In addition to the
SQL Injection[
^] vulnerability in your code, your column name doesn't look like a valid SQL identifier.
In general, SQL identifiers need to consist of unaccented "latin" letters (a-z), digits (0-9), and underscores (_). They also cannot start with a digit.
You would either need to wrap your column name in square brackets, or change it to be a valid SQL identifier.
Dim DA As New OleDb.OleDbDataAdapter("SELECT * FROM Data WHERE [الاسم_كاملاً] = @P1", CONN)
DA.SelectCommand.Parameters.AddWithValue("@P1", TextBox1.Text)
DA.Fill(DT)
You
might also get compiler errors accessing the columns using the
DR!column
syntax. If you do, you'll need to use the
DR["column"]
syntax instead:
DR["الاسم_كاملاً"] = TextBox1.Text