-1

Can anyone Help me to figure out whats the meaning of this error statement.I keep getting this error statement:-

index (zero based) must be greater than or equal to zero and less than the size of the argument list

Below is my coding 

Imports System.Data.OleDb
Public Class form2


    Dim Mycn As OleDbConnection
    Dim Command As OleDbCommand
    Dim icount As Integer
    Dim SQLstr As String

    Private Sub Button1_Click_2(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        Try
            Mycn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\lenovo\Documents\Final year stuff\BookStoreDb.mdb;")
            Mycn.Open()

            SQLstr = String.Format("INSERT INTO login VALUES('{0}','{1}','{2}','{3}','{4}')", TextBox1.Text, TextBox2.Text)
            Command = New OleDbCommand(SQLstr, Mycn)


            icount = Command.ExecuteNonQuery
            MessageBox.Show(icount)


        Catch ex As Exception
            MessageBox.Show(ex.Message & " - " & ex.Source)
            Mycn.Close()
        End Try
    End Sub



    Private Sub Button2_Click(sender As System.Object, e As System.EventArgs) Handles Button2.Click
        Me.Close()

    End Sub

End Class
user3726806
  • 1
  • 2
  • 1
    You aren't filling in all of the arguments in your call to String.Format. – Mike Cheel Jun 10 '14 at 16:10
  • 1
    you have 5 placeholders for String.Format, but only 2 values. That SQL is open to SQL injection attacks, you should use Parameters and both problems will go away. Also, the ticks ( ` ' `) in the SQL string, force all the values to string, which may or may not be what you want depending on the table. – Ňɏssa Pøngjǣrdenlarp Jun 10 '14 at 16:13
  • isit i need to put all the fields in the login table or the fields that i want to insert data? – user3726806 Jun 10 '14 at 16:15
  • 1
    if you are only supplying SOME table values, you need to change the SQL to tell it WHICH columns you wish to INSERT, then you can provide just those values: `"INSERT INTO Login ([User], [Password]) VALUES ('{0}','{1}')"`. But the big problem is [SQL injection](http://stackoverflow.com/q/332365/1070452). Parameters will eliminate that and issues with ticks in SQL – Ňɏssa Pøngjǣrdenlarp Jun 10 '14 at 16:32

1 Answers1

0

As Plutonix suggested, just specify the two fields.

You can combine that with the parameters so you are also safe from injection attacks.

Try the following:

SQLstr = String.Format("INSERT INTO Login (User, Password) VALUES ('{0}','{1}')", TextBox1.Text, TextBox2.Text)
Command = New OleDbCommand(SQLstr, Mycn)
ilans
  • 2,537
  • 1
  • 28
  • 29