0

can i ask about this, im getting syntax error in INSERT INTO statement. whenever i press ctrl+f5. is there anything missing with my code?

Protected Sub btnEnter_Click(sender As Object, e As System.EventArgs) Handles btnEnter.Click

    Dim CID As Integer = CInt(lblCno.Text)
    Dim tRentID As String = txtRentID.Text
    Dim pList As String = ProductList.Text
    Dim tDate As Date = lblDue.Text
    Dim amount As Integer = CInt(txtAmount.Text)
    Try
        Dim dbconn1, dbcomm1, dbex1, sql1
        dbconn1 = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;" & "Data Source=" & Server.MapPath("~/App_Data/aspDatabase.mdb"))
        dbconn1.open()
        sql1 = "Insert into order VALUES ( " & "'" & tRentID & "'" & "," & "'" & tDate & "'" & "," & "'" & amount & "'" & "," & "'" & CID & "'" & "," & pList & ")"
        dbcomm1 = New OleDbCommand(sql1, dbconn1)
        dbex1 = dbcomm1.executenonquery
        dbconn1.Close()
    Catch ex As Exception
        lblOut.Text = ex.Message
    End Try
End Sub
End Class
Improve this question
2
  • 1
    I would strongly encourage you to use parameterized queries. This insert statement is a SQL injection disaster waiting to happen Commented Jul 28, 2013 at 3:37
  • @TimothyHenrySusanto You can make your statement easier to read by reducing, for example, & "'" & "," & "'" & to & "','" &, but parameterized queries are the best option. Commented Jul 28, 2013 at 3:41

1 Answer 1

Reset to default
3

ORDER is a reserved keyword. Surround it in square brackets [order] (or back-ticks, depending on the database you are using). It is square brackets for Access.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.