0 
strSQL = "INSERT INTO Accounts UserName, Password VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

When the code is executed and error is thrown, but there is no visible problem that i can see. Help!

Improve this question
4
  • 1
    Do not concat strings to generate sql, use parameters. Commented Mar 21, 2014 at 12:24
  • 1
    It helps if you include the error you are getting in your question. Commented Mar 21, 2014 at 12:25
  • You need to put the column list in paranthesis ... INTO Accounts (UserName, Password) ... Commented Mar 21, 2014 at 12:26
  • @Callum, look at my update1... the test mean add your database name.. Commented Mar 21, 2014 at 12:51

4 Answers 4

Reset to default
5

The word PASSWORD is reserved in MS-Access.
You need to use square brackets around that name (Or change it to something different)

strSQL = "INSERT INTO Accounts (UserName, [Password]) VALUES (......

Said that, please use a parameterized query to build sql commands.
A string concatenation like yours is easily attacked by hackers using SQL Injection
Also, if the username or password contains a single quote, the resulting sql text built using string concatenation will be invalid.

strSQL = "INSERT INTO Accounts (UserName, [Password]) VALUES (?, ?)" OleDbCommand cmd = new OleDbCommand(strSQL, connection); cmd.Parameters.AddWithValue("@p1",txtUsername.Text); cmd.Parameters.AddWithValue("@p2",txtEncryptedPassword); cmd.ExecuteNonQuery();
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks the reserved word was the problem, hackers aren't really an issue it is only for a college project.
1

You forgot parentheses:

strSQL = "INSERT INTO Accounts (UserName, Password) VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"
Improve this answer

1 Comment

OleDbException was unhandled . Syntax error in INSERT INTO statement
0

try this code:

 Dim strSQL As String = "INSERT INTO tblDetail VALUES('" & strPersonCode _ & "','" & strForename & "','" & strSurname & "','" & strDateOfBirth & "'," & strCurrentlyWith & ",'" & strConditions & "')"

Do it like that but change to your names. Declare the values of text boxes as strings and just use those.

Improve this answer

Comments

0

your doing () this mistake and you should must add:

your code:

strSQL = "INSERT INTO Accounts UserName, Password VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

you should must change code following as:

strSQL = "INSERT INTO Accounts (UserName, Password) VALUES ('" & txtUsername.Text & "', '" & txtEncryptedPassword & "');"

update1:

"INSERT INTO `test`.`users` ( `username`, `password`) " & _ "VALUES ('" & txtUsername.Text & "', '" & txtPassword.Text & "');"

update2:

 "INSERT INTO users ( `username`,`password`)VALUES(@txtUsername.Text,@txtPassword.Text);" 
"INSERT INTO users (Username,Password)VALUES(?,?);"

note:test means database name you should change your databasename.

Improve this answer

3 Comments

The table is Accounts
What does the 'test'.'users' mean?
This will make the statement just the same though

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.