-1

I'm trying to execute below query but error occur like

Syntax error (missing operator) in query expression 9 ORDER BY empSalary.ID DESC.

cmd.CommandText = "UPDATE EmpSalary SET emp_Advance=" & TextBox7.Text & ",emp_salary=" & TextBox4.Text & " ORDER BY empSalary.ID DESC"
Improve this question
5
  • possible duplicate of http://stackoverflow.com/questions/21928185/syntax-error-in-query-expression Commented Jun 6, 2015 at 10:53
  • Are you sure you can use ORDER BY on UPDATE query? Commented Jun 6, 2015 at 10:54
  • UPDATE EmpSalary SET emp_Advance=" & TextBox7.Text & ",emp_salary=" & TextBox4.Text WHERE <where clause> Commented Jun 6, 2015 at 10:57
  • What is the value present in the TextBox4.Text? if it is something like 1,2345.56 then stop here and read about parameterized queries. By the way, ORDER BY in an UPDATE query has no meanings. And beware, without a WHERE clause this command (when you manage to make it work) will update all the records in the table Commented Jun 6, 2015 at 11:05
  • stackoverflow.com/questions/542510/… Commented Jun 6, 2015 at 12:41

1 Answer 1

Reset to default
0

First, you should never concatenate strings directly to your sql. This is a security risk. Google sql injection. Instead, you should use parameterized queries or stored procedures.

Second, the oreder by part has no meaning in this type of query, and perhaps is the reason you get this exception.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.