0
private void button1_Click(object sender, EventArgs e)
{
    try
    {
        OleDbConnection connection = new OleDbConnection();
        connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Sanket\Desktop\Practice\C# practice\AIChatbot\Db\Login.accdb;Persist Security Info=False;";

        connection.Open();

        string query = "insert into userLogin(username,password)values('" + tuser.Text + "','" + tpassword.Text + "')";
        OleDbCommand cmd = new OleDbCommand(query,connection);

        int a = cmd.ExecuteNonQuery();
        connection.Close();
    }
    catch (Exception c)
    {
        MessageBox.Show("Error"+c);
    }
}

enter image description here

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Sanket Wankhede
  • 17
  • 3
  • [SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection - check out [Little Bobby Tables](http://bobby-tables.com/) – marc_s Jan 31 '20 at 13:11
  • Password is a reserved keyword in access- You need to write [Password] and learn as soon as possible how to write parameterized queries – Steve Jan 31 '20 at 13:11
  • Does this answer your question? [Error Code 0x80040E14 update syntax error](https://stackoverflow.com/questions/24341476/error-code-0x80040e14-update-syntax-error) – Mathias Jan 31 '20 at 13:31

1 Answers1

0

Here the problems of your current code:

  • Password is a reserved keyword in Access. You need to enclose it in square brackets
  • Concatenating strings to create SQL queries is well known for its problems (Sql Injection, parsing)
  • Connections should be opened, used and then disposed. Use the using statement

Another weak point from a security view is the fact that you store passwords in plain text inside your database. Anyone able to make a copy of that file will know your users passwords. Search how to hash and salt passwords to store them in a database 


private void button1_Click(object sender, EventArgs e)
{
    try
    {
        using(OleDbConnection connection = new OleDbConnection())
        {
            connection.ConnectionString = @".....";
            connection.Open();
            string query = @"insert into userLogin(username,[password])
                             values(@user, @pass)";
            OleDbCommand cmd = new OleDbCommand(query,connection);
            cmd.Parameters.Add("@user", OleDbType.VarWChar).Value = tuser.Text;
            cmd.Parameters.Add("@pass", OleDbType.VarWChar).Value = tpassword.Text;
            int a = cmd.ExecuteNonQuery();
        }
    }
    catch (Exception c)
    {
        MessageBox.Show("Error"+c);
    }
}
Steve
  • 213,761
  • 22
  • 232
  • 286