Hi,
I have a database with a table called CDTest and the fields CDName, CDPrice, DateAdded and UName. I’m having trouble with my code, I cant quite figure out whats wrong and I was hoping someone could help. Its supposed to take CDIDString and find a match in the database and allow the user to update CDPrice and UName. Here’s the code…

Code:
Dim cnn As Data.SqlClient.SqlConnection
Dim cmd As Data.SqlClient.SqlCommand
Dim param As Data.SqlClient.SqlParameter
Dim strSQL As String
strSQL = "Insert Into CDTestTBL(CDPrice, UName) Values(@CDPrice, @UName) WHERE CDID = '" & CDIDString & "'"
Dim conn As String
conn = "Data Source=.\SQLEXPRESS;AttachDbFilename=""|DataDirectory|\aspnetdb.mdf"";Integrated Security=True;User Instance=True"

cnn = New Data.SqlClient.SqlConnection(conn)
cmd = New Data.SqlClient.SqlCommand(strSQL, cnn)

param = New Data.SqlClient.SqlParameter("@CDPrice",Data.SqlDbType.VarChar)
param.Value = CDPriceString
cmd.Parameters.Add(param)
            
param = New Data.SqlClient.SqlParameter("@UName",Data.SqlDbType.VarChar)
param.Value = UNameString
cmd.Parameters.Add(param)

cnn.Open()
cmd.ExecuteNonQuery()
cnn.Close()
An error appears when I run the code saying “Incorrect syntax near the keyword 'WHERE'.” and points to…
Code:
 cmd.ExecuteNonQuery()
Could anyone lend a hand?