1

I am trying to excute this sql query

Dim str As String = "UPDATE table1 SET " & _
            "number = '" & strc & "'," & _
            "code = '" & "123" & "'," & _
            "line= '" & dd1.text & "'," & _
            "sellr = '" & txtrun.text & "'," & _
            "endu= '" & txtex1.value+txtex2.value & "'" & _
             "WHERE number IN (select table1.number" & _
"FROM table1 INNER JOIN table2 ON table1.number = table2.number" & _
"WHERE ((table1.username)='" &  session("username") & "' AND (table1.pass)='" & session("pass") & "' AND (table2.sellnum)='" & session("sellnum") & "'));"

there is a Syntax error in query expression and this is te first time I am using nested subquery

all the field are getting String values

So if someone can tell me what is the right approach to write this query I will be very grateful

Improve this question
2
  • 1
    Your code is wide open to SQL Injection. You should use parameterized queries. Commented Sep 27, 2011 at 19:31
  • Agree Oded... Create a Stored Procedure which takes those parameters and does the update. Commented Sep 27, 2011 at 19:38

1 Answer 1

Reset to default
4

You're missing spaces after table1.number and table2.number fields in the subquery.

I don't know where you're using this query, but you might want to read about SQL injection. When you stick strings together to build SQL, your code may be vulnerable to malicious users who put SQL code into the fields of your application.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Another useful link on SQL injection: stackoverflow.com/questions/332365/…
Think SQL Injection may be an issue?
Thanks Don ,it working like charm! by the way isnt it enough if I check the user input (to prevent sql injection)?
Perhaps, @baaroz, but it's usually easier and more effective to use parameterized queries or stored procedures. They will do all the checking for you.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.