INSERT INTO...(password) syntax error

jinhy82 · Jun 6, 2005

Hi! I am currently creating a Registration form which contained: UserID
Password, FirstName and LastName.

These details would be inserted into Ms Access when I click submi
button. But I encounter with the problem to insert 'Password'. It work
fine if I did not insert 'Password' but if I did, it will shows that
have "syntax error: INSERT INTO..."

Did I miss something to write? Please kindly have a look on the cod
below, Thank you!

<%@ Import Namespace="System.Data" %>

<%@ Imports Namespace="System.Data.OleDb" %>

Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e A
System.EventArgs) Handles btnSubmit.Click

Dim InsertCmd As New OleDbCommand

Dim SQLInsert As String

Dim DBConn As OleDbConnection

Dim Connstr As String

Connstr = "Provider=Microsoft.jet.oledb.4.0;" & _

"DAT
SOURCE=C:\Inetpub\wwwroot\samples\Project\bin\Project-Library.mdb"

SQLInsert = "INSERT INTO User_Profile (UserID, Password, FirstName
LastName) VALUES ('" & txtUserID.Text & "', '" & txtRegPwd.Text & "'
'" & txtFirstName.Text & "', '" & txtLastName.Text & "')"

'Create connection

DBConn = New OleDbConnection(Connstr)

InsertCmd.Connection = DBConn

InsertCmd.CommandText = SQLInsert

Try

DBConn.Open()

InsertCmd.ExecuteNonQuery()

Catch ex As Exception

Response.Write(ex.ToString())

Finally

DBConn.Close()

End Try

End Su

Guest · Jun 6, 2005

hi,
use [password] instead of password in the insert statement since password is
a reserved keyword.

gaidar · Jun 6, 2005

It's not good to use string concatenation in SQL commands. The better way is
to use parameters...
http://samples.gotdotnet.com/quickstart/howto/doc/adoplus/ExecuteCommand.aspx

Are you sure that there is no error in field name 'Password'? Maybe you have
a typos in database table?

Hans Kesting · Jun 6, 2005

jinhy82 said:
Hi! I am currently creating a Registration form which contained:
UserID, Password, FirstName and LastName.

These details would be inserted into Ms Access when I click submit
button. But I encounter with the problem to insert 'Password'. It
works fine if I did not insert 'Password' but if I did, it will
shows that I have "syntax error: INSERT INTO..."

Did I miss something to write? Please kindly have a look on the code
below, Thank you!

<%@ Import Namespace="System.Data" %>

<%@ Imports Namespace="System.Data.OleDb" %>

Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSubmit.Click

Dim InsertCmd As New OleDbCommand

Dim SQLInsert As String

Dim DBConn As OleDbConnection

Dim Connstr As String

Connstr = "Provider=Microsoft.jet.oledb.4.0;" & _

"DATA
SOURCE=C:\Inetpub\wwwroot\samples\Project\bin\Project-Library.mdb"

SQLInsert = "INSERT INTO User_Profile (UserID, Password, FirstName,
LastName) VALUES ('" & txtUserID.Text & "', '" & txtRegPwd.Text & "',
'" & txtFirstName.Text & "', '" & txtLastName.Text & "')"

What if a mr O'Brian wants to register?? Your sql will crash!

Look up: sql injection attack
and start looking into parameters.

Hans Kesting

Irritating INSERT INTO Error	6	Feb 11, 2007
SQL insert error	3	Apr 27, 2004
Create User Wizard Insert Issue	1	May 17, 2010
How to make login script case sensitive	1	Nov 16, 2004
MS Access connection	1	Jan 25, 2010
password field: Syntax error in INSERT INTO statement.	3	Jan 23, 2005
Insert into msAccess problems	2	Feb 25, 2010
Text Box Does Not Update New Values	1	Jul 22, 2009

INSERT INTO...(password) syntax error

jinhy82

Guest

gaidar

Hans Kesting

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads