Can't add data to Access database

Question

For some reason when I try to add data to my database I keep getting:

A first chance exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll

Additional information: Missing semicolon (;) at end of SQL statement.

Here is my code. Now I have installed the database engine, and I have changed the cpu to x86.

Private Sub SaveButton_Click(sender As Object, e As EventArgs) Handles SaveButton.Click


    If DirectCast(AdminCheckBox, CheckBox).Checked = True Then

        Dim result1 As Integer
        Dim cmd As New OleDb.OleDbCommand
        cnn = New OleDb.OleDbConnection
        cnn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=" & "C:\Users\daNo\Documents\Visual Studio 2013\Projects\WindowsApplication1\WindowsApplication1\bin\chem.accdb;"

        If Not cnn.State = ConnectionState.Open Then
            cnn.Open()

        End If

        result1 = MsgBox("Are you sure you want to add this user a admin?", MsgBoxStyle.YesNo, "Add New User")

        If result1 = vbYes Then

            cmd.Connection = cnn
            cmd.CommandText = "INSERT INTO Users(UserName, [password], Email) " & _
                              "VALUES(?,?,?)'"

            cmd.Parameters.AddWithValue("@p1", Me.UserNameTextBox.Text)
            cmd.Parameters.AddWithValue("@p2", Me.PasswordTextBox2.Text)
            cmd.Parameters.AddWithValue("@p3", Me.EmailTextBox.Text)

            cmd.ExecuteNonQuery()

            MsgBox("Account has been created!", MsgBoxStyle.OkOnly, "Add New User")

            Dim ACCSETTINGS As New ACCSETTINGS
            ACCSETTINGS.Show()
            Me.Hide()

            Me.Close()

        ElseIf result1 = vbNo Then

            Dim NEWUSER As New NewUser
            NEWUSER.Show()
            Me.Hide()

        End If

    End If

This is just part of the code, everything else is declared. – Danny Goodman Oct 07 '14 at 03:04 — Danny Goodman, Oct 07 '14 at 03:04

score 1 · Answer 1 · edited May 23 '17 at 11:49

1

Username, Password and EMail are text fields, so you need to pass the values for them enclosed in single quotes. Your command misses these quotes around the values in the string concatenation that build the command. Something like this

"INSERT INTO Users(UserName, [password], Email) VALUES('" & Me.UserNameTextBox.Text & "'....

but this is a really bad way to construct an sql command. You should ALWAYS use a parameterized query

Dim result1 = MsgBox("Are you sure you want to add this user a admin?", MsgBoxStyle.YesNo, "Add New User")
If result1 = vbYes Then
    Using cnn = New OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;.....")
    Using cmd = new OleDb.OleDbCommand("INSERT INTO Users(UserName, [password], Email) " & _
                                        "VALUES(?,?,?)"
        cnn.Open()
        cmd.Parameters.AddWithValue("@p1",Me.UserNameTextBox.Text)
        cmd.Parameters.AddWithValue("@p2",Me.PasswordTextBox2.Text)
        cmd.Parameters.AddWithValue("@p3",Me.EmailTextBox.Text)
        Dim rowAdded = cmd.ExecuteNonQuery()
        if rowAdded > 0 Then
              MessageBox.Show("Account has been created!")
              ....
        Else
              MessageBox.Show("Problems!")
        End If
End If

Parameterized query removes the need to construct complex query text by concatenating pieces of input values from your user, adding the required quotes for strings (eventually parsing for embedded quotes), checking for correct decimal separator when needed, passing dates in correct format, but the most important thing, a parameterized query removes the possibility of Sql Injection where your malicious user prepare special formatted string that could wreak havoc the database.

As a side note. Storing passwords in clear text is really a bad practice from a security standpoint. Depending on the context of your application this is a thing to not downplay. If someone could grab a copy of your database file he could read every user password stored.

EDIT

Checking again the string used in the connection string to set the database name it appears really wrong.

Here, splitted for readability

"...;Data Source=" & Application.StartupPath & "C:\Users\daNo\Documents\" & _
"Visual Studio 2013\Projects\WindowsApplication1\WindowsApplication1\bin\chem.accdb;..."

This results in a wrong path to the database. If you have a fixed location where you store the accdb file then you could remove that Application.StartupPath

edited May 23 '17 at 11:49

Community

1
1

answered Oct 07 '14 at 05:50

Steve

213,761
22
232
286

doesnt change anything. – Danny Goodman Oct 07 '14 at 16:21
A first chance exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll Additional information: Not a valid file name. – Danny Goodman Oct 07 '14 at 16:21
Look at your connection string. It is wrong. Remove that Application.StartupPath – Steve Oct 07 '14 at 16:27
A first chance exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll Additional information: Could not find file 'C:\Users\daNo\Documents\Visual Studio 2013\Projects\WindowsApplication1\WindowsApplication1\bin\x86\Debug\chem.accdb'. Im thinking its something to do with my access files? I dont think its in the code. – Danny Goodman Oct 07 '14 at 17:23
Alright, So next problem. A first chance exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll Additional information: Missing semicolon (;) at end of SQL statement. happens on cmd.executenonquery() – Danny Goodman Oct 07 '14 at 17:35
There is an unnecessary quote after the closing parenthesys: `VALUES(?,?,?)` – Steve Oct 07 '14 at 18:14
I dont know where i would even put a ; – Danny Goodman Oct 07 '14 at 18:31
2

turns out it is because i had the DB open. – Danny Goodman Oct 07 '14 at 18:38
Ok now this is getting crazy now. i have more parts to this i need to do. I just added a feature where it will check if my passwords match or not. that works fine. now i want to make the program check if the user name is already in the database. take a look at the changed code and maybe you could help." ElseIf UserNameTextBox.Text = "FROM Users WHERE Username = '" Then" i know that is not right – Danny Goodman Oct 07 '14 at 19:42
2

@DannyGoodman Please remember that Stack Overflow is a "question and answer" site, designed to be the source of (and searchable archive for) good, concise answers to *specific* questions. If someone helps you get past one hurdle and you encounter another one please don't keep editing your question. Instead, [ask a new question](http://stackoverflow.com/questions/ask) that specifically addresses the new issue. Otherwise your question will devolve into a generic and messy "My program doesn't work" question that will not be terribly helpful to future readers. – Gord Thompson Oct 07 '14 at 20:26
[The Chamaleon Question drama](http://meta.stackexchange.com/questions/43478/exit-strategies-for-chameleon-questions), good point @GordThompson – Steve Oct 07 '14 at 20:34

Can't add data to Access database

1 Answers1