Click here to Skip to main content
15,921,774 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i try but i not able find Mistake in statement

What I have tried:

C#
private void btnRegister_Click(object sender, EventArgs e)
        {
            if (txtUserName.Text != "" && txtPassword.Text != "" && txtConfirmPassword.Text != "")  
            {
                if (txtPassword.Text.ToString().Trim().ToLower() == txtConfirmPassword.Text.ToString().Trim().ToLower())    
                {
                    String connstring = ConfigurationManager.ConnectionStrings["Data"].ConnectionString;
                    string cmdstring = "Insert Into userID (UserName, Password) Values (@User, @Password)";

                    using (OleDbConnection con = new OleDbConnection(connstring))
                    {
                        using (OleDbCommand cmd = new OleDbCommand(cmdstring, con))
                        {
                            string UserName = txtUserName.Text;
                            string Password = Cryptography.Encrypt(txtPassword.Text.ToString());  
                            con.Open();
                            cmd.Parameters.AddWithValue("@User", txtUserName.Text);
                            cmd.Parameters.AddWithValue("@Password", Cryptography.Encrypt(txtPassword.Text.ToString()));
                            cmd.ExecuteNonQuery();
                            con.Close();
                            MessageBox.Show("Record inserted successfully", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
                
                        }
                    }
                }
                else
                {
                    MessageBox.Show("Password and Confirm Password doesn't match", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);  
                }
            }
            else
            {
                MessageBox.Show("Please fill all the fields", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);  
            }
        }
Posted
Updated 28-May-22 1:41am
v2
Comments
Patrice T 16-Jun-20 10:19am    
What is the exact error message ?
Amar chand123 16-Jun-20 10:20am    
An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll

Additional information: Syntax error in INSERT INTO statement.
Patrice T 16-Jun-20 10:28am    
Use Improve question to update your question.
So that everyone can pay attention to this information.
Andre Oosthuizen 16-Jun-20 10:22am    
Is userID your table name?, looks like a field name
Amar chand123 16-Jun-20 10:25am    
table name

Password is an SQL reserved word, and shouldn't be used as a column name. If it is, you need to escape it every time you use it:
SQL
string cmdstring = "INSERT INTO userID (UserName, [Password]) Values (@User, @Password)";


But you should never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

And remember: if this is web based and you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.
 
Share this answer
 
Comments
Amar chand123 16-Jun-20 10:26am    
Thank You
<rant>
You do know that any Text property already returns a string, right? So why on earth are you calling .ToString() on a string returned by a Text property?


You don't specify what the error message says, other than "Syntax Error". There's always something that tells you what the error is and where.

But, I'm going to take a guess. It looks like you're trying to insert data into a table called "userId". You don't really have a table in the database called "userId", do you?

And/Or you don't have columns in that table called "UserName" or "Password".

And/Or the datatypes on those columns in the database are of the incorrect type or length.

Also, NEVER ENCRYPT PASSWORDS! I have no idea what your Cryptography class is or what the Encrypt method is doing. To do it correctly, you always salt and hash passwords, then store the hashed bytes. When you compare the entered password against the database, you salt and hash the password entered and compare those bytes against the bytes in the database.
 
Share this answer
 
private void btnRegister_Click(object sender, EventArgs e)
        {
            if (txtUserName.Text != "" && txtPassword.Text != "" && txtConfirmPassword.Text != "")  
            {
                if (txtPassword.Text.ToString().Trim().ToLower() == txtConfirmPassword.Text.ToString().Trim().ToLower())    
                {
                    String connstring = ConfigurationManager.ConnectionStrings["Data"].ConnectionString;
                    string cmdstring = "Insert Into userID (UserName, Password) Values (@User, @Password)";

                    using (OleDbConnection con = new OleDbConnection(connstring))
                    {
                        using (OleDbCommand cmd = new OleDbCommand(cmdstring, con))
                        {
                            string UserName = txtUserName.Text;
                            string Password = Cryptography.Encrypt(txtPassword.Text.ToString());  
                            con.Open();
                            cmd.Parameters.AddWithValue("@User", txtUserName.Text);
                            cmd.Parameters.AddWithValue("@Password", Cryptography.Encrypt(txtPassword.Text.ToString()));
                            cmd.ExecuteNonQuery();
                            con.Close();
                            MessageBox.Show("Record inserted successfully", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
                
                        }
                    }
                }
                else
                {
                    MessageBox.Show("Password and Confirm Password doesn't match", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);  
                }
            }
            else
            {
                MessageBox.Show("Please fill all the fields", "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);  
            }
        }
 
Share this answer
 
Comments
Tony Hill 28-May-22 10:32am    
This is a verbatim repost of the OP's question and is not a solution.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900