Unable to query MS Access database: "Syntax error (missing operator) in query expression"

Question

private void button3_Click(object sender, EventArgs e)
    {
        if (textBox2.Text != "" & listBox1.SelectedIndex != -1)
        {
            string q = "update info set name='" + textBox2.Text.ToString() + "' where id " + listBox1.SelectedItem.ToString();
            dosomething(q);
            textBox2.Text = "";


        }
    }
private void dosomething(String q)
    {
        try {
            cn.Open();
            cmd.CommandText = q;
            cmd.ExecuteNonQuery();
            cn.Close();
            loaddata();

        }

Whenever I try to update a data from MS Access using my program I get this error:

Is there something wrong with my code?

warning you are introducing sql injection attacks!

Daniel A. White
– Daniel A. White

2015-09-26 13:14:03 +00:00
Commented Sep 26, 2015 at 13:14 — Daniel A. White
– Daniel A. White, Commented Sep 26, 2015 at 13:14

thewisegod · Accepted Answer · 2015-09-26 12:58:57Z

1

You need an operator between id " + listBox1.SelectedItem.ToString();. So:

id = " + listBox1.SelectedItem.ToString();

or whatever operator you want to use like >, >=, etc...

Also you have:

string q = "update info set name='" +

but it needs to be:

string q = "update info set name ='" +

notice I added a space between name and the = sign.

edited Sep 26, 2015 at 12:58

answered Sep 26, 2015 at 12:53

thewisegod

1,5421 gold badge10 silver badges11 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Unable to query MS Access database: "Syntax error (missing operator) in query expression"

1 Answer 1

Comments

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Related