Click here to Skip to main content
15,888,527 members
Search within:


I am doing my Semester project Web based .net. I have written a code for signup form and insert into the database, but it reguraly giving error or ExecuteNotQuery, Plz help me to improve my...
Please Sign up or sign in to vote.
1.00/5 (1 vote)
The Code is
ASP.NET
<div align="center" ><table align="center" class="table2-style" >
        <tr> <td colspan="2"><div align="Center" class="auto-style1">Registration</div></td></tr>
        <tr><td class="table2Col-style"><div align="center">
            <asp:Label ID="LblUname" runat="server" Text="User Name" style="font-family: Calibri; font-size: small; color: #CD5800"></asp:Label></div></td><td class="table2Col-style">
                <asp:TextBox ID="TxtUname" runat="server"></asp:TextBox></td></tr>
        <tr><td class="table2Col-style"><div align="center">
            <asp:Label ID="LblEmail" runat="server" Text="E-Mail" style="font-family: Calibri; font-size: small; color: #CD5800"></asp:Label></div></td><td class="table2Col-style">
                <asp:TextBox ID="TxtEmail" runat="server"></asp:TextBox></td></tr>
       <tr><td class="table2Col-style"><div align="center">
            <asp:Label ID="LblPaswrd" runat="server" Text="Password" style="font-family: Calibri; font-size: small; color: #CD5800"></asp:Label></div></td><td class="table2Col-style">
                <asp:TextBox ID="TxtPaswrd" runat="server" TextMode="Password" ToolTip="Re-Enter Your Password">Enter Your Password</asp:TextBox></td></tr>
 <tr><td class="table2Col-style"><div align="center">
            <asp:Label ID="LblRePaswrd" runat="server" Text="Confirm Password" style="font-family: Calibri; font-size: small; color: #CD5800"></asp:Label></div></td><td class="table2Col-style">
                <asp:TextBox ID="TxtRePaswrd" runat="server" TextMode="Password" ToolTip="Re-Enter Your Password">Enter Your Password</asp:TextBox></td></tr>
        <tr><td colspan="2"><div align="center"><asp:Button ID="Button1" runat="server" Text="Register" Visible="True" OnClick="Button1_Click" BackColor="Black" BorderColor="#CD5800" BorderStyle="Outset" CausesValidation="True" ForeColor="#CD5800" /></div></td></tr>

    </table>
       </div>


and the C# code for onClick Event on Register button.

C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;

public partial class Signup : System.Web.UI.Page
{
    String connParam;
    OleDbConnection Conn;
    protected void Page_Load(object sender, EventArgs e)
    {
        
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        connParam = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\Projects\\App_Data\\Database.mdb; Persist Security Info=False";
        Conn = new OleDbConnection(connParam);
        try
        {
      Conn.Open();
        }
        catch(Exception ee)
        {
            Response.Write(ee);
        }
        try{

      OleDbCommand oleDbCmd = new OleDbCommand();
      oleDbCmd.CommandType = CommandType.Text;
      oleDbCmd.Connection = Conn;
      oleDbCmd.CommandText ="insert into Users (UserName,Email,Password,RePassword) values ('" + TxtUname.Text + "','" + TxtEmail.Text + "','" + TxtPaswrd.Text + "','" + TxtRePaswrd.Text + "')";
     oleDbCmd.ExecuteNonQuery();
    }
    catch (Exception ex)
    {
        Response.Write(ex);
    }
        Conn.Close();
        
  


    }
}


And when i runs it gives the following error: 

System.Data.OleDb.OleDbException (0x80040E14): Syntax error in INSERT INTO statement. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Signup.Button1_Click(Object sender, EventArgs e) in d:\Projects\Signup.aspx.cs:line 49



the line 49 is : oleDbCmd.ExecuteNonQuery();
Posted
Add a Solution

4 solutions

Probably there is something wrong with the given input. You can use parameterized queries to avoid this. Using parameterized queries also protects your application against SQL Injection[^], and it also makes your query more readable.
C#
OleDbCommand oleDbCmd = new OleDbCommand();
oleDbCmd.CommandType = CommandType.Text;
oleDbCmd.Connection = Conn;
oleDbCmd.CommandText ="insert into Users ([UserName],[Email],[Password],[RePassword]) values (@UserName, @Email, @Password, @RePassword)";
oleDbCmd.Parameters.AddWithValue("@UserName", TxtUname.Txt);
oleDbCmd.Parameters.AddWithValue("@Email", TxtEmail.Txt);
oleDbCmd.Parameters.AddWithValue("@Password", TxtPaswrd.Txt);
oleDbCmd.Parameters.AddWithValue("@RePassword", TxtRePaswrd.Txt);
oleDbCmd.ExecuteNonQuery();
 
Share this answer
 
Posted
Updated 23-Feb-14 5:39am
v2
Comments
Muhammad Taqi Hassan Bukhari 23-Feb-14 11:33am    
the given input is ok. sir, but Still giving Error:

System.Data.OleDb.OleDbException (0x80040E14): Syntax error in INSERT INTO statement. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Signup.Button1_Click(Object sender, EventArgs e) in d:\Projects\Signup.aspx.cs:line 36

line 36 is :oleDbCmd.ExecuteNonQuery();
Thomas Daniels 23-Feb-14 11:40am    
I found here that you have to put column names into square brackets. I updated my answer.
Start off by not doing it like that!
Not only does it leave you wide open to SQL Injection attacks, but it probably contributes to (or causes) your problem. Never concatenate strings to form an SQL command! Always use parameterised queries.
C#
protected void Button1_Click(object sender, EventArgs e)
    {
    connParam = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\Projects\\App_Data\\Database.mdb; Persist Security Info=False";
    Conn = new OleDbConnection(connParam);
    try
        {
        Conn.Open();
        OleDbCommand oleDbCmd = new OleDbCommand("insert into Users (UserName,Email,Password,RePassword) values (@UN, @EM, @PS, @RP)", Conn);
        oleDbCmd.Parameters.AddWithValue("@UN", TxtUname.Text);
        oleDbCmd.Parameters.AddWithValue("@EM", TxtEmail.Text);
        oleDbCmd.Parameters.AddWithValue("@PS", TxtPaswrd.Text);
        oleDbCmd.Parameters.AddWithValue("@RP", TxtRePaswrd.Text);
        oleDbCmd.ExecuteNonQuery();
        }
    catch (Exception ex)
        {
        Response.Write(ex);
        }
    finally
        {
        if (Conn != null && Conn.State == ConnectionState.Open)
            {
            Conn.Close();
            }
        }
    }


And remember that if you don't use parameterised queries, I can probably bypass your login if I want to and log in as you without needing any password...from anywhere in the world.

And please, Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
 
Share this answer
 
Posted
Comments
Muhammad Taqi Hassan Bukhari 23-Feb-14 11:29am    
Still the same error:
System.Data.OleDb.OleDbException (0x80040E14): Syntax error in INSERT INTO statement. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Signup.Button1_Click(Object sender, EventArgs e) in d:\Projects\Signup.aspx.cs:line 33
Line 33 is : oleDbCmd.ExecuteNonQuery();
OriginalGriff 23-Feb-14 11:36am    
Try putting square brackets round the table and field names - some of them as keywords, and that may not be helping:
OleDbCommand oleDbCmd = new OleDbCommand("insert into [Users] ([UserName],[Email],[Password],[RePassword]) values (@UN, @EM, @PS, @RP)", Conn);
if you are using msaccess as Database execute the query in that so that you will get to know the problem in that. or Try by keeping square brackets to the coloum names.

Hope it will help you.
 
Share this answer
 
Posted
Updated 23-Feb-14 17:33pm
v2
Error Fixed, I just change the table's Columns name.


C#
connParam = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\Projects\\App_Data\\Database.mdb; Persist Security Info=False";
        Conn = new OleDbConnection(connParam);
        try
        {
            Conn.Open();
            OleDbCommand oleDbCmd = new OleDbCommand();
            oleDbCmd.CommandType = CommandType.Text;
            oleDbCmd.Connection = Conn;
            oleDbCmd.CommandText = "insert into Usersdata (UserName,UserEmail,UserPassword,UserRePassword) values (@UserName, @Email, @Password, @RePassword)";
            oleDbCmd.Parameters.AddWithValue("@UserName", TxtUname.Text);
            oleDbCmd.Parameters.AddWithValue("@Email", TxtEmail.Text);
            oleDbCmd.Parameters.AddWithValue("@Password", TxtPaswrd.Text);
            oleDbCmd.Parameters.AddWithValue("@RePassword", TxtRePaswrd.Text);
            oleDbCmd.ExecuteNonQuery();
        }
        catch (Exception ex)
        {
            Response.Write(ex);
        }
        finally
        {
            if (Conn != null && Conn.State == ConnectionState.Open)
            {
                Conn.Close();
            }
 
Share this answer
 
Posted
Comments
CHill60 23-Feb-14 13:56pm    
Actually it's because you renamed the table, not the columns. If you had surrounded the tablename with square brackets you would have also got over the problem
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Signup during registration is not registering users to the database record?
Failed to insert data in the database using PHP to signup new users
Signup Form Which Has Image Upload Control Is Working On My System Fine But When I Upload The Site And Submit Signup Form It Giving Following Error, Plz Help The Url Is ...
Php signup/login system problem
.net core database insertion error
How do we insert a form data into mysql database table using variable value ?
I need help I am new to creating websites and need help in coding a website that will store user logins in a database when they sign up.
How to convert VB.NET windows form application to a browser based web application
How do I do this project
Hi!For My Semester Project Am Doing Project In Voip For Android Mobiles. But I Didnt Have That Much Knowledge In Coding And Programs.. So Help Me To Learn And Develop Apps

Advertise
Privacy
Cookies
Terms of Use
Last Updated 23 Feb 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900