c# - SQL Server 2014: incorrect syntax near Where -

i use visual studio 2013 , sql server 2014. error

incorrect syntax near 'where ad= '

i'm beginner couldn't figure out problem , need help.

here code:

private void btngno_click(object sender, eventargs e) {     sqlconnection baglan = new sqlconnection("server=.;database=lalala;trusted_connection=true;");     baglan.open();      sqlcommand cmd2 = new sqlcommand("update ilktablom set gno= " + int32.parse(gnotxt.text) + "'where ad= '" + txtad.text + "' ,soyad= '" + txtsoyad.text + "' ,sifre= '" + txtsifre.text, baglan);     if (cmd2.executenonquery() == 1)     {         messagebox.show("process completed.");     }     else     {         messagebox.show("process not completed.");     } }      

your sql you're generating (apart being open sql injection) missing terminating ', , using commas in where clause (instead of and)

instead, like:

private void btngno_click(object sender, eventargs e) {     using (sqlconnection baglan = new sqlconnection("server=.;database=lalala;trusted_connection=true;"))     {         baglan.open();          using (sqlcommand cmd2 = new sqlcommand("update ilktablom set gno = @gno ad = @ad , soyad= @soyad , sifre = @sifre", baglan))         {             cmd2.parameters.add("@gno", sqldbtype.int).value = gnotxt.text;             cmd2.parameters.add("@ad", sqldbtype.varchar).value = txtad.text;             cmd2.parameters.add("@soyad", sqldbtype.varchar).value = txtsoyad.text;             cmd2.parameters.add("@sifre", sqldbtype.varchar).value = txtsifre.text;             if (cmd2.executenonquery() == 1)             {                 messagebox.show("process completed.");             }             else             {                 messagebox.show("process not completed.");             }         }     } }