0

I have already build a successful login form. But I want to have the opportunity to create a new account. I have two textboxes; one for username and one for password. Once the button is clicked, it needs to write this data to a MS Access 2002-2003 database file. But when I click the button I get the following error message:

An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll Additional information: Syntax error in INSERT INTO statement.

This is the code I am using:

    private void buttonRegistreren_Click(object sender, EventArgs e)
    {
        connection.Open();
        OleDbCommand command = new OleDbCommand();
        command.Connection = connection;
        command.CommandText = "INSERT INTO Gebruikers (Username, Password) values('" + textBoxUserregist.Text + "', '" + textBoxPassregist.Text + "')";
        command.ExecuteNonQuery();
        connection.Close();
    }

Somebody knows what I am doing wrong?

Improve this question
2
  • Also do not store your passwords as a plain text. Read: Best way to store password in database Commented Jan 11, 2016 at 13:23
  • Thanx for the tip. Will look into it! Commented Jan 11, 2016 at 13:32

1 Answer 1

Reset to default
0

Password is a reserved keyword in MS-Access, you need to encapsulate it between square brackets

command.CommandText = "INSERT INTO Gebruikers (Username, [Password]) ...."

said that please remember that string concatenations to build sql command is a very bad practice and leads to numerous problems. Start using parameters as soon as possible as in the example below

private void buttonRegistreren_Click(object sender, EventArgs e)
{
    using(OleDbConnection cn = new OleDbConnection(.....))
    using(OleDbCommand command = new OleDbCommand(@"INSERT INTO Gebruikers
                    (Username, [Password]) values(@name, @pwd)", cn))
    {
        cn.Open();
        command.Parameters.Add("@name", OleDbType.NVarWChar).Value =textBoxUserregist.Text ;
        command.Parameters.Add("@pwd", OleDbType.NVarWChar).Value = textBoxPassregist.Text;
        command.ExecuteNonQuery();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You are the man! Thank you!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.