2

im getting error where "Syntax error in string in query EXPRESSION 'Username = user' i think the problem is in "me.Username.tag" but im stuck.

conn = New OleDbConnection(Get_Constring)
        conn.Open()
        cmd.Connection = conn
        cmd.CommandType = CommandType.Text
        cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag

        dr = cmd.ExecuteReader
        If dr.HasRows Then
            While dr.Read
                Me.txtusername.Tag = dr("Username")
                Me.txtfname.Text = IIf(Not IsDBNull(dr("fname")), dr("fname"), "")
                Me.txtlname.Text = IIf(Not IsDBNull(dr("lname")), dr("lname"), "")
                Me.txtinitial.Text = IIf(Not IsDBNull(dr("mname")), dr("mname"), "")
                Me.txtpassword.Text = IIf(Not IsDBNull(dr("password")), dr("password"), "")
                Me.lbllevel.Text = IIf(Not IsDBNull(dr("level")), dr("level"), "")
                Me.txtusername.Text = IIf(Not IsDBNull(dr("Username")), dr("Username"), "")
                Me.cmbquestion.Text = IIf(Not IsDBNull(dr("Question")), dr("Question"), "")
                Me.txtanswer.Text = IIf(Not IsDBNull(dr("answer")), dr("answer"), "")
            End While
        End If
Improve this question

3 Answers 3

Reset to default
3

You didn't close your quotes in the query:

where Username= '" & Me.txtusername.Tag

should be:

where Username= '" & Me.txtusername.Tag & "'"

Important: Your code is potentially vulnerable to SQL injection attacks. Please use parameterized queries. Something like this:

cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= @username"
Dim parameter As New SqlParameter()
parameter.ParameterName = "@username"
parameter.SqlDbType = SqlDbType.NVarChar
parameter.Value = Me.txtusername.Tag
cmd.Parameters.Add(parameter);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

I think the problem is you are not closing the single quote.

Try with this:

cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag & "'"
Improve this answer

1 Comment

my bad, so simple, its been 2 days practicing code in vb.net thats why. :D thank you so much :)
1

you have not closed the single quote which is opened at the end of the query

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.