I get this error message:


--------------------------- You possess an error inside your SQL syntax look into the manual that matches your MySQL server version for the best syntax to use near '(title) VALUES (hi)' at line 1

--------------------------- OK

And yeah, I understand it is something related to the syntax. The issue is, I've attempted many versions from it but still can't get results, so i quickly visited 5 sites I discovered on the internet with lessons, but still exactly the same problem. Here's my code below:

Note: The values within the Text Property from the text box controls the following is simply plain text, all letters and amounts.

try
            {
                label1.Text = "Trying to save. Wait.";
                conn.Open();
                string sql = "UPDATE " + pagelist.Text + "SET " + itemlist.Text + "=" + sitetext.Text;
                MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand(sql, conn);
                cmd.ExecuteNonQuery();
            }
            catch (Exception en)
            {
                MessageBox.Show(en.Message);
            }

Concerning the table:

table has 3 posts "heading, title and text". each one is varchars and the size of each is 255

Can someone help me determine wrong relating to this? Any help whatsoever is appreciated.

Thanks

You have to quote varchar values:

string sql = 
 "UPDATE " + pagelist.Text + " SET " + itemlist.Text + " = '" + sitetext.Text + "'";     

Better yet, make use of a parameterised query to prevent SQL Injection attacks.

Additionally to Mitch's suggestion, I'd also wrap the conn and cmd objects in making use of blocks:

using ( var conn = new Connection( connString ) )
{
  conn.Open();
  var sql = "my sql";
  using( var cmd = new MySql.Data.MySqlClient.MySqlCommand(sql, conn) )
  {
    cmd.ExecuteNonQuery();
  }
}

This can make certain the assets are launched properly, connections closed, etc.

Here is a SO answer relevant to presenting parameterized queries: Parameterized Query for MySQL with C#

I believe you didn't remember an area before SET.
If it's text and never number area, you have to also surround value with single quotes.
But please throw this code away and write another that uses parameters.

String literals have to encircled in quotes and properly steered clear of when used directly inside a query, but that might be the incorrect option here since you can't trust the input, you need to use a parameter within the assignment. With respect to the provider this might mean ... = ? or ... = @argName etc - and adding the worthiness in to the .Parameters collection in your command object.

Utilizing a parameter here could save you from SQL injection - a absurdly good way to kill or abuse a badly written application.

book the syntax

Update syntax:

Update tablename set feildname = value where condition

are you currently by using this properly?

if you're passing a string pass it in single quotes

watch out for sql injection!