Home/ Questions/Q 8610609
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T04:10:33+00:00

This is my first time working with DB. I’ve decided to create a DB

  • 0

This is my first time working with DB.
I’ve decided to create a DB with two tables – “Team”, “Player”
I want to add a new player to the “Player” table.
The “Player” table consists of the following columns: ID(autonumber), FirstName, LastName, TeamID

In order to do so, I’ve created three text boxes for the FirstName, LastName, TeamID
Note that I did not treat the “ID” since it’s an autonumber and should be added automatically
The Button1_click should add the new row eventually.

Here’s my code:

    protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
            connection = new OleDbConnection(connectionString);
        }
        catch
        { }
        try
        {
            connection.Open();

            OleDbCommand command = new OleDbCommand("INSERT INTO Player VALUES ('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "')");

            command.ExecuteNonQuery();

            connection.Close();

        }
        catch
        { }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When you write an INSERT string that doesn’t include the column names you should specify every column in the values. In your case you need to add 

     string sqlText = "INSERT INTO Player (FirstName, LastName, TeamID) VALUES ('" 
                  + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "')");

    However this code is wrong for another reason. Never write sql strings concatenating input text typed by the user. This will cause errors or, worse, lead to Sql Injection 

       using(connection = new OleDbConnection(connectionString))
   { 
        connection.Open(); 
        string sqlText = "INSERT INTO Player (FirstName, LastName, TeamID) " + 
                         "VALUES (?, ?, ?)"; 
        OleDbCommand command = new OleDbCommand(sqlText, connection); 
        command.Parameters.AddWithValue("@First", textBox1.Text);
        command.Parameters.AddWithValue("@Last", textBox2.Text);
        command.Parameters.AddWithValue("@team", textBox3.Text);
        command.ExecuteNonQuery(); 
    }

    There is another problem. If the TeamID field is a numeric field you need to convert the textbox3.text input in a numeric value to correctly use the AddWithValue method

            int teamID;
        if(!Int32.TryParse(textBox3.Text, out teamID))
             throw new ArgumentException("Type a valid TeamID number, please!");
        command.Parameters.AddWithValue("@team", teamID);
    • 0