syntax error
-
i am inserting values of useridtxtbx and pwdtxtbx to database on submitbtn_click.Insert statement is not showing error while debugging ..but when the program runs it is giving syntax error..Below is my code protected void submitbtn_Click(object sender, EventArgs e) { OleDbConnection con= new OleDbConnection("provider=Microsoft.Jet.OLEDB.4.0;data source = C:\\Documents and Settings\\swuser\\My Documents\\Clinical_Billing.mdb;" ); con.Open(); OleDbCommand cmd = new OleDbCommand("insert into user_login(user_id,password) values('" + useridtxtbx.Text + "','" + pwdtxtbx.Text + "'", con); cmd.ExecuteNonQuery(); con.Close(); }
-
i am inserting values of useridtxtbx and pwdtxtbx to database on submitbtn_click.Insert statement is not showing error while debugging ..but when the program runs it is giving syntax error..Below is my code protected void submitbtn_Click(object sender, EventArgs e) { OleDbConnection con= new OleDbConnection("provider=Microsoft.Jet.OLEDB.4.0;data source = C:\\Documents and Settings\\swuser\\My Documents\\Clinical_Billing.mdb;" ); con.Open(); OleDbCommand cmd = new OleDbCommand("insert into user_login(user_id,password) values('" + useridtxtbx.Text + "','" + pwdtxtbx.Text + "'", con); cmd.ExecuteNonQuery(); con.Close(); }
Use parameterized queries. You should be good then.
Navaneeth How to use google | Ask smart questions
-
i am inserting values of useridtxtbx and pwdtxtbx to database on submitbtn_click.Insert statement is not showing error while debugging ..but when the program runs it is giving syntax error..Below is my code protected void submitbtn_Click(object sender, EventArgs e) { OleDbConnection con= new OleDbConnection("provider=Microsoft.Jet.OLEDB.4.0;data source = C:\\Documents and Settings\\swuser\\My Documents\\Clinical_Billing.mdb;" ); con.Open(); OleDbCommand cmd = new OleDbCommand("insert into user_login(user_id,password) values('" + useridtxtbx.Text + "','" + pwdtxtbx.Text + "'", con); cmd.ExecuteNonQuery(); con.Close(); }
myinstincts wrote:
new OleDbCommand("insert into user_login(user_id,password) values('" + useridtxtbx.Text + "','" + pwdtxtbx.Text + "'", con);
As Navaneeth, suggested try to avoid code like that. It will caused SQL Injection Problem. Use Parameterized Query.
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Don't forget to click "Good Answer" on the post(s) that helped you.
modified on Saturday, September 5, 2009 3:50 AM
-
myinstincts wrote:
new OleDbCommand("insert into user_login(user_id,password) values('" + useridtxtbx.Text + "','" + pwdtxtbx.Text + "'", con);
As Navaneeth, suggested try to avoid code like that. It will caused SQL Injection Problem. Use Parameterized Query.
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Don't forget to click "Good Answer" on the post(s) that helped you.
modified on Saturday, September 5, 2009 3:50 AM
this is the first time i am hearing of anything like parameterized query and sql injection problem...thanks for those valuable informations...i will try with those then
-
this is the first time i am hearing of anything like parameterized query and sql injection problem...thanks for those valuable informations...i will try with those then
Please read this article, SQL Injection Attacks and Some Tips on How to Prevent Them[^]
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Don't forget to click "Good Answer" on the post(s) that helped you.
-
i am inserting values of useridtxtbx and pwdtxtbx to database on submitbtn_click.Insert statement is not showing error while debugging ..but when the program runs it is giving syntax error..Below is my code protected void submitbtn_Click(object sender, EventArgs e) { OleDbConnection con= new OleDbConnection("provider=Microsoft.Jet.OLEDB.4.0;data source = C:\\Documents and Settings\\swuser\\My Documents\\Clinical_Billing.mdb;" ); con.Open(); OleDbCommand cmd = new OleDbCommand("insert into user_login(user_id,password) values('" + useridtxtbx.Text + "','" + pwdtxtbx.Text + "'", con); cmd.ExecuteNonQuery(); con.Close(); }
hi, 1. the values parenthesis isn't closed 2. you shouldn't store plain passwords in a database, if it gets hacked all the entries become worthless at once. :)
Luc Pattyn
:badger: :jig: :badger:
Have a look at my entry for the lean-and-mean competition; please provide comments, feedback, discussion, and don’t forget to vote for it! Thank you.
:jig: :badger: :jig: