database - Syntax error in INSERT INTO statement c# -

i trying create order form using c# , attempting link order form access database using oledb in visual studio. when attempt save order database keep getting syntax exception listed below

error system.data.oledb.oledbexception (0x80040e14): syntax error in insert statement. @ system.data.oledb.oledbcommand.executecommandtexterrorhandling(oledb hresult hr) @ system.data.oledb.oledbcommand.executecommandtextfprsingleresult(tagd bparams dbparams, object& executeresult) @ system.data.oledb.oledbcommand.executecommandtext(object& executeresult) @ system.data.oledb.oledbcommand.executecommand(commandbehavior behavior, object& executeresult) @ system.data.oledb.oledbcommand.executereaderinternal(commandbehavior behavior, string method) @ system.data.oledb.oledbcommand.executenonquery() @ accessloginapp.orderform.btn_save_click(object sender, eventargs e) in c:\users\skyscarer\documents\visual studio 2013\projects\accessloginapp\orderform.cs: line 214

the offending code exception point seems in btn_save_click event. code displayed below.

private void btn_save_click(object sender, eventargs e)     {         try         {             connection.open();             oledbcommand command = new oledbcommand();             command.connection = connection;             command.commandtext = "insert orderform(customer name, address, telephone number, post code) values('" + customername.text + "', '" + addrbox.text + "', '" + telephonenumber.text + "', '" + postcode.text + "')";             //command.commandtext = "insert orderform (customer name, address, telephone number, post code, date ordered, due date, pick / delivery, item, quantity, size, price) values ('"+customername.text+"', '"+addrbox.text+"', '"+telephonenumber.text+"', '"+postcode.text+"', '"+dateorderedbox.text+"', '"+duedate.text+"', '"+cboxpickdeliver.text+"', '"+itembox.text+"', '"+quantity.text+"', '"+sizebox.text+"', '"+price.text+"')";             command.executenonquery();             messagebox.show("order inserted database");         }         catch (exception ex)         {             messagebox.show("error " + ex);         }     }

however line exception points command.executenonquery() code unsure exception trying , such unsure wrong code. if can me on this, appreciated. cheers

try:

"insert orderform ([customer name], address, [telephone number], [post code]) values('" + customername.text + "', '" + addrbox.text + "', '" + telephonenumber.text + "', '" + postcode.text + "')";

also should consider using parameters since open sql injection

Search This Blog

Brant

database - Syntax error in INSERT INTO statement c# -

Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

Android soft keyboard reverts to default keyboard on orientation change -

Rendering JButton to get the JCheckBox behavior in a JTable by using images does not update my table -