howto insert textbox.text into access ?

Lost User

string query = "Insert Into Users(username,password) values(' + "\"" txtusername.Text "\" ','"\" txtpassword.Text"\"')"; adp1 = new OleDbDataAdapter(query, conn); > firstly, is this correct ? secondly: how should i change this values(' + "\"" txtusername.Text "\" ','"\" txtpassword.Text"\"') ? it gives error ;( dont know how to modify ?

albCode

string query = "Insert Into Users(username,password) values('" + txtusername.Text +"','"+ txtpassword.Text+"')";

Lost User

thanks a lot ;) but how will i process this query ? :p string baglan = "Provider = Microsoft.Jet.OLEDB.4.0; Data Source=veritabani.mdb"; conn = new OleDbConnection(baglan); conn.Open(); string query = "Insert Into Users(username,password) values('" + txtusername.Text +"','"+ txtpassword.Text+"')"; then ... what ?

albCode

string baglan = "Provider = Microsoft.Jet.OLEDB.4.0; Data Source=veritabani.mdb"; conn = new OleDbConnection(baglan); conn.Open(); string query = "Insert Into Users(username,password) values('" + txtusername.Text +"','"+ txtpassword.Text+"')"; OleDbDataAdapter da = new OleDbDataAdapter(query ,conn ); DataSet ds = new DataSet(); da.Fill(ds); conn.Close();

Lost User

now i get this error: syntax error in INSERT INTO statement. ? i am confused :( and probably will lose my mind :)

eggsovereasy

Once you get it working you really should make a method to go through the textboxes and strip out some characters. Right now you are vulnerable to a sql injection attack. If I put: bob'; delete * from user; -- I just deleted everything in the user table.

t thomsen judoo dk

eggsovereasy wrote:

Once you get it working you really should make a method to go through the textboxes and strip out some characters.

You should never strip out and limit the user´s possibilities. You should escape the characters instead.