Incorrect syntax near 'NO'.' in vb.net on cmd.ExecuteNonQuery()

Question

Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
  If con.State = ConnectionState.Open Then
    con.Close()
  End If

  con.Open()

  cmd = con.CreateCommand()
  cmd.CommandType = CommandType.Text
  cmd.CommandText = "update Tabledb set FIRSTNAME=" & TextBox1.Text & ",LASTNAME=" & TextBox2.Text & ",PHONE NO=" & TextBox3.Text & ", where Id =" & i & ""
  cmd.ExecuteNonQuery()
  cmd.Connection = con
  disp_data()
End Sub

Answer 1

Give you controls meaningful names. This will make your coding much easier. I have renamed your controls as an example.

You should not have to check ConnectionState . Connections, commands and other database objects use unmanaged resources. To release these they provide a Dispose method which must be called. These objects should be declared locally in the method where they are used. vb.net provides Using...End Using blocks where you declare connections, commands etc. The block will dispose the objects at the End Using . (It will also Close the connection which you failed to do.)

Don't Open the connection until directly before the .Execute... .

You can pass the the connection string directly to the connection's constructor. Your can pass the CommandText and the Connection directly to the constructor of the command.

It is useless to set the Connection property of the command after you have attempted to execute the command.

CommandType.Text is the default so it is not necessary to set this property explicitly.

NEVER concatenate strings to build Sql statements.

ALWAYS use parameters.

The field names you use in you Sql string must match exactly the names in the database. That means upper case, lower case, spaces, and periods. If a field name is a reserved word, contains a space or other unusual character is needs to be surrounded by identifier delimiters. For Access and Sql Server that would be brackets [ ]. For MySql use the back tick `. On my USA keyboard that is found below the tilde in the upper left corner. If you are not sure if you need the delimiters you can use them anyway. It won't hurt anything.

I had to guess at the datatypes of the parameters. Check the database for the actual types. I also guessed at the database. Change the code to OleDb for Access and MySql for MySql.

Private OPConStr As String = "Your connection string."

Private Sub btnUpdate_Click(sender As Object, e As EventArgs) Handles btnUpdate.Click
    Dim i As Integer = 5 'I made up a value, don't know where this comes from in the real code
    Dim strSql = "update Tabledb set FIRSTNAME = @FirstName, LASTNAME = @LastName, [PHONENO.] = @Phone, where Id = @ID;"
    Using con As New SqlConnection(OPConStr),
            cmd As New SqlCommand(strSql, con)
        cmd.Parameters.Add("@FirstName", SqlDbType.NVarChar).Value = txtFirstName.Text
        cmd.Parameters.Add("@LastName", SqlDbType.NVarChar).Value = txtLastName.Text
        cmd.Parameters.Add("@Phone", SqlDbType.VarChar).Value = txtPhone.Text
        cmd.Parameters.Add("@ID", SqlDbType.Int).Value = i
        con.Open()
        cmd.ExecuteNonQuery()
    End Using
    disp_data()
End Sub