0

I am learning to connect to Microsoft Access and write into the database. I created a database in Access and would like to insert data into it.

 OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Amin\Desktop\NamesDatabase1.accdb");

 OleDbCommand cmd = new OleDbCommand();
 string FN = textBox1.Text;
 string LN = textBox2.Text;

 cmd.CommandText = "INSERT INTO Names (FirstName, LastName) Values (FN,LN)";
 cmd.Connection = conn;

 conn.Open();
 cmd.ExecuteNonQuery();

Before I run there seems to be no error. I run the program, update my textBox1.text and textBox2.text and press SAVE, then I get an error:

SYNTAX ERROR in SQL statement Insert into

What did I do wrong??

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Amin Elaghil
  • 3
  • 1
  • You need to get into the habit of using parameters like this: http://stackoverflow.com/questions/5893837/using-parameters-inserting-data-into-access-database which will solve this issue and keep you safe from SQL Injection. – Alex K. Apr 06 '17 at 15:35
  • 2
    As it stands the query fails because FN/LN are not interpolated into the string automagically. – Alex K. Apr 06 '17 at 15:35

2 Answers2

3

In your insert you are trying to add as Values FN and LN. Those values does not exists in the command scope, so it does not know what tu do with it. What you want is instead set those values as parameters and then add them with their value to the command:

OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Amin\Desktop\NamesDatabase1.accdb");
OleDbCommand cmd = new OleDbCommand();
string FN = textBox1.Text;
string LN = textBox2.Text;
cmd.CommandText = "INSERT INTO Names (FirstName, LastName) Values (@FN,@LN)";
cmd.Connection = conn;
cmd.Parameters.Add(new OleDbParameter("@FN", FN));
cmd.Parameters.Add(new OleDbParameter("@LN", LN));
conn.Open();
cmd.ExecuteNonQuery();
Pikoh
  • 7,582
  • 28
  • 53
  • 1
    oledb needs `?` rather than `@IDENTIFIER` placeholders I think – Alex K. Apr 06 '17 at 15:36
  • No, it works perfectly with @ if you are using Access. The important thing is to keep the adding to the collection in the same order of the placeholders. – Steve Apr 06 '17 at 15:37
  • @AlexK. it depends on the driver – Scott Chamberlain Apr 06 '17 at 15:38
  • I think it would work like this as others have said. The important thing is the order – Pikoh Apr 06 '17 at 15:39
  • 1
    I would just like to comment for other users: I have seen many posters say that they didn't use parameters because they were harder to use. I think this answer demonstrates that parameters are just as easy as using concatenated strings and much safer. In fact, I think it is easier! – Chris Dunaway Apr 06 '17 at 19:14
  • I totally agree @ChrisDunaway. Parameters are easier and safer. Lots of questions here about inserting datetimes would be solved just by using parameters. – Pikoh Apr 06 '17 at 19:40
0

You code is breaking because FN and LN are C# variables and you are trying to pass them to query as it is. That does not result in correct syntax in SQL.

You need to pass FN and LN as parameters to the query.

Change you code to following.

OleDbConnection conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Amin\Desktop\NamesDatabase1.accdb");
OleDbCommand cmd = new OleDbCommand();
string FN = textBox1.Text;
string LN = textBox2.Text;
cmd.CommandText = "INSERT INTO Names (FirstName, LastName) Values (@FN,@LN)";
cmd.Parameters.Add(new OleDbParameter("@FN", FN));
cmd.Parameters.Add(new OleDbParameter("@LN", LN));
cmd.Connection = conn;
conn.Open();
cmd.ExecuteNonQuery();

This should resolve your issue.

Chetan
  • 6,711
  • 3
  • 22
  • 32