解决更新查询中的错误

Question

我有引发错误的代码 - 我需要你的帮助来解决它。

的错误是

语法错误在更新语句

我的代码：

Try 
    Dim conn As OleDbConnection = New OleDbConnection(My.Resources.ConnectionString) 
    Dim cmd As OleDbCommand 

    conn.Open() 

    Dim Sql As String = "select * from Administretor" 
    cmd = New OleDbCommand(Sql, conn) 

    Dim userE, userR As String 
    userE = txtOldPass.Text 

    Dim reder As OleDbDataReader = cmd.ExecuteReader() 

    While reder.Read() 
     userR = reder.Item(0) 
    End While 

    If userE = userR Then 
     If txtNewPass.Text = txtNewConfromPass.Text And txtNewConfromPass.Text <> "" And txtNewPass.Text <> "" Then 
      Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & "" 

      Dim cmd0 As OleDbCommand = New OleDbCommand(Sql, conn) 
      cmd0.ExecuteNonQuery() 
     Else 
      MsgBox("Make sure that you have entered new password in both text Box and they both are same...!") 
     End If 
    Else 
     MsgBox("Enter the correct Username") 
    End If 

    MsgBox("Done 2") 
Catch ex As OleDbException 
    MsgBox(ex.Message) 
End Try 

Answer 1

在这一部分中，
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where ...

的密码会我在它之前有一个单一的报价，之后没有单一的报价。

将其更改为：
"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & "' where ...
注意这里额外的单引号---------------------------- ------------^

Answer 2

两个错误

"UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & "" 
                 ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
                  |     | 
           Missing single quote here---+     | 
                       | 
    LogIn_Id will never equal the old password--------------------------------+ 

但除了简单的语法错误，你从构建SQL出件，包括用户的输入有一个巨大的SQL注入漏洞。

Answer 3

添加这句法：

Sql = "UPDATE Administretor SET PASSWORD='" & txtNewPass.Text & " where LogIn_id=" & txtOldPass.Text & "" 

Clipboard.SetText(Sql) 

查询会在你的剪贴板。在SQL上运行它（无论您使用哪种方式），然后查看查询是否顺利运行？

请向我们展示查询生成功能以及从SQL直接运行时产生的错误。