sort by date Sort by votes
I think you should add ToString() for the pwd/user fields since there are returned "object" objects:
Code: 
                   string sql = "UPDATE Users SET Password = '" + resetter.Password.ToString() + "' WHERE " +
                        "User_ID = '" + userList.SelectedItems[userList.SelectedItems.Count-1].ToString() + "'";
obislavu
 
Upvote 0 Downvote
No dice. Still get the same error. Any other ideas?

--Brad
 
Upvote 0 Downvote
Found the problem. 'Password' is a reserved SQL word so is has to be in [ ] brackets to be used.
Code: 
string sql = "UPDATE Users SET [Password] = '" + resetter.Password.ToString() + "' WHERE " + "User_ID = '" + userList.SelectedItems[userList.SelectedItems.Count-1].ToString() + "'";

Thanks anyway,
--Brad
 
Upvote 0 Downvote



if(resetter.ShowDialog() == DialogResult.OK)
{
string sUserId =userList.SelectedItems[userList.SelectedItems.Count-1].ToString() ;


string sql = "UPDATE Users SET Password = '" + resetter.Password + "' WHERE User_ID ='" +
+ sUserId + "'";

OleDbCommand passwordCommand = new OleDbCommand(sql, aLib.SQLConnection);
passwordCommand.ExecuteNonQuery();
passwordCommand.Dispose();
MessageBox.Show("Password updated successfully!");
}

 
Upvote 0 Downvote
chmohan,

That wouldn't have made any difference. As posted above, it was the 'Password' field in SET part of the SQL that was causing the problem. When a keyword is the same name as the field, it needs to be put into [square brackets]. I can legally put the string you have stored in sUserId into my SQL as I did above.

Thanks for the input,
--Brad
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

diembi
  • Locked
  • Question
sql server script error
Replies
0
Views
1K
diembi
diembi
NoCoolHandle
  • Locked
  • Question
working with SQL "FOR JSON AUTO
Replies
2
Views
1K
NoCoolHandle
NoCoolHandle
IlyaRabyy
  • Locked
  • Question
Error creating Regular Expression Validator control 1
Replies
2
Views
550
IlyaRabyy
IlyaRabyy
ahmedsa2018
  • Locked
  • Question
Error object reference not set to an instance of an object
Replies
1
Views
624
ahmedsa2018
ahmedsa2018
IlyaRabyy
  • Locked
  • Question
"Server Error in '/' Application. Keyword not supported: 'provider'."
Replies
1
Views
528
IlyaRabyy
IlyaRabyy

Part and Inventory Search

Sponsor

Back
Top