SQL Insert into statement

Question

strSQL = "INSERT INTO Accounts UserName, Password VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

When the code is executed and error is thrown, but there is no visible problem that i can see. Help!

It helps if you include the error you are getting in your question. — T I, Mar 21 '14 at 12:25
You need to put the column list in paranthesis `... INTO Accounts (UserName, Password) ...` — T I, Mar 21 '14 at 12:26
@Callum, look at my update1... the test mean add your database name.. — jmail, Mar 21 '14 at 12:51

score 5 · Accepted Answer · edited May 23 '17 at 12:28

The word PASSWORD is reserved in MS-Access.
You need to use square brackets around that name (Or change it to something different)

strSQL = "INSERT INTO Accounts (UserName, [Password]) VALUES (......

Said that, please use a parameterized query to build sql commands.
A string concatenation like yours is easily attacked by hackers using SQL Injection
Also, if the username or password contains a single quote, the resulting sql text built using string concatenation will be invalid.

strSQL = "INSERT INTO Accounts (UserName, [Password]) VALUES (?, ?)"
OleDbCommand cmd = new OleDbCommand(strSQL, connection);
cmd.Parameters.AddWithValue("@p1",txtUsername.Text);
cmd.Parameters.AddWithValue("@p2",txtEncryptedPassword);
cmd.ExecuteNonQuery();

Thanks the reserved word was the problem, hackers aren't really an issue it is only for a college project. — Callum Hutchinson, Mar 21 '14 at 14:13

score 1 · Answer 2 · answered Mar 21 '14 at 12:26

1

You forgot parentheses:

strSQL = "INSERT INTO Accounts (UserName, Password) VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

answered Mar 21 '14 at 12:26

Alexander

3,129
2
19
33

OleDbException was unhandled . Syntax error in INSERT INTO statement – Callum Hutchinson Mar 21 '14 at 12:32

jmail · Answer 3 · 2014-03-21T13:16:59.480

0

your doing () this mistake and you should must add:

your code:

strSQL = "INSERT INTO Accounts UserName, Password VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

you should must change code following as:

strSQL = "INSERT INTO Accounts (UserName, Password) VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

update1:

"INSERT INTO `test`.`users` ( `username`, `password`) " & _
                  "VALUES ('" & txtUsername.Text & "', '" & txtPassword.Text & "');"

update2:

   "INSERT INTO users ( `username`,`password`)VALUES(@txtUsername.Text,@txtPassword.Text);"

"INSERT INTO users (Username,Password)VALUES(?,?);"

note:test means database name you should change your databasename.

edited Mar 21 '14 at 13:16

answered Mar 21 '14 at 12:34

jmail

5,944
3
21
35

The table is Accounts – Callum Hutchinson Mar 21 '14 at 12:40
What does the 'test'.'users' mean? – Callum Hutchinson Mar 21 '14 at 12:59
This will make the statement just the same though – Callum Hutchinson Mar 21 '14 at 13:06

score 0 · Answer 4 · edited Mar 21 '14 at 12:42

0

try this code:

 Dim strSQL As String = "INSERT INTO tblDetail VALUES('" & strPersonCode _
         & "','" & strForename & "','" & strSurname & "','" & strDateOfBirth & "'," & strCurrentlyWith & ",'" & strConditions & "')"

Do it like that but change to your names. Declare the values of text boxes as strings and just use those.

edited Mar 21 '14 at 12:42

jmail

5,944
3
21
35

answered Mar 21 '14 at 12:41

Aidan Bracher

1

SQL Insert into statement

4 Answers4