Syntax error in INSERT into statement. Help needed

Question

1.00/5 (1 vote)

See more:

I am having some trouble with an insert statement I am using to insert strings into an access database and I keep receiving a "Syntax error in INSERT INTO statement."

C#

public void Insert(Person p)
        {
            try
            {
                command.CommandText = "INSERT INTO NewUser(Position, Forename, Surname, [Telephone Number], Username, [Password], [Confirm Password], [Start Date]) VALUES('" + p.PositionPositionCmbx1+ "', '" + p.FirstName_txt1+ "', '" + p.Surname_txt1+ "', '" + p.Telnumber_txt+ "', '" + p.PasswordNU_txt1+ "', '" + p.ConfirmPasswrd_txt1+ "')";
                command.CommandType = System.Data.CommandType.Text;
                connection.Open();
                command.ExecuteNonQuery();
            }
            catch (Exception ex)
            {
                System.Windows.Forms.MessageBox.Show(ex.Message);
            }
            finally
            {
                connection.Close();
            }
        }

What I have tried:

Putting [] around all values in the insert statement

Posted 13-Nov-17 4:43am

Member 13512434

Updated 13-Nov-17 4:56am

Suvendu Shekhar Giri

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Suvendu Shekhar Giri · Answer 1 · 2017-11-13T04:56:00

You are passing less number of values than the mentioned numbers of columns. Your INSERT query expects 8 values but you are passing only 6 values. First correct that.

Secondly, put your query in a string variable and see what is the actual query being evaluated to. Something like following-

C#

string query ="INSERT INTO NewUser(Position, Forename, Surname, [Telephone Number], Username, [Password], [Confirm Password], [Start Date]) VALUES('" + p.PositionPositionCmbx1+ "', '" + p.FirstName_txt1+ "', '" + p.Surname_txt1+ "', '" + p.Telnumber_txt+ "', '" + p.PasswordNU_txt1+ "', '" + p.ConfirmPasswrd_txt1+ "')";

UPDATE
The above is just to keep things simple and used your code only. But your code is seriously prone to SQL Injection[^]. And the best thing is you don't need to reinvent the wheel rather just some minor changes can do the job. Please check following links for further help. I strongly recommend to check and let me know if I can help in implementing that.
Using Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

If you still need help, please let me know :)