0

I have some problem when I want to insert data into database ACCESS using C#

The message error is:

System.data.OleDb.OleDbException (0x80040E14): error de syntaxe dans l'instruction INSERT INTO...........

Does someone know what the problem is?

Here is my code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Data.OleDb;
using System.Windows.Forms;

namespace First_cnx
{
    public partial class Form2 : Form
    {
        private OleDbConnection connection = new OleDbConnection();
        public Form2()
        {
            InitializeComponent();
            connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Reeda\Documents\Warface.accdb;
Persist Security Info=False;";
        }

        private void save_Click(object sender, EventArgs e)
        {
            try
            {
                connection.Open();
                OleDbCommand command = new OleDbCommand();
                command.Connection = connection;
                command.CommandText = String.Format(@"INSERT INTO [membre] (Player, Password, Gun, Claass) VALUES('" + player.Text + "', '" + password.Text + "', '" + gun.Text + "', '" + kind.Text + "')");

                command.ExecuteNonQuery();
                MessageBox.Show("Data Saved !");
                connection.Close();
            }
            catch (Exception ex) {
                MessageBox.Show("Error " + ex);
            }
        }
    }
}
Improve this question
11
  • print out your sql statement Commented Dec 31, 2014 at 10:31
  • 3
    SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Dec 31, 2014 at 10:31
  • 1
    Could you give your[membre] table structure? Commented Dec 31, 2014 at 10:31
  • 1
    plus what marc_s said! Commented Dec 31, 2014 at 10:31
  • @user2941651 yeah i give it Commented Dec 31, 2014 at 10:37

2 Answers 2

Reset to default
4

Besides on your insert values, I think this happens because Password is a reserved keyword in OLE DB Provider. You should use it with square brackets like [Password]. The best solution is to change your column name to a non-reserved word.

But more important

You should always use parameterized queries. This kind of string concatenations are open for SQL Injection attacks. You don't need to use String.Format in your case as well since you didn't format your string.

Also use using statement to dispose your OleDbConnection and OleDbCommand.

using(OleDbConnection connection = new OleDbConnection(conString))
using(OleDbCommand command = connection.CreateCommand())
{
    // Set your CommandText property.
    // Define and add your parameter values.
    // Open your OleDbConnection.
    // Execute your query.
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I think he uses String.Format to avoid string Concatenation which would take more memory space and is slower. Even if this usage of String.Format isn't the usual way.
@CptVince Argh, maybe.. He saved 3 concatenation, huh? :) Still think it is unnecessary.
i don't know if this is right but i use even for this little concatenation.[code]String.Format(@"INSERT INTO [membre] (Player, [Password], Gun, Claass) VALUES('{0}', '{1}', '{2}', '{3}')", player.Text, password.Text, gun.Text, kind.Text);[/code] With normal String Concatenation it would be with the + ", " + thing over 9 concatenations i think.
@CptVince When you use parameterized queries, you will not need to format your string ;) Use them, USE THEM ALWAYS!
Jap sorry you are right i just thought about the concatenation.
0

Password is a reserved words in Access. Try the Query like this:

command.CommandText = String.Format(@"INSERT INTO [membre] (Player, [Password], Gun, Claass) VALUES('" + player.Text + "', '" + password.Text + "', '" + gun.Text + "', '" + kind.Text + "')");
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.