Whatz wrong in this query, can any one re-edit this query to delete whole record from table1 using username from gridview cell 4 ...?

   Whatz wrong in this query, can any one re-edit this query to delete whole record from table1 using username from gridview cell 4 ... ?

HOW TO DELETE RECORD IF I USE USERID AS UNIQUE IDENTIFIER DATATYPE AND PRIMARY KEY

Imports System.Data.SqlClient

     Dim con As New SqlConnection
                Dim cmd As New SqlComm开发者_运维百科and
                Try
                    con.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True"
                    con.Open()
                    cmd.Connection = con
                    cmd.CommandText = "DELETE FROM Table1 WHERE UserName =" & GridView1.SelectedRow.Cells(4).ToString
                    cmd.ExecuteNonQuery()

                Catch ex As Exception
                    MsgBox("Error while Deleting record on table..." & ex.Message, "Delete Records")
                Finally
                    con.Close()
                End Try

I don't know VB.NET but it looks like your CommandText will be:

DELETE FROM Table1 WHERE UserName = foobar

as opposed to

DELETE FROM Table1 WHERE UserName = 'foobar'

... and it looks like I was beaten to it.. :)

Firstly

cmd.CommandText = "DELETE FROM Table1 WHERE UserName ='" & GridView1.SelectedRow.Cells(4).ToString & "'"

and secondly, to avoid Sql Injection you should rather use SqlParameter Class