Syntax error in INSERT INTO statement Insert in Access
up vote
-1
down vote
favorite
I made a Accounts Project in c sharp with access2016 database, in this I want to enter user data in user management form when I click on save button this error appears
"System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement" in c#.
Here is my code;
public partial class frmUsers : MetroFramework.Forms.MetroForm
{
OleDbConnection con = new OleDbConnection(ConfigurationManager.AppSettings ["con"]);
OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|DataBase.accdb;");
public frmUsers()
{
InitializeComponent();
}
private void btnSave_Click(object sender, EventArgs e)
{
//string InsertPur= "insert into [Users] (UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "','" + txtUserID.Text + "','" + txtPassword.Text + "','" + txtDesignation.Text + "'," + txtContactNo.Text + ",'" + cboxUserType.Text + "')";
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "', '" + txtUserID.Text + "', '" + txtPassword.Text + "', '" + txtDesignation.Text + "', " + txtContactNo.Text + ", '" + cboxUserType.Text + "')", con);
DataSet ds = new DataSet();
da.Fill(ds); //**Error Pointed here**
ViewData();
clearData();
txtUserName.Focus();
}
}
c# oledb ms-access-2016
edited Nov 10 at 18:43
S.Akbari
29k93369
asked Feb 26 at 13:50
R.Soomro
14
add a comment |
up vote
-1
down vote
favorite
I made a Accounts Project in c sharp with access2016 database, in this I want to enter user data in user management form when I click on save button this error appears
"System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement" in c#.
Here is my code;
public partial class frmUsers : MetroFramework.Forms.MetroForm
{
OleDbConnection con = new OleDbConnection(ConfigurationManager.AppSettings ["con"]);
OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|DataBase.accdb;");
public frmUsers()
{
InitializeComponent();
}
private void btnSave_Click(object sender, EventArgs e)
{
//string InsertPur= "insert into [Users] (UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "','" + txtUserID.Text + "','" + txtPassword.Text + "','" + txtDesignation.Text + "'," + txtContactNo.Text + ",'" + cboxUserType.Text + "')";
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "', '" + txtUserID.Text + "', '" + txtPassword.Text + "', '" + txtDesignation.Text + "', " + txtContactNo.Text + ", '" + cboxUserType.Text + "')", con);
DataSet ds = new DataSet();
da.Fill(ds); //**Error Pointed here**
ViewData();
clearData();
txtUserName.Focus();
}
}
c# oledb ms-access-2016
edited Nov 10 at 18:43
S.Akbari
29k93369
asked Feb 26 at 13:50
R.Soomro
14
What dataset do you expect to come out of an insert statement? Oh, and please, please, please, use parametrized queries. Do not write this kind of dangerous code, not even for a test.
– oerkelens
Feb 26 at 13:58
sir i'm not a expert just start to learning from several sources and try to made experimental projects when i'm in trouble or when i need help from exerts like you i'm ambitious about c sharp leaning... Thnx sir
– R.Soomro
Feb 26 at 16:56
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I made a Accounts Project in c sharp with access2016 database, in this I want to enter user data in user management form when I click on save button this error appears
"System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement" in c#.
Here is my code;
public partial class frmUsers : MetroFramework.Forms.MetroForm
{
OleDbConnection con = new OleDbConnection(ConfigurationManager.AppSettings ["con"]);
OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|DataBase.accdb;");
public frmUsers()
{
InitializeComponent();
}
private void btnSave_Click(object sender, EventArgs e)
{
//string InsertPur= "insert into [Users] (UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "','" + txtUserID.Text + "','" + txtPassword.Text + "','" + txtDesignation.Text + "'," + txtContactNo.Text + ",'" + cboxUserType.Text + "')";
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "', '" + txtUserID.Text + "', '" + txtPassword.Text + "', '" + txtDesignation.Text + "', " + txtContactNo.Text + ", '" + cboxUserType.Text + "')", con);
DataSet ds = new DataSet();
da.Fill(ds); //**Error Pointed here**
ViewData();
clearData();
txtUserName.Focus();
}
}
c# oledb ms-access-2016
edited Nov 10 at 18:43
S.Akbari
29k93369
asked Feb 26 at 13:50
R.Soomro
14
I made a Accounts Project in c sharp with access2016 database, in this I want to enter user data in user management form when I click on save button this error appears
"System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement" in c#.
Here is my code;
public partial class frmUsers : MetroFramework.Forms.MetroForm
{
OleDbConnection con = new OleDbConnection(ConfigurationManager.AppSettings ["con"]);
OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|DataBase.accdb;");
public frmUsers()
{
InitializeComponent();
}
private void btnSave_Click(object sender, EventArgs e)
{
//string InsertPur= "insert into [Users] (UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "','" + txtUserID.Text + "','" + txtPassword.Text + "','" + txtDesignation.Text + "'," + txtContactNo.Text + ",'" + cboxUserType.Text + "')";
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,UserID,Password,Designation,ContactNo,UserType) values (" + txtUserCode.Text + ", '" + txtUserName.Text + "', '" + txtUserID.Text + "', '" + txtPassword.Text + "', '" + txtDesignation.Text + "', " + txtContactNo.Text + ", '" + cboxUserType.Text + "')", con);
DataSet ds = new DataSet();
da.Fill(ds); //**Error Pointed here**
ViewData();
clearData();
txtUserName.Focus();
}
}
c# oledb ms-access-2016
c# oledb ms-access-2016
edited Nov 10 at 18:43
S.Akbari
29k93369
asked Feb 26 at 13:50
R.Soomro
14
edited Nov 10 at 18:43
S.Akbari
29k93369
asked Feb 26 at 13:50
R.Soomro
14
edited Nov 10 at 18:43
S.Akbari
29k93369
edited Nov 10 at 18:43
S.Akbari
29k93369
edited Nov 10 at 18:43
S.Akbari
29k93369
29k93369
asked Feb 26 at 13:50
R.Soomro
14
asked Feb 26 at 13:50
R.Soomro
14
asked Feb 26 at 13:50
R.Soomro
14
14
What dataset do you expect to come out of an insert statement? Oh, and please, please, please, use parametrized queries. Do not write this kind of dangerous code, not even for a test.
– oerkelens
Feb 26 at 13:58
sir i'm not a expert just start to learning from several sources and try to made experimental projects when i'm in trouble or when i need help from exerts like you i'm ambitious about c sharp leaning... Thnx sir
– R.Soomro
Feb 26 at 16:56
add a comment |
What dataset do you expect to come out of an insert statement? Oh, and please, please, please, use parametrized queries. Do not write this kind of dangerous code, not even for a test.
– oerkelens
Feb 26 at 13:58
sir i'm not a expert just start to learning from several sources and try to made experimental projects when i'm in trouble or when i need help from exerts like you i'm ambitious about c sharp leaning... Thnx sir
– R.Soomro
Feb 26 at 16:56
What dataset do you expect to come out of an insert statement? Oh, and please, please, please, use parametrized queries. Do not write this kind of dangerous code, not even for a test.
– oerkelens
Feb 26 at 13:58
What dataset do you expect to come out of an insert statement? Oh, and please, please, please, use parametrized queries. Do not write this kind of dangerous code, not even for a test.
– oerkelens
Feb 26 at 13:58
sir i'm not a expert just start to learning from several sources and try to made experimental projects when i'm in trouble or when i need help from exerts like you i'm ambitious about c sharp leaning... Thnx sir
– R.Soomro
Feb 26 at 16:56
sir i'm not a expert just start to learning from several sources and try to made experimental projects when i'm in trouble or when i need help from exerts like you i'm ambitious about c sharp leaning... Thnx sir
– R.Soomro
Feb 26 at 16:56
add a comment |
4 Answers
4
active
oldest
votes
up vote
1
down vote
accepted
You have missed single quote around some of your textboxes like txtUserCode and ... it should be '" + txtUserCode + "'.
However you should always use parameterized queries to avoid SQL Injection. Your code should be something like this:
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,...) values"
+ " (@UserCode,@UserName,...)", con);
da.InsertCommand.Parameters.AddWithValue("@UserCode", txtUserCode.Text);
//Other parameters
Although specify the type directly and use the Value property is more better than AddWithValue.
Can we stop using AddWithValue() already?
answered Feb 26 at 13:52
S.Akbari
29k93369
thnx to help sir
– R.Soomro
Feb 26 at 16:56
add a comment |
up vote
1
down vote
Your code has a formatting error that should be fixed if its the same as your real code :
in your textboxes you need to add single quote around your txtUserCode like this or it wont be registered as a whole parameter
'" + txtUserCode + "'
And your really shouldn't put your data directly into your query has it can lead to security issue and people injecting sql into it. Try and use parameterized queries instead when possible.Here is some reason why.
Why do we always prefer using parameters in SQL statements?
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
add a comment |
up vote
1
down vote
- You need to use Parameters. Always specify the data type and pass the parameter value to match the schema store (pass an integer as value if an integer is being stored). Always specify the schema store length for the column if applicable like with a string/varchar.
- You need to escape the column names so that the use of a reserved word does not cause an error.
- You should not leave connections open when you are not using them.
- (design) Never store passwords in plain text.
- For an insert statement there is no need to use a Data Adapter, use the command object directly.
For Microsoft Access the parameters are positional based and not named, you should use ? as the placeholder symbol although the code would work if you used name parameters provided they are in the same order.
See the documentation for [OleDbCommand.Parameters Property][1]
Remarks
The OLE DB .NET Provider does not support named parameters for passing parameters to an SQL statement or a stored procedure called by an OleDbCommand when CommandType is set to Text. In this case, the question mark (?) placeholder must be used. For example:
SELECT * FROM Customers WHERE CustomerID = ?
Therefore, the order in which OleDbParameter objects are added to the OleDbParameterCollection must directly correspond to the position of the question mark placeholder for the parameter in the command text.
Be sure to include the expected schema type where the parameter will be used AND the schema length if applicable.
I also recommend you always use using statements around your instances where the type implements IDisposable like the OleDbConnection so that the connection is always closed even if an exception is thrown in the code.
Changed Code: I guessed on the data types and length, you should fix those based on the schema
using (var conn = new OleDbConnection(connectionStringHere))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO Users([UserCode],[UserName],[UserID],[Password],[Designation],[ContactNo],[UserType]) VALUES (?,?,?,?,?,?,?)";
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserCode.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserName.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserID.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtPassword.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtDesignation.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.Integer) {Value = int.Parse(txtContactNo.Text) });
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = cboxUserType.Text});
conn.Open();
var numberOfRowsInserted = cmd.ExecuteNonQuery();
}
answered Feb 26 at 20:44
Igor
37.9k34397
add a comment |
up vote
0
down vote
Password is a reserved word in Access SQL, so use [Password] in your string.
answered Feb 26 at 13:55
Gustav
28.7k51734
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
You have missed single quote around some of your textboxes like txtUserCode and ... it should be '" + txtUserCode + "'.
However you should always use parameterized queries to avoid SQL Injection. Your code should be something like this:
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,...) values"
+ " (@UserCode,@UserName,...)", con);
da.InsertCommand.Parameters.AddWithValue("@UserCode", txtUserCode.Text);
//Other parameters
Although specify the type directly and use the Value property is more better than AddWithValue.
Can we stop using AddWithValue() already?
answered Feb 26 at 13:52
S.Akbari
29k93369
thnx to help sir
– R.Soomro
Feb 26 at 16:56
add a comment |
up vote
1
down vote
accepted
You have missed single quote around some of your textboxes like txtUserCode and ... it should be '" + txtUserCode + "'.
However you should always use parameterized queries to avoid SQL Injection. Your code should be something like this:
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,...) values"
+ " (@UserCode,@UserName,...)", con);
da.InsertCommand.Parameters.AddWithValue("@UserCode", txtUserCode.Text);
//Other parameters
Although specify the type directly and use the Value property is more better than AddWithValue.
Can we stop using AddWithValue() already?
answered Feb 26 at 13:52
S.Akbari
29k93369
thnx to help sir
– R.Soomro
Feb 26 at 16:56
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
You have missed single quote around some of your textboxes like txtUserCode and ... it should be '" + txtUserCode + "'.
However you should always use parameterized queries to avoid SQL Injection. Your code should be something like this:
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,...) values"
+ " (@UserCode,@UserName,...)", con);
da.InsertCommand.Parameters.AddWithValue("@UserCode", txtUserCode.Text);
//Other parameters
Although specify the type directly and use the Value property is more better than AddWithValue.
Can we stop using AddWithValue() already?
answered Feb 26 at 13:52
S.Akbari
29k93369
You have missed single quote around some of your textboxes like txtUserCode and ... it should be '" + txtUserCode + "'.
However you should always use parameterized queries to avoid SQL Injection. Your code should be something like this:
OleDbDataAdapter da = new OleDbDataAdapter("insert into Users(UserCode,UserName,...) values"
+ " (@UserCode,@UserName,...)", con);
da.InsertCommand.Parameters.AddWithValue("@UserCode", txtUserCode.Text);
//Other parameters
Although specify the type directly and use the Value property is more better than AddWithValue.
Can we stop using AddWithValue() already?
answered Feb 26 at 13:52
S.Akbari
29k93369
edited Feb 26 at 20:15
answered Feb 26 at 13:52
S.Akbari
29k93369
answered Feb 26 at 13:52
S.Akbari
29k93369
answered Feb 26 at 13:52
S.Akbari
29k93369
29k93369
thnx to help sir
– R.Soomro
Feb 26 at 16:56
add a comment |
thnx to help sir
– R.Soomro
Feb 26 at 16:56
thnx to help sir
– R.Soomro
Feb 26 at 16:56
thnx to help sir
– R.Soomro
Feb 26 at 16:56
add a comment |
up vote
1
down vote
Your code has a formatting error that should be fixed if its the same as your real code :
in your textboxes you need to add single quote around your txtUserCode like this or it wont be registered as a whole parameter
'" + txtUserCode + "'
And your really shouldn't put your data directly into your query has it can lead to security issue and people injecting sql into it. Try and use parameterized queries instead when possible.Here is some reason why.
Why do we always prefer using parameters in SQL statements?
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
add a comment |
up vote
1
down vote
Your code has a formatting error that should be fixed if its the same as your real code :
in your textboxes you need to add single quote around your txtUserCode like this or it wont be registered as a whole parameter
'" + txtUserCode + "'
And your really shouldn't put your data directly into your query has it can lead to security issue and people injecting sql into it. Try and use parameterized queries instead when possible.Here is some reason why.
Why do we always prefer using parameters in SQL statements?
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
add a comment |
up vote
1
down vote
up vote
1
down vote
Your code has a formatting error that should be fixed if its the same as your real code :
in your textboxes you need to add single quote around your txtUserCode like this or it wont be registered as a whole parameter
'" + txtUserCode + "'
And your really shouldn't put your data directly into your query has it can lead to security issue and people injecting sql into it. Try and use parameterized queries instead when possible.Here is some reason why.
Why do we always prefer using parameters in SQL statements?
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
Your code has a formatting error that should be fixed if its the same as your real code :
in your textboxes you need to add single quote around your txtUserCode like this or it wont be registered as a whole parameter
'" + txtUserCode + "'
And your really shouldn't put your data directly into your query has it can lead to security issue and people injecting sql into it. Try and use parameterized queries instead when possible.Here is some reason why.
Why do we always prefer using parameters in SQL statements?
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
answered Feb 26 at 13:55
Louis-Roch Tessier
6641022
6641022
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
add a comment |
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
Here is a reminder of the famous Bobby Table joke : xkcd.com/327
– Antoine Pelletier
Mar 20 at 15:14
add a comment |
up vote
1
down vote
- You need to use Parameters. Always specify the data type and pass the parameter value to match the schema store (pass an integer as value if an integer is being stored). Always specify the schema store length for the column if applicable like with a string/varchar.
- You need to escape the column names so that the use of a reserved word does not cause an error.
- You should not leave connections open when you are not using them.
- (design) Never store passwords in plain text.
- For an insert statement there is no need to use a Data Adapter, use the command object directly.
For Microsoft Access the parameters are positional based and not named, you should use ? as the placeholder symbol although the code would work if you used name parameters provided they are in the same order.
See the documentation for [OleDbCommand.Parameters Property][1]
Remarks
The OLE DB .NET Provider does not support named parameters for passing parameters to an SQL statement or a stored procedure called by an OleDbCommand when CommandType is set to Text. In this case, the question mark (?) placeholder must be used. For example:
SELECT * FROM Customers WHERE CustomerID = ?
Therefore, the order in which OleDbParameter objects are added to the OleDbParameterCollection must directly correspond to the position of the question mark placeholder for the parameter in the command text.
Be sure to include the expected schema type where the parameter will be used AND the schema length if applicable.
I also recommend you always use using statements around your instances where the type implements IDisposable like the OleDbConnection so that the connection is always closed even if an exception is thrown in the code.
Changed Code: I guessed on the data types and length, you should fix those based on the schema
using (var conn = new OleDbConnection(connectionStringHere))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO Users([UserCode],[UserName],[UserID],[Password],[Designation],[ContactNo],[UserType]) VALUES (?,?,?,?,?,?,?)";
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserCode.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserName.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserID.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtPassword.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtDesignation.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.Integer) {Value = int.Parse(txtContactNo.Text) });
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = cboxUserType.Text});
conn.Open();
var numberOfRowsInserted = cmd.ExecuteNonQuery();
}
answered Feb 26 at 20:44
Igor
37.9k34397
add a comment |
up vote
1
down vote
- You need to use Parameters. Always specify the data type and pass the parameter value to match the schema store (pass an integer as value if an integer is being stored). Always specify the schema store length for the column if applicable like with a string/varchar.
- You need to escape the column names so that the use of a reserved word does not cause an error.
- You should not leave connections open when you are not using them.
- (design) Never store passwords in plain text.
- For an insert statement there is no need to use a Data Adapter, use the command object directly.
For Microsoft Access the parameters are positional based and not named, you should use ? as the placeholder symbol although the code would work if you used name parameters provided they are in the same order.
See the documentation for [OleDbCommand.Parameters Property][1]
Remarks
The OLE DB .NET Provider does not support named parameters for passing parameters to an SQL statement or a stored procedure called by an OleDbCommand when CommandType is set to Text. In this case, the question mark (?) placeholder must be used. For example:
SELECT * FROM Customers WHERE CustomerID = ?
Therefore, the order in which OleDbParameter objects are added to the OleDbParameterCollection must directly correspond to the position of the question mark placeholder for the parameter in the command text.
Be sure to include the expected schema type where the parameter will be used AND the schema length if applicable.
I also recommend you always use using statements around your instances where the type implements IDisposable like the OleDbConnection so that the connection is always closed even if an exception is thrown in the code.
Changed Code: I guessed on the data types and length, you should fix those based on the schema
using (var conn = new OleDbConnection(connectionStringHere))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO Users([UserCode],[UserName],[UserID],[Password],[Designation],[ContactNo],[UserType]) VALUES (?,?,?,?,?,?,?)";
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserCode.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserName.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserID.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtPassword.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtDesignation.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.Integer) {Value = int.Parse(txtContactNo.Text) });
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = cboxUserType.Text});
conn.Open();
var numberOfRowsInserted = cmd.ExecuteNonQuery();
}
answered Feb 26 at 20:44
Igor
37.9k34397
add a comment |
up vote
1
down vote
up vote
1
down vote
- You need to use Parameters. Always specify the data type and pass the parameter value to match the schema store (pass an integer as value if an integer is being stored). Always specify the schema store length for the column if applicable like with a string/varchar.
- You need to escape the column names so that the use of a reserved word does not cause an error.
- You should not leave connections open when you are not using them.
- (design) Never store passwords in plain text.
- For an insert statement there is no need to use a Data Adapter, use the command object directly.
For Microsoft Access the parameters are positional based and not named, you should use ? as the placeholder symbol although the code would work if you used name parameters provided they are in the same order.
See the documentation for [OleDbCommand.Parameters Property][1]
Remarks
The OLE DB .NET Provider does not support named parameters for passing parameters to an SQL statement or a stored procedure called by an OleDbCommand when CommandType is set to Text. In this case, the question mark (?) placeholder must be used. For example:
SELECT * FROM Customers WHERE CustomerID = ?
Therefore, the order in which OleDbParameter objects are added to the OleDbParameterCollection must directly correspond to the position of the question mark placeholder for the parameter in the command text.
Be sure to include the expected schema type where the parameter will be used AND the schema length if applicable.
I also recommend you always use using statements around your instances where the type implements IDisposable like the OleDbConnection so that the connection is always closed even if an exception is thrown in the code.
Changed Code: I guessed on the data types and length, you should fix those based on the schema
using (var conn = new OleDbConnection(connectionStringHere))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO Users([UserCode],[UserName],[UserID],[Password],[Designation],[ContactNo],[UserType]) VALUES (?,?,?,?,?,?,?)";
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserCode.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserName.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserID.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtPassword.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtDesignation.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.Integer) {Value = int.Parse(txtContactNo.Text) });
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = cboxUserType.Text});
conn.Open();
var numberOfRowsInserted = cmd.ExecuteNonQuery();
}
answered Feb 26 at 20:44
Igor
37.9k34397
- You need to use Parameters. Always specify the data type and pass the parameter value to match the schema store (pass an integer as value if an integer is being stored). Always specify the schema store length for the column if applicable like with a string/varchar.
- You need to escape the column names so that the use of a reserved word does not cause an error.
- You should not leave connections open when you are not using them.
- (design) Never store passwords in plain text.
- For an insert statement there is no need to use a Data Adapter, use the command object directly.
For Microsoft Access the parameters are positional based and not named, you should use ? as the placeholder symbol although the code would work if you used name parameters provided they are in the same order.
See the documentation for [OleDbCommand.Parameters Property][1]
Remarks
The OLE DB .NET Provider does not support named parameters for passing parameters to an SQL statement or a stored procedure called by an OleDbCommand when CommandType is set to Text. In this case, the question mark (?) placeholder must be used. For example:
SELECT * FROM Customers WHERE CustomerID = ?
Therefore, the order in which OleDbParameter objects are added to the OleDbParameterCollection must directly correspond to the position of the question mark placeholder for the parameter in the command text.
Be sure to include the expected schema type where the parameter will be used AND the schema length if applicable.
I also recommend you always use using statements around your instances where the type implements IDisposable like the OleDbConnection so that the connection is always closed even if an exception is thrown in the code.
Changed Code: I guessed on the data types and length, you should fix those based on the schema
using (var conn = new OleDbConnection(connectionStringHere))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO Users([UserCode],[UserName],[UserID],[Password],[Designation],[ContactNo],[UserType]) VALUES (?,?,?,?,?,?,?)";
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserCode.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserName.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtUserID.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtPassword.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = txtDesignation.Text});
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.Integer) {Value = int.Parse(txtContactNo.Text) });
cmd.Parameters.Add(new OleDbParameter("?", OleDbType.VarChar, 100) {Value = cboxUserType.Text});
conn.Open();
var numberOfRowsInserted = cmd.ExecuteNonQuery();
}
answered Feb 26 at 20:44
Igor
37.9k34397
answered Feb 26 at 20:44
Igor
37.9k34397
answered Feb 26 at 20:44
Igor
37.9k34397
answered Feb 26 at 20:44
Igor
37.9k34397
37.9k34397
add a comment |
add a comment |
up vote
0
down vote
Password is a reserved word in Access SQL, so use [Password] in your string.
answered Feb 26 at 13:55
Gustav
28.7k51734
add a comment |
up vote
0
down vote
Password is a reserved word in Access SQL, so use [Password] in your string.
answered Feb 26 at 13:55
Gustav
28.7k51734
add a comment |
up vote
0
down vote
up vote
0
down vote
Password is a reserved word in Access SQL, so use [Password] in your string.
answered Feb 26 at 13:55
Gustav
28.7k51734
Password is a reserved word in Access SQL, so use [Password] in your string.
answered Feb 26 at 13:55
Gustav
28.7k51734
answered Feb 26 at 13:55
Gustav
28.7k51734
answered Feb 26 at 13:55
Gustav
28.7k51734
answered Feb 26 at 13:55
Gustav
28.7k51734
28.7k51734
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f48990101%2fsyntax-error-in-insert-into-statement-insert-in-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What dataset do you expect to come out of an insert statement? Oh, and please, please, please, use parametrized queries. Do not write this kind of dangerous code, not even for a test.
– oerkelens
Feb 26 at 13:58
sir i'm not a expert just start to learning from several sources and try to made experimental projects when i'm in trouble or when i need help from exerts like you i'm ambitious about c sharp leaning... Thnx sir
– R.Soomro
Feb 26 at 16:56