How to Fix C# ExecuteNonQuery Error (0x80040E14)

0

I am trying to insert a password into a MS Access database but I get the following error when I run it but I can't get the ExecuteNonQuery() function to work for some reason.

I'm trying to insert a string from the textbox password into the column password in the table Password.

I get this error:

System.Data.OleDb.OleDbException (0x80040E14): Syntax error in INSERT INTO statement. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Insert_Test.Form1.pass_btn_Click(Object sender, EventArgs e) in C:\Users\Mahir\source\repos\Insert Test\Insert Test\Form1.cs:line 43

This is the code that I use :

private OleDbConnection connection = new OleDbConnection();
string database = Path.GetDirectoryName(System.Reflection.Assembly.GetEntryAssembly().Location) + "\\password.accdb";
connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + database + ";Jet OLEDB:Database Password=12345678;";
try {
    connection.Open();
    OleDbCommand command = new OleDbCommand();
    command.Connection = connection;
    command.CommandText = "INSERT INTO Password ([password]) VALUES('" + password.Text + "')";
    command.ExecuteNonQuery(); // this is line 43
    MessageBox.Show("Success");
    connection.Close();
} catch (Exception ex) {
    MessageBox.Show(Convert.ToString(ex));
}

The database I'm using is MS Access 2010 database named "password.accdb" with the password "12345678".

Here is the full code: https://pastebin.com/D1xQ2LVg

c#
sql
ms-access
asked on Stack Overflow Jul 11, 2018 by beannshie223 • edited Nov 1, 2019 by Milo

1 Answer

4

Password is a keyword. You've correctly escaped the column name, but not the table name. That needs square brackets as well:

INSERT INTO [Password] ([password]) VALUES('" + password.Text + "')"

Note that your code has 2 major flaws: 1. it's at risk for SQL injection. 2. It stores passwords as plain text. These both are big no-no's for applications that actually get used, so please read into parameterized queries, and hashing passwords.

answered on Stack Overflow Jul 11, 2018 by Erik A

User contributions licensed under CC BY-SA 3.0