SQL INSERT INTO Help

SQL INSERT INTO Command is not working.

Page 1 of 1

4 Replies - 1826 Views - Last Post: 31 May 2009 - 03:10 PM Rate Topic: -----

#1 UnknownCoder  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 137
  • Joined: 22-February 09

SQL INSERT INTO Help

Posted 31 May 2009 - 07:54 AM

I am trying to insert some values into my database using the sql string below:

"INSERT INTO Users" & "(Username, Password)VALUES " & "('" & Accounts.TextBox1.Text & "'," & "'" & Accounts.TextBox2.Text & "')"


The error message reads: "Syntax error in INSERT INTO statement."

Any help would be appreciated. Thank you.

Is This A Good Question/Topic? 0
  • +

Replies To: SQL INSERT INTO Help

#2 Jayman  Icon User is offline

  • Student of Life
  • member icon

Reputation: 418
  • View blog
  • Posts: 9,532
  • Joined: 26-December 05

Re: SQL INSERT INTO Help

Posted 31 May 2009 - 08:03 AM

Try the following statement, I removed some of the extra & symbols.

"INSERT INTO Users (Username, Password) VALUES ('" & Accounts.TextBox1.Text & "','" & Accounts.TextBox2.Text & "')"

Was This Post Helpful? 0
  • +
  • -

#3 UnknownCoder  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 137
  • Joined: 22-February 09

Re: SQL INSERT INTO Help

Posted 31 May 2009 - 08:13 AM

Thanks for the help but it's still not working.

I am using an access database and have the tables 'Users'. Within that table I have the fields 'Username' & 'Password'. The problem occurs when I try to execute a non query command to check if the record has been added. The code for the account addition is below:

If TextBox1.Text = "" Then
	MsgBox("An account username must be provided.", MsgBoxStyle.Exclamation, "Error")
End If
If TextBox2.Text = "" Then
	MsgBox("An account password must be provided.", MsgBoxStyle.Exclamation, "Error")
End If
	conn.Open()
	Dim cmd As New OleDbCommand(addsql, conn)
	cmd.ExecuteNonQuery()
	MsgBox("The new account " & "'" & TextBox1.Text & "'" & " was saved successfully!", MsgBoxStyle.Information, "Account Saved")
	conn.Close()



The global variables are all in the code below:

Public mypath As String = Application.StartupPath & "\Data\Database.mdb"
Public mypassword As String = ""
Public conn As New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & mypath & ";Jet OLEDB:Database Password=" & mypassword)
Public cmd As OleDb.OleDbCommand
Public addsql As String = "INSERT INTO Users (Username, Password) VALUES ('" & Accounts.TextBox1.Text & "','" & Accounts.TextBox2.Text & "')"



Don't know why it is not working, it works with my other application.
Was This Post Helpful? 0
  • +
  • -

#4 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1641
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: SQL INSERT INTO Help

Posted 31 May 2009 - 09:21 AM

Try adding brackets around the table names (Users)

"INSERT INTO [Users] (Username, Password) VALUES ('" & Accounts.TextBox1.Text & "','" & Accounts.TextBox2.Text & "')"

Was This Post Helpful? 0
  • +
  • -

#5 JayFCox  Icon User is offline

  • New D.I.C Head

Reputation: 5
  • View blog
  • Posts: 41
  • Joined: 31-May 09

Re: SQL INSERT INTO Help

Posted 31 May 2009 - 03:10 PM

View PostPsychoCoder, on 31 May, 2009 - 08:21 AM, said:

Try adding brackets around the table names (Users)

"INSERT INTO [Users] (Username, Password) VALUES ('" & Accounts.TextBox1.Text & "','" & Accounts.TextBox2.Text & "')"


Ever heard of SQL injection attacks??

is there a reason you cannot
insert into [users] (Username, Password) values (@username,@password)
and add command parameters (http://msdn.microsoft.com/en-us/library/ms998271.aspx) for both username and password? That'd be safer.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1