Syntax error in INSERT INTO statement for Access 2010

vb.net ms-access-2010

My INSERT statement apparently has a syntax error. Could someone please explain why that might be?

Private Sub Register_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Register.Click
    Dim StudentNum As String
    Dim Password As String
    Dim FirstName As String
    Dim LastName As String
    Dim YrandSec As String

    StudentNum = Number.Text()
    Password = Pass.Text
    FirstName = First.Text
    LastName = Last.Text
    YrandSec = YrSec.Text()

    SQL = "INSERT INTO Accounts(StudNo,Password,FirstName,LastName,YrandSec) VALUES ('" & StudentNum & "', '" & Password & "', '" & FirstName & "', '" & LastName & "', '" & YrandSec & "')"    - ERROR HERE
    Cmd = New OleDbCommand(SQL, Con)
    Con.Open()
    objCmd = New OleDbCommand(SQL, Con)

    If Repass.Text = Pass.Text = False Then
        Re.Text = "*Password didn't match!"
        Number.Text = ""
        Pass.Text = ""
        Repass.Text = ""
        Con.Close()
    Else
        If Number.Text = "" Or Pass.Text = "" Or Repass.Text = "" Or First.Text = "" Or Last.Text = "" Or YrSec.Text = "" Then
            MsgBox("Please complete the field", MsgBoxStyle.Information, "Failed to create")
        Else
            objCmd.ExecuteNonQuery()
            Re.Text = ""
            MsgBox("Account has been created", MsgBoxStyle.Information, "Congrats!")
            For fade = 0.0 To 1.1 Step 0.2
                Login.Opacity = fade
                Login.Show()
                Me.Hide()
                Threading.Thread.Sleep(30)
                Number.Text = ""
                Pass.Text = ""
                Repass.Text = ""
                First.Text = ""
                Last.Text = ""
                YrSec.Text = ""
            Next
        End If

    End If
End Sub

  1. PASSWORD is a reserved word in Access SQL, so you need to wrap that column name in square brackets.

  2. You really should use a parameterized query to protect against SQL Injection and generally make your life easier.

Try something like this

SQL = "INSERT INTO [Accounts] ([StudNo],[Password],[FirstName],[LastName],[YrandSec]) " & _
        "VALUES (?, ?, ?, ?, ?)"
Con.Open()
objCmd = New OleDbCommand(SQL, Con)
objCmd.Parameters.AddWithValue("?", StudentNum)
objCmd.Parameters.AddWithValue("?", Password)
objCmd.Parameters.AddWithValue("?", FirstName)
objCmd.Parameters.AddWithValue("?", LastName)
objCmd.Parameters.AddWithValue("?", YrandSec)

Related

Text Overflowing in a Row, Flutter
Making Git retain different section content between branches
How to add some textfield in form register (laravel generator infyom)?
h:outputText seems to trim whitespace, how do I preserve whitespace?
PiZero W connected to two peripherals (GPIO and USB): how to continuously read from both at same time?
Icons are not displayed properly with pygame
How to combine implicit and explicit timeouts in Selenium?
Why use Schema.org microdata to mark up web page elements?
How to test an ES6 class that needs jquery?
Variable position in comparision in PHP
JDBC returning MySQLSyntaxError Exception with correct statement
Custom Rounding corners on UIView