1

I'm making a form to add accounts to my login application if you can help that would be awesome.

I'm only 11 so this might be a dumb question!

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Login_Viper_Safe
{
    public partial class Form3 : Form
    {
        private OleDbConnection connection = new OleDbConnection();
        public Form3()
        {
            InitializeComponent();
            connection.ConnectionString =   @"Provider=Microsoft.ACE.OLEDB.12.0; Data Source=C:\Users\SillyTen9\Documents\UserDatabase.accdb; Persist Security Info=False;";
    }

    private void Form3_Load(object sender, EventArgs e)
    {

    }

    private void button1_Click(object sender, EventArgs e)
    {
        try
        {
            connection.Open();
            OleDbCommand command = new OleDbCommand();
            command.Connection = connection;
            command.CommandText = "INSERT INTO UserDatabase ([Username], [Password], FirstName, LastName) VALUSES('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "')";
            command.ExecuteNonQuery();
            MessageBox.Show("Signed Up!");
        }
        catch (Exception ex)
        {
            MessageBox.Show("Error " + ex);
        }
    }
}
Bassie
  • 9,529
  • 8
  • 68
  • 159
  • 3
    `VALUSES` should be `VALUES` – Mairaj Ahmad Dec 16 '16 at 12:58
  • Side notes: 1. Use parameters for your values. 2. Try not to use class scoped connections, instead create them when you need them and then close them. 3. Wrap your connections in a `using` block when you create them as well as any other types that implement `IDisposable` like `OleDbCommand`. 4. Put your connection string in the `app.config` and retrieve it from there when needed. – Igor Dec 16 '16 at 13:06
  • 1
    Try to avoid SQL the way you are doing it currently and use paramaterised queries to avoid SQL injection and other nasty things. http://stackoverflow.com/questions/7505808/why-do-we-always-prefer-using-parameters-in-sql-statements – Steve Dec 16 '16 at 13:07

2 Answers2

1

you have error on values (extra s):

 "INSERT INTO UserDatabase ([Username], [Password], FirstName, LastName) VALUES( ...

Also it is important to use parameters:

command.CommandText = "INSERT INTO UserDatabase ([Username], [Password], FirstName, LastName) VALUES (@param1,@param2,@param3,@param4)";
command.Parameters.AddWithValue("@param1",textBox1.Text);
command.Parameters.AddWithValue("@param2",textBox2.Text);
command.Parameters.AddWithValue("@param3",textBox3.Text);
command.Parameters.AddWithValue("@param4",textBox4.Text);
...
apomene
  • 14,282
  • 9
  • 46
  • 72
0

You make typo error its Values not VALUSES in Insert Query

command.CommandText = "INSERT INTO UserDatabase ([Username], [Password], FirstName, LastName) VALUES('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "')";
Meer
  • 656
  • 9
  • 18