Here is an example from QA - it's from a beginner (Oh Gawd, I hope he's a beginner and this isn't in production code)
cmd.CommandText = " UPDATE ALLUGTAMIL SET name='" & TextBox2.Text & "',dob='" & TextBox3.Text & "',depart='" & TextBox4.Text & "',p1='" & TextBox5.Text & "',p2='" & TextBox6.Text & "',p3='" & TextBox7.Text & "',p4='" & TextBox8.Text & "',p5='" & TextBox9.Text & "',p6='" & TextBox10.Text & "',p7='" & TextBox11.Text & "',p8='" & TextBox12.Text & "',p9='" & TextBox13.Text & "',p10='" & TextBox14.Text & "',p11='" & TextBox15.Text & "',p12='" & TextBox16.Text & "',p13='" & TextBox17.Text & "',p14='" & TextBox18.Text & "',p15='" & TextBox19.Text & "',p16='" & TextBox20.Text & "',p17='" & TextBox21.Text & "',im1='" & TextBox22.Text & "',ex1='" & TextBox23.Text & "',tot1='" & TextBox24.Text & "',res1='" & TextBox25.Text & "',im2='" & TextBox26.Text & "',em2='" & TextBox27.Text & "',tot2='" & TextBox28.Text & "',res2='" & TextBox29.Text & "',im3='" & TextBox30.Text & "',em3='" & TextBox31.Text & "',tot3='" & TextBox32.Text & "',res3='" & TextBox33.Text & "',im4='" & TextBox34.Text & "',em4='" & TextBox35.Text & "',tot4='" & TextBox36.Text & "',res4='" & TextBox37.Text & "',im5='" & TextBox38.Text & "',em5='" & TextBox39.Text & "',tot5='" & TextBox40.Text & "',res5='" & TextBox41.Text & "',im6='" & TextBox42.Text & "',em6='" & TextBox43.Text & "',tot6='" & TextBox44.Text & "',res6='" & TextBox45.Text & "',im7='" & TextBox46.Text & "',em7='" & TextBox47.Text & "',tot7='" & TextBox48.Text & "',res7='" & TextBox49.Text & "',im8='" & TextBox50.Text & "',em8='" & TextBox51.Text & "',tot8='" & TextBox52.Text & "',res8='" & TextBox53.Text & "',im9='" & TextBox54.Text & "',em9='" & TextBox55.Text & "',tot9='" & TextBox56.Text & "',res9='" & TextBox57.Text & "',im10='" & TextBox58.Text & "',em10='" & TextBox59.Text & "',tot10='" & TextBox60.Text & "',res10='" & TextBox61.Text & "',im11='" & TextBox62.Text & "',em11='" & TextBox63.Text & "',tot11='" & TextBox64.Text & "',res11='" & TextBox65.Text & "',im12='" & TextBox66.Text & "',em12='" & TextBox67.Text & "',tot12='" & TextBox68.Text & "',res12='" & TextBox69.Text & "',im13='" & TextBox70.Text & "',em13='" & TextBox71.Text & "',tot13='" & TextBox72.Text & "',res13='" & TextBox73.Text & "',im14='" & TextBox74.Text & "',em14='" & TextBox75.Text & "',tot14='" & TextBox76.Text & "',res14='" & TextBox77.Text & "',im15='" & TextBox78.Text & "',em15='" & TextBox79.Text & "',tot15='" & TextBox80.Text & "',res15='" & TextBox81.Text & "',im16='" & TextBox82.Text & "',em16='" & TextBox83.Text & "',tot16='" & TextBox84.Text & "',res16='" & TextBox85.Text & "',im17='" & TextBox86.Text & "',em17='" & TextBox87.Text & "',tot17='" & TextBox88.Text & "',res17='" & TextBox89.Text & "',pt1='" & TextBox90.Text & "',pt2='" & TextBox91.Text & "',pt3='" & TextBox92.Text & "',pt4='" & TextBox93.Text & "',pt5='" & TextBox94.Text & "',pt6='" & TextBox95.Text & "',pt7='" & TextBox96.Text & "',pt8='" & TextBox97.Text & "',pt9='" & TextBox98.Text & "',pt10='" & TextBox99.Text & "',pt11='" & TextBox100.Text & "',pt12='" & TextBox101.Text & "',pt13='" & TextBox102.Text & "',pt14='" & TextBox103.Text & "',pt15='" & TextBox104.Text & "',pt16='" & TextBox105.Text & "',pt17='" & TextBox106.Text & "',min='" & TextBox107.Text & "',max='" & TextBox108.Text & "',ord='" & TextBox109.Text & "' WHERE REG_NO = '" & TextBox1.Text & "' "
Yes, that's a single line, no breaks. Yes, those are TextBox1 through 109 inclusive...on the same form...and SQL injection as well. Anyone want to bet if he had enough space on the form to use labels as well?
The problem he found? "Syntax error in UPDATE statement".
SQL Got that right - and it can't even see the VB code.
This message is manufactured from fully recyclable noughts and ones. To recycle this message, please separate into two tidy piles, and take them to your nearest local recycling centre.
Please note that in some areas noughts are always replaced with zeros by law, and many facilities cannot recycle zeroes - in this case, please bury them in your back garden and water frequently.
|