Click here to Skip to main content
16,020,459 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
The error was ( Syntax error in INSERT INTO statement. )

private void btnNext_Click(object sender, EventArgs e)
{
     OleDbConnection con1 = new OleDbConnection("Provider=Microsoft.ace.OLEDB.12.0;DATA Source=C:\\Users\\Ayoub\\Desktop\\nodes.mdb;user ID=admin ; Password = ;");
     OleDbCommand command = new OleDbCommand();
     command.Connection = con1;
     command.Connection.Open();
     command.CommandText = ("insert into configuration (Name,Title) values ('" + txtBxAdminName.Text + "','" + txtBoxNetworkTitle.Text + "'");
     command.CommandType = CommandType.Text;
     command.ExecuteScalar();
     //OleDbDataReader reader = command.ExecuteReader();
     // reader.Close();
     command.Connection.Close();
}


Can you please help me
Posted
Updated 28-Dec-09 4:55am
v2

1. close the parenthesis opened in the values list
2. Prevent SQL injection attacks: use parameterized queries[^].
 
Share this answer
 
To add to the previous answer, there is also a convention that SQL (etc.) keywords are capitalised. So your statement would become:
OleDbCommand command = new OleDbCommand("INSERT INTO configuration (Name, Title) VALUES (@AN, @NT)");
command.Parameters.AddWithValue("@AN", txtBxAdminName.Text);
command.Parameters.AddWithValue("@NT", txtBoxNetworkTitle.Text);
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900