0
votes

Sorry to be asking this I know there are many other questions and have tried to use the solutions provided but I just cannot get my code to work. Thanks for looking!

Connection String as shown in Properties:

Data Source=(LocalDB)\v11.0;AttachDbFilename="C:\Users\Jacob\Documents\Visual Studio 2013\Projects\WindowsFormsApplication2\WindowsFormsApplication2\ChatDB.mdf";Integrated Security=True

Connection string in app.config:

Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\ChatDB.mdf;Integrated Security=True

Error: An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Incorrect syntax near the keyword 'User'.

Code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
//NC-1 More namespaces.
using System.Data.SqlClient;
using System.Configuration;

namespace WindowsFormsApplication2
{
    public partial class SignUp : Form
    {
        string connstr = ConfigurationManager.ConnectionStrings["WindowsFormsApplication2.Properties.Settings.ChatDBConnectionString"].ToString();

        public SignUp()
        {
            InitializeComponent();
        }

        private void label1_Click(object sender, EventArgs e)
        {

        }

        private void SubmitBtn_Click(object sender, EventArgs e)
        {
            string Name = NameText.Text;
            string Pwd = PwdText.Text;
            //make sure they have entered text
            if (Name.Length > 0 && Pwd.Length > 0)
            {
               SqlConnection conn = new SqlConnection(connstr);

                //NC-10 try-catch-finally
                try
                {
                    //NC-11 Open the connection.
                    conn.Open();

                    SqlCommand insert = new SqlCommand();
                    insert.Connection = conn;
                    insert.CommandText = "INSERT INTO [User] (Name,Password) VALUES ('" + Name + "','" + Pwd + "')";

                    insert.ExecuteNonQuery();
                    MessageBox.Show("Congrats!!!");

                }
                catch
                {
                    //NC-14 A simple catch.

                    MessageBox.Show("User was not returned. Account could not be created.");
                }
                finally
                {
                    //NC-15 Close the connection.
                    conn.Close();
                }
            }
            //if no text make them enter
            else
            {
                MessageBox.Show("Please enter Text in both fields.");
            }
        }
    }
}

Again thank you for looking.

1
Check your SQL Query. - Leonel Sarmiento
Grant Winney unfortunately that is the only query in the solution, I just started using visual studio and c#. - tnyN
You've definitely created a User table? - Brent Mannering
Not directly related, but don't compose a SQL strings, use a parameterized query, to prevent SQL injection. Little Bobby Tables is not that nice. - Alex
Please use parametrized Commands. In the format that you are building your query currently you are very open to SQLInjection attacks. More info here and here - Bernd Linde

1 Answers

1
votes

The problem is your SQL Query because you use a Reserved Keywords

Try to change your table name to tblUser.

I also suggest to use a parameterize query to prevent future SQL injection: (For Example)

@"INSERT INTO [User] (Name,Password) VALUES (@Name, @Password);"