Inserting data from VB.NET to MS Access: Syntax error in INSERT INTO statement

database vb.net visual-studio ms-access syntax-error
52,820

Solution 1

Your query seems wrong: ... VALUES(usernme, passwrd)... -- Here the usernmeand passwrd are not variables for database, but just plain text in the query.

Use parameters, like this:

Dim usernme, passwrd As String
usernme = txtUsernm.Text
passwrd = txtpasswrd.Text
Dim constring As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\hasan\Documents\Visual Studio 2012\Projects\hasan\Login_Info.accdb"
Using myconnection As New OleDbConnection(constring)
    myconnection.Open()
    Dim sqlQry As String = "INSERT INTO [tbl_user] ([username], [password]) VALUES (@usernme, @passwrd)"
    Using cmd As New OleDbCommand(sqlQry, myconnection)
        cmd.Parameters.AddWithValue("@usernme", usernme)
        cmd.Parameters.AddWithValue("@passwrd", passwrd)
        cmd.ExecuteNonQuery()
    End using
End using

Solution 2

You aren't including the actual variable information missing the quotations, like

VALUES ('" & usernme & '", ...etc

You should be using parameters to avoid errors and sql injection:

sqlQry = "INSERT INTO tbl_user (username, password) VALUES(@usernme, @passwrd)"

Dim cmd As New OleDbCommand(sqlQry, myconnection)
cmd.Parameters.AddWithValue("@usernme", usernme)
cmd.Parameters.AddWithValue("@passwrd", passwrd)
cmd.ExecuteNonQuery()
Share:
52,820
Gord Thompson
Author by

Gord Thompson

I have been an independent IT consultant and software developer for over 20 years. I mainly do custom database applications.

Updated on February 23, 2020

Comments

  • Gord Thompson
    Gord Thompson about 4 years

    I'm using Microsoft Visual Studio 2013 and im trying to make a registration form for my account database using VB.NET. This is my code so far:

    Private Sub btnRegistery_Click(sender As Object, e As EventArgs) Handles btnRegistery.Click
    Dim usernme, passwrd As String
    usernme = txtUsernm.Text
    passwrd = txtpasswrd.Text

    Dim myconnection As OleDbConnection
    Dim constring As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\hasan\Documents\Visual Studio 2012\Projects\hasan\Login_Info.accdb"
    myconnection = New OleDbConnection(constring)
    myconnection.Open()

    Dim sqlQry As String

    sqlQry = "INSERT INTO tbl_user(username, password) VALUES(usernme , passwrd)"

    Dim cmd As New OleDbCommand(sqlQry, myconnection)
    cmd.ExecuteNonQuery()
End Sub

    The code compiles fine, but when i try to register any new information i get the following message:

        A first chance exception of type 'System.Data.OleDb.OleDbException' 
    occurred in System.Data.dll
    Additional information: Syntax error in INSERT INTO statement.    
    If there is a handler for this exception, the program may be safely continued.

    What could be a solution and cause for this problem?

    • Jamie Clayton
      Jamie Clayton over 10 years
      I would also suggest that you move any database code out of the User Interface code behind and into a separate DLL to ensure better separation of concerns.
    • Jamie Clayton
      Jamie Clayton over 10 years
      I would also recommend that you don't hard code connection strings but store them in the app.config file so you can "adjust" the location of the MSAccess db without re-compiling.
  • LarsTech
    LarsTech over 10 years
    The irony that your answer is missing some quotes.
  • Fabio
    Fabio over 10 years
    I think error is not because of missing quotations...
  • Fabio
    Fabio over 10 years
    And vulnerable for SQL Injection...
  • LarsTech
    LarsTech over 10 years
    @Fabio Sure it is. I just didn't write it out because the better instruction is to use parameters.
  • Fabio
    Fabio over 10 years
    Without parameters he will need: add quotations and &-sign to concat SQL query and values of variables
  • LarsTech
    LarsTech over 10 years
    @Fabio That's what I was implying. I updated the post.
  • Admin
    Admin over 10 years
    i dont understand.. what should i do with sqlQry and where does it fit in in the code above?
  • Admin
    Admin over 10 years
    i tried this and it gave me the same error..
  • Fabio
    Fabio over 10 years
    Check my answer I update it with new query
  • LarsTech
    LarsTech over 10 years
    @user3140727 Make sure your table and field names are correct.
  • Admin
    Admin over 10 years
    but myconnection is now undeclared.. leaving the original bit of code that declared it still gives me the same error
  • Fabio
    Fabio over 10 years
    Error happened in database, on my opinion query looks fine(new query).Then check that table, field names are right. Then check if length declared in database for fields username and password are more or same then inputed values
  • Admin
    Admin over 10 years
    i did, nothing wrong there
  • Fabio
    Fabio over 10 years
    Can you run this query straight to your database(with Access)? Then you can get maybe more information about error
  • Admin
    Admin over 10 years
    i dont understand what you mean.. how do i do that?
  • Fabio
    Fabio over 10 years
    Just open your database file(Login_Info.accdb) with Access, and run SQL Command...
  • Admin
    Admin over 10 years
    im really sorry, but as ive said im pretty new to this.. can you explain further
  • Admin
    Admin over 10 years
    im gonna go sleep now.. its 2 am where im at, ill take a look at it tomorrow
  • Jade
    Jade almost 10 years
    More prone to SQL injections and somehow error when a string text contains single quote.
  • Gord Thompson
    Gord Thompson almost 10 years
    Welcome to Stack Overflow. Thanks for submitting an answer, but there are a couple of problems with it: (1) It is a "code dump" answer with absolutely no explanation as to how it solves the OP's problem(s). Even a brief introductory sentence like "This code uses [some technique] to avoid the error." would have helped. (2) Your code concatenates user input directly into the SQL statement, leaving it vulnerable to SQL Injection. That is bad practice. You should have used a parameter query.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Insert all data of a datagridview to database vb.net
Updating an Access Database via a DataGridView Using OLEDB in VB.NET
Finding Records in a Database using a Textbox and Search Button in VB.Net
Dropping a table with Visual Studio 2010 Database Project
vba loop through fields in recordset while another recordset is not EOF
How to sort data using DataGridView in VB.NET?
Convert ASP.NET textbox control .text contents to Date/Time format
MS Access: select first occurrence within a group
Two timers running simultaneously and independently
How do I delete a row from a Microsoft Access table using c#