0

i have a problem i can not see it

SqlConnection con = new SqlConnection();
        con.ConnectionString = "Data Source=(local);Initial Catalog=MyDb;Integrated Security=True";
        con.Open();
        SqlCommand cmd = new SqlCommand("insert into User(Username,Password,Firstname,Lastname,Email) VALUES(@user,@pass,@fname,@lname,@emai)", con);
        cmd.Parameters.AddWithValue("@user", TxtUserN.Text);
        cmd.Parameters.AddWithValue("@pass", txtpass.Text);
        cmd.Parameters.AddWithValue("@fname", txtFName.Text);
        cmd.Parameters.AddWithValue("@lname", txtLName.Text);
        cmd.Parameters.AddWithValue("@emai", TxtEmail.Text);
        cmd.ExecuteNonQuery();
        MessageBox.Show("You are registered");

I get a error saying that i have

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll

Additional information:

Incorrect syntax near the keyword 'User'.

My db is 

[ID]
      ,[Username]
      ,[Password]
      ,[Firstname]
      ,[Lastname]
      ,[Email]
  FROM [MyDb].[dbo].[User]
Pranav Bilurkar
  • 955
  • 1
  • 9
  • 26
Kalle
  • 21
  • 4

2 Answers2

1

User is a keyword, needs to be quoted:

insert into [User] (Username,Password,Firstname,Lastname,Email) VALUES(@user,@pass,@fname,@lname,@emai)

Also, never store passwords in clear. Use a salted cryptographic hash.

Community
  • 1
  • 1
Remus Rusanu
  • 288,378
  • 40
  • 442
  • 569
  • Thanks for you're help and yeah i will look in to salted cryptographic hash this was just a start on it – Kalle Feb 17 '15 at 13:20
0

User is the reserved keyword in SQL so try query like:

insert into [User] (Username,Password,Firstname,Lastname,Email) 
VALUES(@user,@pass,@fname,@lname,@emai)

Here is list of reserved keywords in sql => link

Jenish Rabadiya
  • 6,708
  • 6
  • 33
  • 62