Connection not working with localdb in visual studios

0
votes

Sorry to be asking this I know there are many other questions and have tried to use the solutions provided but I just cannot get my code to work. Thanks for looking!

Connection String as shown in Properties:

Data Source=(LocalDB)\v11.0;AttachDbFilename="C:\Users\Jacob\Documents\Visual Studio 2013\Projects\WindowsFormsApplication2\WindowsFormsApplication2\ChatDB.mdf";Integrated Security=True

Connection string in app.config:

Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\ChatDB.mdf;Integrated Security=True

Error: An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Incorrect syntax near the keyword 'User'.

Code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
//NC-1 More namespaces.
using System.Data.SqlClient;
using System.Configuration;

namespace WindowsFormsApplication2
{
    public partial class SignUp : Form
    {
        string connstr = ConfigurationManager.ConnectionStrings["WindowsFormsApplication2.Properties.Settings.ChatDBConnectionString"].ToString();

        public SignUp()
        {
            InitializeComponent();
        }

        private void label1_Click(object sender, EventArgs e)
        {

        }

        private void SubmitBtn_Click(object sender, EventArgs e)
        {
            string Name = NameText.Text;
            string Pwd = PwdText.Text;
            //make sure they have entered text
            if (Name.Length > 0 && Pwd.Length > 0)
            {
               SqlConnection conn = new SqlConnection(connstr);

                //NC-10 try-catch-finally
                try
                {
                    //NC-11 Open the connection.
                    conn.Open();

                    SqlCommand insert = new SqlCommand();
                    insert.Connection = conn;
                    insert.CommandText = "INSERT INTO [User] (Name,Password) VALUES ('" + Name + "','" + Pwd + "')";

                    insert.ExecuteNonQuery();
                    MessageBox.Show("Congrats!!!");

                }
                catch
                {
                    //NC-14 A simple catch.

                    MessageBox.Show("User was not returned. Account could not be created.");
                }
                finally
                {
                    //NC-15 Close the connection.
                    conn.Close();
                }
            }
            //if no text make them enter
            else
            {
                MessageBox.Show("Please enter Text in both fields.");
            }
        }
    }
}

Again thank you for looking.

1
c#visual-studio-2013connection-string
Check your SQL Query.Leonel Sarmiento
Grant Winney unfortunately that is the only query in the solution, I just started using visual studio and c#.tnyN
You've definitely created a User table?Brent Mannering
Not directly related, but don't compose a SQL strings, use a parameterized query, to prevent SQL injection. Little Bobby Tables is not that nice.Alex
Please use parametrized Commands. In the format that you are building your query currently you are very open to SQLInjection attacks. More info here and hereBernd Linde

1 Answers

1
votes

The problem is your SQL Query because you use a Reserved Keywords

Try to change your table name to tblUser.

I also suggest to use a parameterize query to prevent future SQL injection: (For Example)

@"INSERT INTO [User] (Name,Password) VALUES (@Name, @Password);"