Going from dataset to access database C#

Question

Ok so I have been working on this in for while and I am still having trouble figuring out what is wrong with my code. The error is very vague it is {"Syntax error in INSERT INTO statement."}. Below will be the code I am using. Thanks ahead of time for your help!

   private void CreateSQL()
    {
        List<string> dataList = new List<string>();
        string delimiter = "|";
        string tableName = "MainAssets";
        string fileName = "RunningMaster.csv";

        DataSet data = new DataSet();
        StreamReader sr = new StreamReader(fileName);
        data.Tables.Add(tableName);
        data.Tables[tableName].Columns.Add("Plant");
        data.Tables[tableName].Columns.Add("Class");
        data.Tables[tableName].Columns.Add("Depr Account");
        data.Tables[tableName].Columns.Add("Inventory Number");
        data.Tables[tableName].Columns.Add("Dept");
        data.Tables[tableName].Columns.Add("Location");
        data.Tables[tableName].Columns.Add("Cap Date");
        data.Tables[tableName].Columns.Add("Last Inventoried");
        data.Tables[tableName].Columns.Add("Deactivation");
        data.Tables[tableName].Columns.Add("Asset Description");
        data.Tables[tableName].Columns.Add("Acquis Val");
        data.Tables[tableName].Columns.Add("Monthly Dep");
        data.Tables[tableName].Columns.Add("Ord dep post");
        data.Tables[tableName].Columns.Add("Accum Dep");
        data.Tables[tableName].Columns.Add("Book Val");
        data.Tables[tableName].Columns.Add("Serial");
        data.Tables[tableName].Columns.Add("Inventory Comments");
        data.Tables[tableName].Columns.Add("LFAC");
        data.Tables[tableName].Columns.Add("Room");
        data.Tables[tableName].Columns.Add("Pysical Location");
        data.Tables[tableName].Columns.Add("Manufacturer");
        data.Tables[tableName].Columns.Add("EFO");
        data.Tables[tableName].Columns.Add("Updated");
        data.Tables[tableName].Columns.Add("Status");
        data.Tables[tableName].Columns.Add("Inventory State");
        data.Tables[tableName].Columns.Add("Inventoried By");
        data.Tables[tableName].Columns.Add("Prior Room");
        string allData = sr.ReadToEnd();
        string[] rows = allData.Split("\r".ToCharArray());
        rows = rows.Skip(1).ToArray();

        foreach(string r in rows)
        {
            string[] items = r.Split(delimiter.ToCharArray());
            data.Tables[tableName].Rows.Add(items);
        }
        // this.dataGridView1.DataSource = data.Tables[0].DefaultView;

        for (int i = 0; i <= data.Tables[tableName].Rows.Count - 1; i++)
        {
            MessageBox.Show(data.Tables[tableName].Rows[0][4].ToString());
                OleDbConnection myConnection = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source= hello.accdb");
                OleDbCommand cmd = new OleDbCommand();
                myConnection.Open();
                cmd.Connection = myConnection;
            cmd.CommandText = "INSERT INTO Asset Inventory ([ID],[Plant],[Class],[Depr Account],[Inventory Number],[Dept],[Location],[Cap Date],[Last Inventoried],[Deactivation],[Asset Description],[Acquis Val],[Monthly Dep],[Ord dep posted],[Accum dep],[Book Val],[Serial],[Inventory Comment],[LFAC],[Room],[Pysical Location],[Manufacturer],[EFO],[Updated],[Status],[Inventory State],[Inventory By],[Prior Room])" +
            "VALUES ('" + data.Tables[tableName].Rows[i][0].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][1].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][2].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][3].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][4].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][5].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][6].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][7].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][8].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][9].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][10].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][11].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][12].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][13].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][14].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][15].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][16].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][17].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][18].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][19].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][20].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][21].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][22].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][23].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][24].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][25].ToString() + "' , '" +
                          data.Tables[tableName].Rows[i][26].ToString() + "' , '" ;


                cmd.ExecuteNonQuery();
                myConnection.Close();

score 0 · Answer 1 · answered Jun 02 '16 at 14:07

0

Your table name seems to have a space in it's name, you can surround it with []:

INSERT INTO [Asset Inventory] ( ....

But it would be better to name it AssetInventory or Asset_Inventory instead.

Apart from this bad design decision you should also fix that you use string concatenation instead of sql-parameters. You might be vulnerable to sql injection currently.

answered Jun 02 '16 at 14:07

Tim Schmelter

450,073
74
686
939

@DisarmedDevo: you're welcome. Remember to accept the answer – Tim Schmelter Jun 03 '16 at 11:33

Going from dataset to access database C#

1 Answers1