Home/ Questions/Q 4621664
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T02:44:01+00:00

I am working with C# . I want to insert record in the table.

  • 0

I am working with C#.

I want to insert record in the table. I m using the MS Access database. I have the following code:

private void button1_Click(object sender, EventArgs e)
{
    con.ConnectionString = "PROVIDER=Microsoft.Jet.OLEDB.4.0;
        Data Source=C:\\Documents and Settings\\mayur patil\\
                       My Documents\\Dairy_db\\tblCompany.mdb";
    con.Open();
    OleDbCommand cmd = new OleDbCommand(
       "INSERT INTO tblCompany (CoCode,CoName_mar)
       VALUES("+textBox1.Text+","+textBox4.Text+")", con);
    cmd.ExecuteNonQuery();
    con.Close();

    this.Hide();
    Form1 f = new Form1();
    f.ShowDialog();
}

I am not getting the answer..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A much better way to create your command would be to add parameters to it.

    This frees you completely from thinking about the neccessity of quotes and, as an important “side effect” you eliminate the risk of SQL injection attacks. 🙂

    You can find a more complete explanation on MSDN here, for example.

    Your command might then look like this:

    OleDbCommand cmd = new OleDbCommand(
   "INSERT INTO tblCompany (CoCode,CoName_mar)
   VALUES(@ParamCoCode, @ParamCoName_mar)", con);

OleDbParameter paramCoCode = new OleDbParameter();
paramCoCode.ParameterName = "@ParamCoCode";
paramCoCode.SqlDbType = SqlDbType.NVarChar;
paramCoCode.Value = categoryName;

OleDbParameter paramCoName_mar = new OleDbParameter ();
paramCoName_mar.ParameterName = "@ParamCoCode";
paramCoName_mar.SqlDbType = SqlDbType.NVarChar;
paramCoName_mar.Value = categoryName;

// Add the parameters to the Parameters collection. 
cmdParameters.Add(paramCoCode);
cmdParameters.Add(paramCoName_mar);

cmd.ExecuteNonQuery();
con.Close();

    Please keep in mind that the parameters need to be added in the same order as thay occur in the SQL statement.

    • 0