Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Home User: Win 7(64 bit) VBExpress 2010: Parsing Error


Home User: Win 7(64 bit) VBExpress 2010: Parsing Error

Author
Message
kenkob
kenkob
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 64
The following error is reported when I attempt to edit a record and then click on save to save the changes:

There was an error parsing the query. [Token line number = 1, Token line ofset = 38, Token in error = /]

This is the button Save code:

Private Sub btnSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSave.Click
Select Case state
Case "n"
If txtFName.Text = "" Then
MsgBox("Name Cannot be null", , "My Telephone Book")
Else
Try
Using conn = New SqlCeConnection(connString)
Using cmd = New SqlCeCommand
cmd.Connection = conn
cmd.CommandText = "INSERT INTO Persons (" & _
"Fullname, " &
"DoB, " &
"DoM, " &
"MPhone, " &
"EMail, " &
"Notes, " &
"AddressID) " &
"VALUES " &
"(?,?,?,?,?,?,?)"
With cmd.Parameters.Add("FullName", Me.txtFName.Text)
cmd.Parameters.Add("DoB", Me.dtpDoB.Value)
cmd.Parameters.Add("Dom", Me.dtpDoM.Value)
cmd.Parameters.Add("MPhone", Me.txtMPhone.Text)
cmd.Parameters.Add("EMail", Me.txtEMail.Text)
cmd.Parameters.Add("Notes", Me.txtNotes.Text)
cmd.Parameters.Add("AddressID", Me.txtAddressID.Text)
End With
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
MsgBox("Record Saved", , "My Telephone Book")
Catch sqlex As SqlCeException
Dim sqlError As SqlCeError
For Each sqlError In sqlex.Errors
MessageBox.Show(sqlError.Message)
Next
Catch ex As Exception
MsgBox("Error Saving Record", , "My Telephone Book")
Finally
conn.Close()
End Try
End If

Case "u"
If txtFName.Text = "" Then
MsgBox("Full Name cannot be empty", "My Telephone Book")
Else
Try
conn.Open()
Dim cmd As SqlCeCommand = conn.CreateCommand
'This is I believe is the Error line below
cmd.CommandText = "UPDATE Persons SET FullName" & txtFName.Text &
"DoB" & dtpDoB.Value &
"DoM" & dtpDoM.Value &
"MPhone" & txtMPhone.Text &
"EMail" & txtEMail.Text &
"Notes" & txtNotes.Text &
"FROM Persons WHERE PersonID = " & lstPersonID.Text
cmd.ExecuteNonQuery()
MsgBox("Record Updated", , "My Telephone Book")
conn.Close()
Call FillList()
Catch sqlex As SqlCeException
Dim sqlError As SqlCeError
For Each sqlError In sqlex.Errors
MessageBox.Show(sqlError.Message)
Next
Catch ex As Exception
'MsgBox("Error Updating Record", , "My Telephone Book")
MessageBox.Show(ex.Message)
Finally
conn.Close()
End Try
End If
End Select
sql = "SELECT * FROM Persons ORDER BY FullName"
Call FillList()
txtFind.Clear()
txtFName.Focus()
End Sub

Any help will be greatly appreciated as i've spent all day attempting to resolve this error.
Jack Corbett
  Jack Corbett
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11022 Visits: 14858
I'm going to make a couple of comments.

1. Concatenating text to create a SQL Statement in the application leaves your application vulnerable to SQL Injection. You should search for SQL Injection and code to avoid it.
2. In your UPDATE statement you need to do "SET column = " and I don't see any "=" signs in the UPDATE.
3. You also need to make sure you are wrapping string values in single-quotes so your code should be like this:
SQL = "Update table SET column = '" & control.Text & "' WHERE ID=" & IDControl.Text


I'm assuming the ID column is a numeric column.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
kenkob
kenkob
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 64
T.hank you kindly for your response, Yes, the "ID" field is numeric. I will read up on SQL Injection.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search