How to create table in microsoft access with dynamic name in C#?

Question

I can create table with unique name in code but when I want to create a table with a dynamic name, by using the contents of a text box, it shows me "Syntax error in CREATE TABLE statement" in a message box. My Code:

private void createTableInDatabase(string fName, string lName)
    {
        OleDbConnection conn = new OleDbConnection();
        conn.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\Project\Learning\Visual C#\Form\Tailor Assistance\Tailor Assistance\bin\Release\Tailor Assistance.mdb";
        conn.Open();
        string tableName = fName + " " + lName;
        OleDbCommand cmmd = new OleDbCommand("", conn);
        cmmd.CommandText = "CREATE TABLE " + tableName + "( [ID] Counter Primary Key, [FirstName] Text, [LastName] Text, [Gender] Text, [Phone] Text, [CellPhone] Text, [FriendsFirstName] Text, [FriendsLastName] Text, [RegisterDate] Text, [Size] Text, [Description] Text)";
        if (conn.State == ConnectionState.Open)
        {
            try
            {
                cmmd.ExecuteNonQuery();
                MessageBox.Show("Add!");
                conn.Close();
            }
            catch (OleDbException expe)
            {
                MessageBox.Show(expe.Message);
                conn.Close();
            }
        }
        else
        {
            MessageBox.Show("Error!");
        }
    }

What's the problem?

Answer 1

Your table name contains a space. You need to encapsulate it with square brackets. Just write this

string tableName = "[" + fName + " " + lName + "]";

but, I strongly suggest you to avoid this.

In future, you will always have to do that, for EVERY query you write.
A simple well known workaround is to use an underscore instead of the space.

And, looking at your field names, I have noticed a field called SIZE.
This is a reserved keyword for MS Access . You will face the same problem here. EVERY query that use that field will need to encapsulate the name in square brackets,
Again, for your future mental sanity, change that name. :-)

NOTE - 7 YEARS LATER
Looking back at this answer, while correct, it lacks an important point.
From the code above it is not possible to know if the input values used to define the name of the table are safe or not. If you let your users type these names then it is possible for then to enter very nasty strings that combined with your current string could be used to wreak havoc with your database. This hack is well known under the name of Sql Injection and the solution is always the same. You should use parameters to pass values to your database, and when this is not possible because a parameter cannot be used to represent a table or column name, then you should force your users to choose from a set of names without letting them type any string.