-1

I'm trying to execute below query but error occur like

Syntax error (missing operator) in query expression 9 ORDER BY empSalary.ID DESC.

cmd.CommandText = "UPDATE EmpSalary SET emp_Advance=" & TextBox7.Text & ",emp_salary=" & TextBox4.Text & " ORDER BY empSalary.ID DESC"
Top Systems
  • 951
  • 12
  • 24
user3048626
  • 1
  • 1
  • possible duplicate of [http://stackoverflow.com/questions/21928185/syntax-error-in-query-expression](http://stackoverflow.com/questions/21928185/syntax-error-in-query-expression) – Mahadev Jun 06 '15 at 10:53
  • Are you sure you can use ORDER BY on UPDATE query? – Alessandro Da Rugna Jun 06 '15 at 10:54
  • `UPDATE EmpSalary SET emp_Advance=" & TextBox7.Text & ",emp_salary=" & TextBox4.Text WHERE ` – Mahadev Jun 06 '15 at 10:57
  • What is the value present in the TextBox4.Text? if it is something like 1,2345.56 then stop here and read about parameterized queries. By the way, ORDER BY in an UPDATE query has no meanings. And beware, without a WHERE clause this command (when you manage to make it work) will update all the records in the table – Steve Jun 06 '15 at 11:05
  • http://stackoverflow.com/questions/542510/how-do-i-create-a-parameterized-sql-query-why-should-i – Ňɏssa Pøngjǣrdenlarp Jun 06 '15 at 12:41

1 Answers1

0

First, you should never concatenate strings directly to your sql. This is a security risk. Google sql injection. Instead, you should use parameterized queries or stored procedures.

Second, the oreder by part has no meaning in this type of query, and perhaps is the reason you get this exception.

Zohar Peled
  • 79,642
  • 10
  • 69
  • 121