anyone help with this?

I have a unique id on each line of sql, i want to be able to update a row from a table i tested and tested this but unable to get this working. does anyone know how i am able to do this?

Dim PINV As String
    PINV = Me.txtPassword.Text

       Dim con As New SqlConnection
        Dim cmd As New SqlCommand
        Try
            con.ConnectionString = "Data Source=10.10.0.25;Initial Catalog=RConditions;Persist Security Info=True;User ID=mbish;Password=mbish"
            con.Open()
            cmd.Connection = con
            cmd.CommandText = "update Settings SET pin =" & PINV & "where Company = '1')"
 
            cmd.ExecuteNonQuery()
        Catch ex As Exception
            MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
        Finally
            con.Close()
        End Try

        MsgBox("Pin Saved")

    
    End Sub
cmd.CommandText = "update Settings SET pin = '" & PINV & "' where Company = '1')"

You should really use parameters:

cmd.CommandText = "update Settings SET pin = @Pinv where Company = @Company)"
        cmd.Parameters.AddWithValue("@Pinv", PINV)
        cmd.Parameters.AddWithValue("@Company", 1)

sorry this still not working thanks for your help.

Dim PINV As String
       

        PINV = txtSysPassword.Text


        Dim con As New SqlConnection
        Dim cmd As New SqlCommand
        Try
            con.ConnectionString = "Data Source=10.10.0.25;Initial Catalog=RConditions;Persist Security Info=True;User ID=mbish;Password=mbish"
            con.Open()
            cmd.Connection = con
            cmd.CommandText = "update Settings SET pin = @PinV where Company = @Company)"
            cmd.Parameters.AddWithValue("@PinV", PINV)
            cmd.Parameters.AddWithValue("@Company", 1)
 
            cmd.ExecuteNonQuery()
        Catch ex As Exception
            MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
        Finally
            con.Close()
        End Try

        MsgBox("Pin Saved")
Attachments Picture1.jpg 99.99 KB

Heres an example of why to use parameters.

If you set the PINV string to

PINV = "anything' where 1 = 1 ----"

would update every record in the table to anything if you used the following CommandText:

cmd.CommandText = "update Settings SET pin = '" & PINV & "' where Company = '1')"

Edited 6 Years Ago by Unhnd_Exception: n/a

Get rid of the ) at the end of your sql statement

Sorry about the )

I must have hit a key before copying it.

This question has already been answered. Start a new discussion instead.