I am trying to insert a password into a MS Access database but I get the following error when I run it but I can't get the ExecuteNonQuery()
function to work for some reason.
I'm trying to insert a string from the textbox password
into the column password
in the table Password
.
I get this error:
System.Data.OleDb.OleDbException (0x80040E14): Syntax error in INSERT INTO statement. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Insert_Test.Form1.pass_btn_Click(Object sender, EventArgs e) in C:\Users\Mahir\source\repos\Insert Test\Insert Test\Form1.cs:line 43
This is the code that I use :
private OleDbConnection connection = new OleDbConnection();
string database = Path.GetDirectoryName(System.Reflection.Assembly.GetEntryAssembly().Location) + "\\password.accdb";
connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" + database + ";Jet OLEDB:Database Password=12345678;";
try {
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "INSERT INTO Password ([password]) VALUES('" + password.Text + "')";
command.ExecuteNonQuery(); // this is line 43
MessageBox.Show("Success");
connection.Close();
} catch (Exception ex) {
MessageBox.Show(Convert.ToString(ex));
}
The database I'm using is MS Access 2010 database named "password.accdb" with the password "12345678".
Here is the full code: https://pastebin.com/D1xQ2LVg
Password is a keyword. You've correctly escaped the column name, but not the table name. That needs square brackets as well:
INSERT INTO [Password] ([password]) VALUES('" + password.Text + "')"
Note that your code has 2 major flaws: 1. it's at risk for SQL injection. 2. It stores passwords as plain text. These both are big no-no's for applications that actually get used, so please read into parameterized queries, and hashing passwords.
User contributions licensed under CC BY-SA 3.0