By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,089 Members | 1,952 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,089 IT Pros & Developers. It's quick & easy.

INSERT INTO...(password) syntax error

P: n/a

Hi! I am currently creating a Registration form which contained: UserID
Password, FirstName and LastName.

These details would be inserted into Ms Access when I click submi
button. But I encounter with the problem to insert 'Password'. It work
fine if I did not insert 'Password' but if I did, it will shows that
have "syntax error: INSERT INTO..."

Did I miss something to write? Please kindly have a look on the cod
below, Thank you!

<%@ Import Namespace="System.Data" %>

<%@ Imports Namespace="System.Data.OleDb" %>

Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e A
System.EventArgs) Handles btnSubmit.Click

Dim InsertCmd As New OleDbCommand

Dim SQLInsert As String

Dim DBConn As OleDbConnection

Dim Connstr As String

Connstr = "Provider=Microsoft.jet.oledb.4.0;" & _

"DAT
SOURCE=C:\Inetpub\wwwroot\samples\Project\bin\Proj ect-Library.mdb"

SQLInsert = "INSERT INTO User_Profile (UserID, Password, FirstName
LastName) VALUES ('" & txtUserID.Text & "', '" & txtRegPwd.Text & "'
'" & txtFirstName.Text & "', '" & txtLastName.Text & "')"

'Create connection

DBConn = New OleDbConnection(Connstr)

InsertCmd.Connection = DBConn

InsertCmd.CommandText = SQLInsert

Try

DBConn.Open()

InsertCmd.ExecuteNonQuery()

Catch ex As Exception

Response.Write(ex.ToString())

Finally

DBConn.Close()

End Try

End Su

--
jinhy82Posted from http://www.pcreview.co.uk/ newsgroup acces

Nov 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
hi,
use [password] instead of password in the insert statement since password is
a reserved keyword.
--
The best
srini
http://www.expertszone.com
"jinhy82" wrote:

Hi! I am currently creating a Registration form which contained: UserID,
Password, FirstName and LastName.

These details would be inserted into Ms Access when I click submit
button. But I encounter with the problem to insert 'Password'. It works
fine if I did not insert 'Password' but if I did, it will shows that I
have "syntax error: INSERT INTO..."

Did I miss something to write? Please kindly have a look on the code
below, Thank you!

<%@ Import Namespace="System.Data" %>

<%@ Imports Namespace="System.Data.OleDb" %>

Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSubmit.Click

Dim InsertCmd As New OleDbCommand

Dim SQLInsert As String

Dim DBConn As OleDbConnection

Dim Connstr As String

Connstr = "Provider=Microsoft.jet.oledb.4.0;" & _

"DATA
SOURCE=C:\Inetpub\wwwroot\samples\Project\bin\Proj ect-Library.mdb"

SQLInsert = "INSERT INTO User_Profile (UserID, Password, FirstName,
LastName) VALUES ('" & txtUserID.Text & "', '" & txtRegPwd.Text & "',
'" & txtFirstName.Text & "', '" & txtLastName.Text & "')"

'Create connection

DBConn = New OleDbConnection(Connstr)

InsertCmd.Connection = DBConn

InsertCmd.CommandText = SQLInsert

Try

DBConn.Open()

InsertCmd.ExecuteNonQuery()

Catch ex As Exception

Response.Write(ex.ToString())

Finally

DBConn.Close()

End Try

End Sub
--
jinhy82Posted from http://www.pcreview.co.uk/ newsgroup access

Nov 19 '05 #2

P: n/a

It's not good to use string concatenation in SQL commands. The better way is
to use parameters...
http://samples.gotdotnet.com/quickst...teCommand.aspx

Are you sure that there is no error in field name 'Password'? Maybe you have
a typos in database table?

"jinhy82" <jinhy82.1q7a2y@> wrote in message
news:oc********************@giganews.com...

Hi! I am currently creating a Registration form which contained: UserID,
Password, FirstName and LastName.

These details would be inserted into Ms Access when I click submit
button. But I encounter with the problem to insert 'Password'. It works
fine if I did not insert 'Password' but if I did, it will shows that I
have "syntax error: INSERT INTO..."

Did I miss something to write? Please kindly have a look on the code
below, Thank you!

<%@ Import Namespace="System.Data" %>

<%@ Imports Namespace="System.Data.OleDb" %>

Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSubmit.Click

Dim InsertCmd As New OleDbCommand

Dim SQLInsert As String

Dim DBConn As OleDbConnection

Dim Connstr As String

Connstr = "Provider=Microsoft.jet.oledb.4.0;" & _

"DATA
SOURCE=C:\Inetpub\wwwroot\samples\Project\bin\Proj ect-Library.mdb"

SQLInsert = "INSERT INTO User_Profile (UserID, Password, FirstName,
LastName) VALUES ('" & txtUserID.Text & "', '" & txtRegPwd.Text & "',
'" & txtFirstName.Text & "', '" & txtLastName.Text & "')"

'Create connection

DBConn = New OleDbConnection(Connstr)

InsertCmd.Connection = DBConn

InsertCmd.CommandText = SQLInsert

Try

DBConn.Open()

InsertCmd.ExecuteNonQuery()

Catch ex As Exception

Response.Write(ex.ToString())

Finally

DBConn.Close()

End Try

End Sub
--
jinhy82Posted from http://www.pcreview.co.uk/ newsgroup access

Nov 19 '05 #3

P: n/a
jinhy82 wrote:
Hi! I am currently creating a Registration form which contained:
UserID, Password, FirstName and LastName.

These details would be inserted into Ms Access when I click submit
button. But I encounter with the problem to insert 'Password'. It
works fine if I did not insert 'Password' but if I did, it will
shows that I have "syntax error: INSERT INTO..."

Did I miss something to write? Please kindly have a look on the code
below, Thank you!

<%@ Import Namespace="System.Data" %>

<%@ Imports Namespace="System.Data.OleDb" %>

Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSubmit.Click

Dim InsertCmd As New OleDbCommand

Dim SQLInsert As String

Dim DBConn As OleDbConnection

Dim Connstr As String

Connstr = "Provider=Microsoft.jet.oledb.4.0;" & _

"DATA
SOURCE=C:\Inetpub\wwwroot\samples\Project\bin\Proj ect-Library.mdb"

SQLInsert = "INSERT INTO User_Profile (UserID, Password, FirstName,
LastName) VALUES ('" & txtUserID.Text & "', '" & txtRegPwd.Text & "',
'" & txtFirstName.Text & "', '" & txtLastName.Text & "')"

What if a mr O'Brian wants to register?? Your sql will crash!

Look up: sql injection attack
and start looking into parameters.

Hans Kesting
'Create connection

DBConn = New OleDbConnection(Connstr)

InsertCmd.Connection = DBConn

InsertCmd.CommandText = SQLInsert

Try

DBConn.Open()

InsertCmd.ExecuteNonQuery()

Catch ex As Exception

Response.Write(ex.ToString())

Finally

DBConn.Close()

End Try

End Sub

Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.