1

I'm currently trying to use C# to add data into an access database (saved as mdb) here is my current code:

namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {

        private OleDbConnection bookConn;
        private OleDbCommand oleDbCmd = new OleDbCommand();
        private String connParam = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Alex\Desktop\Project\example.mdb;Persist Security Info=False";


        public Form1()
        {
            bookConn = new OleDbConnection(connParam);
            InitializeComponent();
        }

        public void add()
        {
            try
            {
                bookConn.Open();
                oleDbCmd.Connection = bookConn;
                oleDbCmd.CommandText = "INSERT INTO Student (StudentID, Module) VALUES ('"+ this.textBox1.Text +"','"+ this.textBox2.Text +"');";
                oleDbCmd.CommandType = CommandType.Text;
                int temp = oleDbCmd.ExecuteNonQuery();
                if (temp > 0)
                {
                    MessageBox.Show("Added");
                }
                else
                {
                    MessageBox.Show("Failed");
                }
                bookConn.Close();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }

        private void button1_Click(object sender, EventArgs e)
        {
            add();
        }


    }
}

When i run this code i get the error message : Syntax error in INSERT INTO statement.

I can't work out what i'm doing wrong when i compare to other examples it seems to be set up right.

Any help to solve this problem would be greatly appreciated.

Improve this question
11
  • 2
    Add those values as sqlParameters to prevent SQL injection, please. Commented Apr 15, 2013 at 16:43
  • 2
    Is StudentID supposed to be a string or an int? Commented Apr 15, 2013 at 16:43
  • what data types are student ID and Module? Commented Apr 15, 2013 at 16:44
  • 1
    And the first comment may be solving your problem too, maybe it's cause by a non-escaped quote character in your textbox ? Commented Apr 15, 2013 at 16:44
  • 1
    Hey guys, HansUp answer was correct, Module was a reserved word, and that was what was causing the problem, thanks for your help! Commented Apr 15, 2013 at 16:54

1 Answer 1

Reset to default
2

Module is a reserved word. Rename the field if possible/practical. If you must keep that as the field name, enclose it in square brackets in your INSERT statement.

oleDbCmd.CommandText = "INSERT INTO Student (StudentID, [Module]) VALUES ('"+ this.textBox1.Text +"','"+ this.textBox2.Text +"');";
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

If you follow the advice to switch to a parameter query, you should still bracket that field name.
Thanks for the help, it worked like a charm, and i am swapping to parameters now. Will accept the answer when the time is up.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.