Exception thrown: 'system.data.oledb.oledbexception' in system.data.dll

Question

1.00/5 (1 vote)

See more:

Hello I'm Working on a project to add employee information into a access database, the whole project was working good, then I just added more textboxes and when I try to Insert a new record into the database its not adding any record + I keep showing the "

Exception thrown: 'System.Data.OleDb.OleDbException' in System.Data.dll" in the output windows..

This is the code of the button:

<pre lang="Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        Try
            Dim DT As New DataTable
            Dim DA As New OleDb.OleDbDataAdapter("SELECT * FROM Data WHERE الاسم_كاملاً='" & TextBox1.Text & "'", CONN)
            DA.Fill(DT)
            If DT.Rows.Count > 0 Then
            Else
                Dim DR = DT.NewRow

                DR!الاسم_كاملاً = TextBox1.Text
                DR!الرتبة = TextBox2.Text
                DR!التخصص = TextBox3.Text
                DR!رقم_الهوية = TextBox4.Text
                DR!مكان_الميلاد = TextBox5.Text
                DR!تاريخ_التعيين = TextBox6.Text
                DR!تاريخ_الترقية_للرتبة_الحالية = TextBox7.Text
                DR!الحالة_الاجتماعية = TextBox8.Text
                DR!الوحدة_المثبت_عليها = TextBox9.Text
                DR!تاريخ_المباشره_بالوحدة = TextBox10.Text
                DR!تاريخ_بداية_الخدمة_الاضافية = TextBox11.Text
                DR!رقم_الجوال = TextBox12.Text
                DR!الرقم_العام = TextBox13.Text
                DR!الرقم_الخاص = TextBox14.Text
                DR!الوظيفة_المثبت_عليها = TextBox15.Text
                DR!تاريخ_الميلاد = TextBox16.Text
                DR!مصدر_الهوية = TextBox17.Text
                DR!القسم = TextBox18.Text
                DR!تاريخ_الاستحقاق = TextBox19.Text
                DR!المؤهل = TextBox20.Text
                DR!الوحدة_التي_يعمل_بها_حاليا = TextBox21.Text
                DR!تاريخ_الندب_الالحاق_التكليف = TextBox22.Text
                DR!تاريخ_نهاية_الخدمة_الاضافية = TextBox23.Text


                'DR!صورة = PictureBox1.Image


                DT.Rows.Add(DR)

                Dim SAVE As New OleDb.OleDbCommandBuilder(DA)
                SAVE.QuotePrefix = "["
                SAVE.QuoteSuffix = "]"
                DA.Update(DT)
                DT.AcceptChanges()
                DT.Clear()

                FILL_DGV(DataGridView1, "SELECT * FROM Data")
                Dim CON As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source= Employees.accdb")
                Dim CMD As New OleDbCommand("SELECT COUNT (*)FROM Data", CON)
                CON.Open()
                Label20.Text = CMD.ExecuteScalar().ToString()

                Button3_Click(Nothing, Nothing)

                MessageBox.Show("تم حفظ البيانات في قاعدة البيانات بنجاح", "رسالة تأكيد", MessageBoxButtons.OK, MessageBoxIcon.Information)

            End If

        Catch ex As Exception

        End Try
    End Sub">

What I have tried:

If anyone can help me with that please try to samplify the answer, Thanks

Posted 7-Sep-21 11:49am

Yousef1996

Updated 7-Sep-21 22:32pm

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wendelius · Answer 1 · 2021-09-07T16:52:00

At least one issue is that you concatenate text directly from the textbox to your SQL statement. This leaves you open to SQL injection and other, syntactical problems. See SQL injection - Wikipedia[^]

So instead of the concatenation here

VB

Dim DA As New OleDb.OleDbDataAdapter("SELECT * FROM Data WHERE الاسم_كاملاً='" & TextBox1.Text & "'", CONN)

you should use a parameter. For an example, have a look at OleDbParameter Class (System.Data.OleDb) | Microsoft Docs[^]

Richard Deeming · Answer 2 · 2021-09-07T22:32:00

In addition to the SQL Injection[^] vulnerability in your code, your column name doesn't look like a valid SQL identifier.

In general, SQL identifiers need to consist of unaccented "latin" letters (a-z), digits (0-9), and underscores (_). They also cannot start with a digit.

You would either need to wrap your column name in square brackets, or change it to be a valid SQL identifier.

VB.NET

Dim DA As New OleDb.OleDbDataAdapter("SELECT * FROM Data WHERE [الاسم_كاملاً] = @P1", CONN)
DA.SelectCommand.Parameters.AddWithValue("@P1", TextBox1.Text)
DA.Fill(DT)

You might also get compiler errors accessing the columns using the DR!column syntax. If you do, you'll need to use the DR["column"] syntax instead:

VB.NET

' DR!الاسم_كاملاً = TextBox1.Text
DR["الاسم_كاملاً"] = TextBox1.Text

Exception thrown: 'system.data.oledb.oledbexception' in system.data.dll

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0