hai! I am new to visual studio 2010. I am trying to develop a miniproject related on atm.
But I have syntax error(missing operator) in query expression on 'Accountnumber=and PIN='. are you help me to correct this error? My coding is,

op = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = F:\atm1.mdb")
op.Open()
cd = New OleDbCommand("select * from Table1 where Accountnumber=" + TextBox1.Text + "and PIN=" + TextBox2.Text + " ", op) dr = cd.ExecuteReader()

Add blank (space) between two verbs.

Here is an issue: TextBox1.Text + "and PIN="

Never use hardcoded sql string. Use Parameterized query to prevent SQL Injection. (Just Googled the SQL Injection).

op = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = F:\atm1.mdb")
cd = New OleDbCommand("select * from Table1 where Accountnumber=@acno and PIN=@pin",op)
cd.Parameters.AddWithValue("@acno", TextBox1.Text)
cd.Parameters.AddWithValue("@pin",TextBox2.Text)

op.Open()
Dim dr as OleDbDataReader=cd.ExecuteReader()
...
dr.Close()
op.Close()
"SELECT * FROM Table1 WHERE Accountnumber=" & TextBox1.Text & " AND PIN=" & TextBox2.Text & ""

Assuming that account number and pin is ONLY an integer (number) and contains no text... If it does contain text ....

"SELECT * FROM Table1 WHERE Accountnumber='" & TextBox1.Text & "' AND PIN='" & TextBox2.Text & "'"

Edited 4 Years Ago by AndreRet

This article has been dead for over six months. Start a new discussion instead.