Error when updating SQLite database using VB.Net

Question

Trying to get this code to work so that it will update my SQLite database. Keep getting an error saying that an end of statement is expected error BC30205. I cannot see what i am missing! This is my first ever attempt at an update statement in SQL so i may have missed something obvious! I have marked the line of code i am having the error with with an arrow!

Public Partial Class Change_Password
Public Sub New()
    ' The Me.InitializeComponent call is required for Windows Forms designer support.
    Me.InitializeComponent()

    '
    ' TODO : Add constructor code after InitializeComponents
    '
End Sub

Dim SQLconnect As New System.Data.SQLite.SQLiteConnection()
Dim SQLcommand As System.Data.SQLite.SQLiteCommand
Dim SQLreader As System.Data.SQLite.SQLiteDataReader

Dim Password1 As String = ""
Dim Password2 As String = ""

Public Class Password
    Public shared usernamechange As String = ""
End Class

Sub Cmd_NextClick(sender As Object, e As EventArgs)
    If Trim(txt_Password_Box.Text) = "" Then
        MsgBox("Please enter a password")
    Else
        Password1 = txt_Password_Box.Text
        txt_Password_Box.Text = ""
        txt_Password_Box.Focus
        lbl_Instruction.Text = "Please re-enter the exact same password!"
        cmd_Submit.Visible = True
        cmd_Next.Visible = False
        Me.AcceptButton = cmd_Submit
    End If

End Sub

Sub Change_PasswordLoad(sender As Object, e As EventArgs)
    cmd_Submit.Visible = False  
    Me.AcceptButton = cmd_Next
    SQLconnect.ConnectionString = "Data Source=KCD.s3db;"
    SQLconnect.Open()
End Sub

Sub Cmd_SubmitClick(sender As Object, e As EventArgs)
    If Trim(txt_Password_Box.Text) = "" Then
        MsgBox("Please enter the password again")
        Exit Sub
    Else
        Password2 = txt_Password_Box.Text
        txt_Password_Box.Text = ""
    End If



    If Password1 = Password2 Then

        SQLcommand = SQLconnect.CreateCommand

------> SQLcommand.CommandText = "UPDATE Staff SET Password = '" & password1 & "' WHERE '" Username = "' & password.usernamechange & '"""



        SQLcommand.Dispose()

        MsgBox("Your password has been changed",vbInformation,"Password Changed")
        Me.Close

    Else

        MsgBox("Passwords do not match. Please try again.")
        txt_Password_Box.Focus
        cmd_Submit.Visible = False
        cmd_Next.Visible = True
        Password1 = ""
        Password2 = ""
        lbl_Instruction.Text = "Please enter a new password!"
        Me.AcceptButton = cmd_Next
    End If

End Sub
End Class

Hope someone can help me! Thanks

Answer 1

This line doesn't seem right. Change

SQLcommand.CommandText = "UPDATE Staff SET Password = '" & password1 & "' WHERE '" Username = "' & password.usernamechange & '"""

to

SQLcommand.CommandText = "UPDATE Staff SET Password = '" & password1 & "' WHERE Username = '" & password.usernamechange & "'"

BTW, concatenating strings like that leads to being vulnerable to SQL Injection.