0

Sorry to be asking this I know there are many other questions and have tried to use the solutions provided but I just cannot get my code to work. Thanks for looking!

Connection String as shown in Properties:

Data Source=(LocalDB)\v11.0;AttachDbFilename="C:\Users\Jacob\Documents\Visual Studio 2013\Projects\WindowsFormsApplication2\WindowsFormsApplication2\ChatDB.mdf";Integrated Security=True

Connection string in app.config:

Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\ChatDB.mdf;Integrated Security=True

Error: An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Incorrect syntax near the keyword 'User'.

Code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
//NC-1 More namespaces.
using System.Data.SqlClient;
using System.Configuration;

namespace WindowsFormsApplication2
{
    public partial class SignUp : Form
    {
        string connstr = ConfigurationManager.ConnectionStrings["WindowsFormsApplication2.Properties.Settings.ChatDBConnectionString"].ToString();

        public SignUp()
        {
            InitializeComponent();
        }

        private void label1_Click(object sender, EventArgs e)
        {

        }

        private void SubmitBtn_Click(object sender, EventArgs e)
        {
            string Name = NameText.Text;
            string Pwd = PwdText.Text;
            //make sure they have entered text
            if (Name.Length > 0 && Pwd.Length > 0)
            {
               SqlConnection conn = new SqlConnection(connstr);

                //NC-10 try-catch-finally
                try
                {
                    //NC-11 Open the connection.
                    conn.Open();

                    SqlCommand insert = new SqlCommand();
                    insert.Connection = conn;
                    insert.CommandText = "INSERT INTO [User] (Name,Password) VALUES ('" + Name + "','" + Pwd + "')";

                    insert.ExecuteNonQuery();
                    MessageBox.Show("Congrats!!!");

                }
                catch
                {
                    //NC-14 A simple catch.

                    MessageBox.Show("User was not returned. Account could not be created.");
                }
                finally
                {
                    //NC-15 Close the connection.
                    conn.Close();
                }
            }
            //if no text make them enter
            else
            {
                MessageBox.Show("Please enter Text in both fields.");
            }
        }
    }
}

Again thank you for looking.

Ulfalizer
  • 4,664
  • 1
  • 21
  • 30
tnyN
  • 808
  • 6
  • 16
  • Check your SQL Query. – Onel Sarmiento Apr 21 '15 at 01:00
  • Grant Winney unfortunately that is the only query in the solution, I just started using visual studio and c#. – tnyN Apr 21 '15 at 01:05
  • 1
    You've definitely created a `User` table? – Brent Mannering Apr 21 '15 at 01:07
  • Not directly related, but don't compose a SQL strings, use a parameterized query, to prevent SQL injection. [Little Bobby Tables](http://bobby-tables.com/) is not that nice. – Alex Apr 21 '15 at 01:08
  • Please use parametrized Commands. In the format that you are building your query currently you are very open to SQLInjection attacks. More info [here](http://www.dotnetperls.com/sqlparameter) and [here](http://www.dreamincode.net/forums/topic/268104-parameterizing-your-sql-queries-the-right-way-to-query-a-database/) – Bernd Linde Apr 21 '15 at 01:09
  • I was just trying to get it working so I did it as basic as I could step by step. – tnyN Apr 21 '15 at 01:10
  • Yes There is a User table I just double checked. – tnyN Apr 21 '15 at 01:11

1 Answers1

1

The problem is your SQL Query because you use a Reserved Keywords

Try to change your table name to tblUser.

I also suggest to use a parameterize query to prevent future SQL injection: (For Example)

@"INSERT INTO [User] (Name,Password) VALUES (@Name, @Password);"
Onel Sarmiento
  • 1,608
  • 3
  • 20
  • 46
  • I was about to try that actually, change the name I mean, how exactly do I do that? Sorry for the ignorance. – tnyN Apr 21 '15 at 01:13
  • @GrantWinney Yeah, I know that, but the only reason I know that will cause that error is the reserved keywords. – Onel Sarmiento Apr 21 '15 at 01:13
  • @tnyN better to create a new table with table name `tblUser` and don't use reserved keyword – Onel Sarmiento Apr 21 '15 at 01:19
  • 1
    Not sure why this worked but it did, I now cannot see my data I inserted but I think that it might be there but isn't showing up. – tnyN Apr 21 '15 at 01:39
  • @tnyN maybe you din't sent any data into parameters? – Onel Sarmiento Apr 21 '15 at 03:28
  • Maybe, the weird part is after sign up if i go to login without exiting out my program says user exists. However if I exit out the user isn't in the db and if I run it again it says user dne. – tnyN Apr 22 '15 at 02:50