Incorrect Syntax near '=' vb.net

Asked Dec 23 '16 at 01:12

Active Dec 23 '16 at 17:30

Viewed 54 times

I'm getting this error on a query for SQL 2012 on vs 2013.

My query:

Try
    If ComboBox1.SelectedItem = ComboBox1.Items(1) Then
        Me.TextBox1.Focus()
        cmd = New SqlCommand("Select * From Table3 where NOMBRE = " & Me.txtNombre.Text & "", Conn)
        Conn.Open()
        dr = cmd.ExecuteReader
        If dr.Read Then
            Me.txtNombre.Text = dr("Nombre")
        Else
            MessageBox.Show("El Registro no existe", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information)
        End If
        Conn.Close()
    End If
Catch ex As Exception
    MessageBox.Show(ex.Message)
End Try

Can anybody help?, I would like and example, cause i'm a beginner

edited Dec 23 '16 at 17:30

asked Dec 23 '16 at 01:12

Mereszhka

1

My guess: You need single quotes around the term in your `WHERE` clause. But you should also use prepared statements to avoid SQL injection (which could easily happen with your current code). – Tim Biegeleisen Dec 23 '16 at 01:14
2

You need to [use parameters](http://stackoverflow.com/questions/11139791/). – Dour High Arch Dec 23 '16 at 02:00
1

As we've said a million times to every other question like this, **stop concatenating your SQL** and use parameterized queries, and all your problems like this will go away. – Ken White Dec 23 '16 at 17:35

Incorrect Syntax near '=' vb.net

0 Answers0