Wrong syntax near the keyword where

Incorrect syntax near ....

  • Hey guys,

    I would like to create a login field via MS SQLExpress. First of all, I'll follow a tutorial.

    Well I created the DB & the tables too. Now I ALWAYS get the following error (I google for 4 hours ...)

    "Wrong syntax near 'user'.

    "A System.IndexOutOfRangeException" occurred in System.Data.dll.

    Additional information: Table 0 cannot be found. "


    Here is a snippet of code:



    Private Function IsAuthenticated () As Boolean
    'CLEAR EXISTING RECORDS
    If SQL.SQLDS IsNot Nothing Then
    SQL.SQLDS.Clear ()
    End If

    SQL.RunQery ("SELECT Count (username) As UserCount" &
    "FROM user" &
    "WHERE username '" & txtUser.Text & "'" &
    "AND password = '" & txtPass.Text & "' COLLATE SQL_Latin1_General_CP1_CS_AS")

    If SQL.SQLDS.Tables (0) .Rows (0) .Item ("UserCount") = 1 Then

    Return True
    End If

    MsgBox ("Invalid user Data.", MsgBoxStyle.Critical, "LOGIN FAILED")
    Return false
    End function


    I've tried so many things but no chance ...
  • ThePlexian

    Registered: April 16, 2013

    Helpful reviews
    82
    Contributions
    1.573
    Helpful reviews
    82
    gender
    Male
    Programming languages ​​used
    C # 7.x, Phyton, Processing, C, Haskell / Curry, Java
    In the first part of the error line, a space is missing after As UserCount and an = character is missing after WHERE username.
    Furthermore, your query is so susceptible to an SQL injection, use DB parameters.
    “There's no need to" teach "atheism. It's the natural result of education without indoctrination. «- Ricky Gervais