syntax error while inserting data into ms access table

Question

I have a following code:

OleDbConnection aConnection = new
                    OleDbConnection(\"Provider=Microsoft.ACE.OLEDB.12.0;
                                     


        

Answer 1

Password is a reserved word in Access so you need to wrap the password column in square brackets in your query. You also need to wrap the columns you're inserting data into in parentheses:

INSERT INTO (Client cname,phone,[password]) VALUES(...

As @HarveySpecter points out in the comments you should also use a parameterized query rather than concatenating user input otherwise you're opening yourself up to SQL injection attacks.

Answer 2

Try this:

string sql = "INSERT INTO Client (cname, phone, [password])
VALUES('"+textBox1.Text+"','"+textBox2.Text+"','"+textBox3.Text+"')";

You forget parentheses. But better use parameter queries.

Answer 3

Your insert syntax is incorrect... you need to () around both the fields you are inserting AND the values clause...

insert into Client
   ( cname, phone, [password] )
   values
   ( ?, ?, ? )

The "?" are place-holders for the parameters and the parameter statements must be in the same order as the "?" represent. Also, note... if the values are expected to be numeric, date, etc, make sure the values you are setting in the parameter are the correct data type too. But in your case, these are all string-based.

OleDbCommand insert = new OleDbCommand(sql, aConnection);
insert.Parameters.Add( "parmName", textBox1.Text );
insert.Parameters.Add( "parmPhone", textBox2.Text );
insert.Parameters.Add( "parmPwd", textBox3.Text );