insert into syntax error

0
votes
Private databaseConnector As DatabaseConnector
    Dim fulltxtSQL As String


    DatabaseConnector = New DatabaseConnector



    Try

        fulltxtSQL = "insert into [user-table] (username, password) VALUES ('" & UserName.Text & "','" & Password.Text & "')"

        DatabaseConnector.RunSqlNonQuery(fulltxtSQL)

        If DatabaseConnector.RunSqlNonQuery(fulltxtSQL) = True Then

            MsgBox("thank you for registering ", vbInformation, Title.Trim)
            Response.Redirect("Default.aspx")

            Exit Sub

        Else
            MsgBox(MsgBox("There has been a error in your registering", vbInformation, Title.Trim))
        End If
    Catch ex As Exception
        MsgBox(ex.Message.Trim, MsgBoxStyle.Information + MsgBoxStyle.OkOnly, Me.Title.Trim)
        Exit Sub
    End Try
End Sub

am trying to get the data from textbox to the database table. syntax error in insert into statement the connection to the database works fine but when it reaches the insert into statement i get the error

2
asp.netdatabasevb.net
You should use parameterized queries to prevent sql injection - Izzy
Your code is very insecure. It will very easy for anyone to find out all the passwords in your table. You should read about Sql Injection for more information. - Chris Dunaway

2 Answers

0
votes

Try this

INSERT INTO [user-table] ([username],[password]) VALUES('" & UserName.Text & "','" & Password.Text & "')"

You query contains special character such as user,table and password so it will give error. So what you need to do is to put such characters in paranthesis [].

Also you should use parameterized query.

0
votes

try using this command

cmd = New System.Data.OleDb.OleDbCommand("INSERT INTO [user-table] ([username],[password]) VALUES('" & UserName.Text & "','" & Password.Text & "')", con)

if your table name contains such special charaters then use square brackets.