-2

So basically I have this project where there is a sign up form. I made all necessary steps in it but when I input in the textboxes it gave me an exception "Syntax error (missing operator) in query expression 'Paula Angela'." I guess because it has a space in it or something because when I run it again and made the texts not have any spaces in them, it worked. I was wondering what code should I put so that even though the record has space in them the project would run without errors?

Sorry, so this is my code

Public Class Create_an_account

Dim cnn As New OleDb.OleDbConnection

 Private Sub txtConfirm_TextChanged(sender As System.Object, e As System.EventArgs) Handles txtConfirm.TextChanged

    If Not txtConfirm.Text = txtPass.Text Then
        Label11.Text = "Passwords do not match"
    Else
        Label11.Text = ""
    End If
End Sub

Private Sub RefreshData()
    If Not cnn.State = ConnectionState.Open Then
        cnn.Open()
    End If

    Dim da As New OleDb.OleDbDataAdapter("SELECT [First Name], " & _
                                 "[Last Name], [Address], [Contact Number], [Username], " & _
                                 "[Email Address], [Password], [Credit Card Number] " & _
                                 " FROM Accounts ORDER BY [First Name]", cnn)
    Dim dt As New DataTable

    da.Fill(dt)

    My_Account.dgvAccount.DataSource = dt

    cnn.Close()
End Sub



Private Sub btnRegister_Click(sender As System.Object, e As System.EventArgs) Handles btnRegister.Click

    If txtFirst.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label16.Text = "*"
    End If

    If txtLast.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label15.Text = "*"
    End If

    If txtAddress.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label14.Text = "*"
    End If

    If txtContact.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label13.Text = "*"
    End If

    If txtUsername.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label17.Text = "*"
    End If

    If txtEmail.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label18.Text = "*"
    End If

    If txtPass.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label19.Text = "*"
    End If

    If txtConfirm.Text = "" Then
        Me.Show()
        Label12.Text = "Some required information is missing. Please fill up marked label/s."
        Label20.Text = "*"
    End If

    If txtFirst.Text <> "" And txtLast.Text <> "" And txtAddress.Text <> "" And txtContact.Text <> "" And _
       txtUsername.Text <> "" And txtEmail.Text <> "" And txtPass.Text <> "" And txtConfirm.Text <> "" Then

        Dim cmd As New OleDb.OleDbCommand
        If Not cnn.State = ConnectionState.Open Then
            cnn.Open()
        End If


        cmd.Connection = cnn
        cmd.CommandText = "INSERT INTO Accounts([First Name], [Last Name], [Address], " & _
                          "[Contact Number], [Username], [Email Address], [Password], [Credit Card Number]) " & _
                            " VALUES(" & txtFirst.Text & ",'" & txtLast.Text & "','" & _
                            txtAddress.Text & "','" & txtContact.Text & "','" & _
                            txtUsername.Text & "','" & txtEmail.Text & "','" & txtPass.Text & "','" & _
                            txtCredit.Text & "')"

        cmd.Parameters.AddWithValue("@p1", txtFirst.Text)
        cmd.Parameters.AddWithValue("@p2", txtLast.Text)
        cmd.Parameters.AddWithValue("@p3", txtAddress.Text)
        cmd.Parameters.AddWithValue("@p4", txtContact.Text)
        cmd.Parameters.AddWithValue("@p5", txtUsername.Text)
        cmd.Parameters.AddWithValue("@p6", txtEmail.Text)
        cmd.Parameters.AddWithValue("@p7", txtPass.Text)
        cmd.Parameters.AddWithValue("@p8", txtCredit.Text)

        cmd.ExecuteNonQuery()

        RefreshData()

        cnn.Close()





        MsgBox("Account created successfully.", MsgBoxStyle.Information, "Sign Up")
        Me.Hide()
        Login_Form.Show()
        Me.Close()

    End If


End Sub

Private Sub btnCancel_Click(sender As System.Object, e As System.EventArgs) Handles btnCancel.Click
    Select Case MsgBox("Do you want to go back?", MsgBoxStyle.YesNo, "Cancel")
        Case MsgBoxResult.Yes
            Me.Hide()
            Login_Form.Show()
            Me.Close()
        Case MsgBoxResult.No
            Me.Show()
    End Select


End Sub
Paula Angela Cua
  • 19
  • 4
  • 1
    Please post your code. We shouldn't have to guess what your code looks like. – Enigmativity Jan 05 '15 at 10:41
  • Sorry for my rush.i misread question.realized only after reading the code. – akhil kumar Jan 05 '15 at 10:51
  • Does it work if you change your query to this: `"SELECT Username, Password FROM [Accounts] where Username=@p5 and Password=@p7"`? – Enigmativity Jan 05 '15 at 10:59
  • You shouldnt store passwords in plainview... hash and salt it...just a thought. – Trevor Jan 05 '15 at 11:07
  • I don't understant how is possible to have that error because your SQL statement has fistName and lastName delimited with comma .. Why you create the paramenters and you don;t use them !?? SO USE paramenters in VALUES like @p1 instead " & txtFirst.Text & ", and your statement wil be like that ' ** VALLUE (@p1, @ p2, @ p3, ... ) **' – CristiC777 Jan 05 '15 at 14:40

1 Answers1

0

When using prepared statements you need to provide a name for your placeholders in order to reference them later on with the AddWithValue() procedure.

See also this question and the use of the "@image" identifier

Community
  • 1
  • 1
aPhilRa
  • 157
  • 1
  • 8