解決更新查詢中的錯誤

Question

我有引發錯誤的代碼 - 我需要你的幫助來解決它。

的錯誤是

語法錯誤在更新語句

我的代碼：

Try 
    Dim conn As OleDbConnection = New OleDbConnection(My.Resources.ConnectionString) 
    Dim cmd As OleDbCommand 

    conn.Open() 

    Dim Sql As String = "select * from Administretor" 
    cmd = New OleDbCommand(Sql, conn) 

    Dim userE, userR As String 
    userE = txtOldPass.Text 

    Dim reder As OleDbDataReader = cmd.ExecuteReader() 

    While reder.Read() 
     userR = reder.Item(0) 
    End While 

    If userE = userR Then 
     If txtNewPass.Text = txtNewConfromPass.Text And txtNewConfromPass.Text <> "" And txtNewPass.Text <> "" Then 
      Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & "" 

      Dim cmd0 As OleDbCommand = New OleDbCommand(Sql, conn) 
      cmd0.ExecuteNonQuery() 
     Else 
      MsgBox("Make sure that you have entered new password in both text Box and they both are same...!") 
     End If 
    Else 
     MsgBox("Enter the correct Username") 
    End If 

    MsgBox("Done 2") 
Catch ex As OleDbException 
    MsgBox(ex.Message) 
End Try 

Answer 1

在這一部分中，
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where ...

的密碼會我在它之前有一個單一的報價，之後沒有單一的報價。

將其更改爲：
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & "' where ...
注意這裏額外的單引號---------------------------- ------------^

Answer 2

兩個錯誤

"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & "" 
                 ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
                  |     | 
           Missing single quote here---+     | 
                       | 
    LogIn_Id will never equal the old password--------------------------------+ 

但除了簡單的語法錯誤，你從構建SQL出件，包括用戶的輸入有一個巨大的SQL注入漏洞。

Answer 3

添加這句法：

Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & "" 

Clipboard.SetText(Sql) 

查詢會在你的剪貼板。在SQL上運行它（無論您使用哪種方式），然後查看查詢是否順利運行？

請向我們展示查詢生成功能以及從SQL直接運行時產生的錯誤。