C# Exception Overflow OleDB Error (Connecting My.ASP Web Form to an Access DB)

Question

I'm trying to connect my ASP.NET online registration form to MS Access backend database. The connection code I'm using is

string myQuery = "INSERT INTO Parent([Username], [FirstName], [Surname], [Email], [Mobile], [Postcode], [Password]) values('" + Usernametb.Text + "','" + Firsttnametb.Text + "','" + Surnametb.Text + "','" + Emailtb.Text + "','" + Mobiletb.Text + "','" + Postcodetb.Text + "','" + Passwordtb.Text + "')";
string connString = @"Provider = Microsoft.ACE.OLEDB.12.0; Data Source = C:\Users\Z\Desktop\database\WorkDatabase.accdb";
try
{
    using (OleDbConnection myConnection = new OleDbConnection(connString))
    {
        using (OleDbCommand myCommand = myConnection.CreateCommand())
        {
            myCommand.CommandText = myQuery;
            myConnection.Open();
            myCommand.ExecuteNonQuery();
            SuccReglbl.Text = "successful registration";
        }
    }
}
catch (Exception ex)
{
    SuccReglbl.Text = "Exception in DBHandler " + ex.Message;
}

I keep getting an error when I click on the "Register" button. saying "Exception in DBHandler Overflow"

[Mobile] is not an integer type in the table is it? - Your code is vulnerable to SQL Injection, you must rewrite to use paramaters: https://stackoverflow.com/questions/5893837/using-parameters-inserting-data-into-access-database — Alex K., Dec 07 '17 at 19:09
@AlexK. well, Mobile is the section in which the user types in their mobile number as an integer so yes it is. Also, this program is a private project, not one that I'm actually using online, so I dont think SQL injections can affect me — Zalgawi, Dec 07 '17 at 19:10
A phone number is not an integer its a string, make the column text. — Alex K., Dec 07 '17 at 19:11
As for SQL injection, when your code is working see what happens if you save the surname `o'keefe` — Alex K., Dec 07 '17 at 19:12
To disregard parameterizing your queries - which by the way is very easy - is not wise. It's helpful not only to prevent SQL Injection, but also for code readability. — Oli, Dec 07 '17 at 19:19
That is not the entire exception message. The label is too short to contain the entire message. Put a break point in the catch block and update the question with the entire exception details. I think you may have stuffed a number too large for the data type into the database. — Crowcoder, Dec 07 '17 at 20:05

C# Exception Overflow OleDB Error (Connecting My.ASP Web Form to an Access DB)

0 Answers0