query, End of statement expected ')'


New member
Aug 13, 2016
Programming Experience
I am getting error on this line of code. txtVIN, it gets underlined, when I run a mouse over it says ')' end of statement expected
[FONT=Consolas][SIZE=2][FONT=Consolas][SIZE=2] sql = (
[/SIZE][/FONT][/SIZE][/FONT][FONT=Consolas][SIZE=2][COLOR=#a31515][FONT=Consolas][SIZE=2][COLOR=#a31515][FONT=Consolas][SIZE=2][COLOR=#a31515]"SELECT * FROM tbMVID WHERE [VINtbl] = "[/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][FONT=Consolas][SIZE=2][FONT=Consolas][SIZE=2]  txtVIN.Text.ToString, conn)[/SIZE][/FONT][/SIZE][/FONT]
I've tried changing things around but it still does not work. Thanks for your time


VB.NET Forum Moderator
Staff member
Aug 17, 2004
Sydney, Australia
Programming Experience
Firstly, there's never a need to call ToString on a Text property of a control. As you would expect of something named Text, it is already a String.

As for the issue, the code you've posted makes no sense. I assume that what you intended was something like this:
sql = "SELECT * FROM tbMVID WHERE [VINtbl] = "  & txtVIN.Text

Dim command As New SqlCommand(sql, conn)
That's still potentially problematic though. For one thing, if that VINtbl column is a text type then you're missing the single quotes around the value and you'll get a an error of some sort when the SQL executes. Even worse though, is the fact that you leave yourself open to SQL injection and a malicious user may be able to delete every record in your database. If you're going to use ADO.NET then you should do it properly and use parameters to insert values, e.g.
sql = "SELECT * FROM tbMVID WHERE [VINtbl] = @VINtbl"

Dim command As New SqlCommand(sql, conn)

command.Parameters.AddWithValue("@VINtbl", txtVIN.Text)
That way, there's no issues with formatting, delimiters or SQL injection.
Top Bottom