Home/ Questions/Q 8883557
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T20:50:29+00:00

Here is my code: Imports System.Data Imports System.Data.OleDb Public Class frmAdd Dim con As

  • 0

Here is my code:

Imports System.Data
Imports System.Data.OleDb

Public Class frmAdd
Dim con As New OleDbConnection
Dim com As New OleDbCommand
Dim ins As New OleDbCommand
Dim upd As New OleDbCommand
Dim strcon = ("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = Supplies.mdb")

Private Sub frmAdd_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    con.ConnectionString = strcon
    con.Open()
End Sub

Private Sub btnSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSave.Click
    ins.CommandText = "INSERT INTO [product info] ([Product Name:],[Description:],[Quantity:],[Type:],[Date Received:],[Barcode:],[Price:]) VALUES ('" & txtItemName.Text & "', '" & txtDescription.Text & "', " & txtItemCount.Text & ", '" & cmbItemType.Text & "', " & txtDate.Text & ", '" & txtBarcode.Text & "', '" & txtPrice.Text & "',);"
    ins.Parameters.AddWithValue("@name", txtItemName.Text)
    ins.Parameters.AddWithValue("@desc", txtDescription.Text)
    ins.Parameters.AddWithValue("@count", Convert.ToInt32(txtItemCount.Text))
    ins.Parameters.AddWithValue("@type", cmbItemType.Text)
    ins.Parameters.AddWithValue("@dt", Convert.ToDateTime(txtDate.Text))
    ins.Parameters.AddWithValue("@code", txtBarcode.Text)
    ins.Parameters.AddWithValue("@price", txtPrice.Text)

    ins.CommandType = CommandType.Text
    ins.Connection = con
    ins.ExecuteNonQuery()
    ins.Dispose()

    con.Close()

After I fill up all the textboxes, i hit the save button and when i hit the save button the error “Syntax error in INSERT INTO statement.”

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Table names with spaces should be enclosed in square brackets (product info has space in its name), the same is true for column names (Product Name, Date Received).
    Then, if you really have a : in all of your columns name, then use everywhere the square brackets, otherwise remove the : from the sql text (and from the database fields).

    ins.CommandText = "INSERT INTO [product info] ([Product Name:], [Description:], " + 
                 "[Quantity:],[Type:],[Date Received:],[Barcode:],[Price:]) " + 
                 "VALUES (?,?,?,?,?,?,?)"

    Said that, never use string concatenation to build a sql text to pass to the database engine.
    You avoid problems with date and text parsing (for example, if one of your input text contains a quote, everything will fail) and moreover you avoid Sql Injection Attacks

    ins.Parameters.AddWithValue("@name", txtItemName.Text)
ins.Parameters.AddWithValue("@desc", txtDescription.Text)
ins.Parameters.AddWithValue("@count", Convert.ToInt32(txtItemCount.Text))
ins.Parameters.AddWithValue("@type", cmbItemType.Text)
ins.Parameters.AddWithValue("@dt", Convert.ToDateTime(txtDate.Text)
ins.Parameters.AddWithValue("@code", txtBarcode.Text)
ins.Parameters.AddWithValue("@price", Convert.ToDecimal(txtPrice.Text)

    I am assuming that Quantity is a numeric column, Date Received is a DateTime column and Price a numeric column.

    • 0