0

I am creating a login menu and I put in the details:

Username:test2
Email:Test2
Password: testPassword
Confirm Password: testPassword

The confirm password must be the same as password for it to go into the database so it would be one value

enter image description here

then i get the error:

System.Data.SqlClient.SqlException: 'Invalid column name 'test2test2testPassword'. There are more columns in the INSERT statement than values specified in the VALUES clause. The number of values in the VALUES clause must match the number of columns specified in the INSERT statement.'

Could someone help?

stuartd
  • 70,509
  • 14
  • 132
  • 163
ThatDude
  • 11
  • 3
  • 5
    Take a look at your generated SQL. It probably looks something like `... VALUES(usernameuser@domain.compassword)`. You forgot to put any commas in, or quote your values. In fact, you shouldn't be constructing SQL queries like this anyway -- ever heard of SQL injection? Use a parameterised query. – canton7 Oct 25 '21 at 13:11
  • 2
    Secondly, please put code in `code sections` not images of code. – T.Trassoudaine Oct 25 '21 at 13:14
  • 3
    If you had actually looked at the SQL you have generated, it would have been very obvious where the problem is. – DavidG Oct 25 '21 at 13:18
  • You should also dispose your connection and command with a `using` – Charlieface Oct 25 '21 at 13:44

2 Answers2

2

The comments covered it pretty well but you are missing seperation between your values in your query on top of that you should not trust user entered text and use it directly in to queries

you should used paramatized commands like this

var checkCount =
    new SqlCommand("insert into [TableName] (id, othercolumn) VALUES(@id, @otherColumn)",
                    conn);
checkCount.Parameters.AddWithValue("@id", id);
checkCount.Parameters.AddWithValue("@otherColumn", otherColumn);
bgore
  • 98
  • 1
  • 11
1

Multiple problems in your code:

  1. You should use parameters in your queries: https://learn.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlcommand.parameters?view=dotnet-plat-ext-5.0
  2. The values should be comma separated:
insert into RegisterTable(RegUsername, RegEMail, RegPassword)
                   Values('test2','test2','testPassword')
  1. Never store unhashed passwords in your database. See Best way to store password in database
Caius Jard
  • 72,509
  • 5
  • 49
  • 80
Athanasios Kataras
  • 25,191
  • 4
  • 32
  • 61
  • 3
    And, storing passwords without hashing them first is an invitation to cybercreeps to hack your users. – O. Jones Oct 25 '21 at 13:17