ExecuteNonQuery() Syntax Error c#

Question

Ok, so I've seen this question in many MANY other threads, but never get a complete answer (at least so far). So I have a basic code to insert a new user with all of it's info into a MySQL database (localhost), and I have basically done the same code a previous time, and it worked. It isn't the length of the sentence, since the column can handle at least 40 chars.

The error:

 MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Clave='9cdfb439c7876e703e307864c9167a15'' at line 1'

My code:

    private void Button_Click(object sender, RoutedEventArgs e)
    {
        var nomCom = Nombre.Text + Apellido.Text;            

        /*var exists = Query.Check($"SELECT EXISTS(SELECT 1 FROM usuario WHERE Nombre_Usu='{NombreUsu.Text}'");

        if (!exists)
        {
            MessageBox.Show("Nombre de usuario ya existe","VERIFIQUE",MessageBoxButton.OK,MessageBoxImage.Exclamation);
        }
        else
        {*/
            if (string.IsNullOrWhiteSpace(nomCom) || string.IsNullOrWhiteSpace(NombreUsu.Text) || txtContra.Password.ToString() != txtConfirmar.Password.ToString())
            {
                MessageBox.Show("Verifique los campos porfavor :)", "ERROR", MessageBoxButton.OK, MessageBoxImage.Error);
                return;
            }

            Query.Execute($"INSERT usuario SET Nombre='{Nombre.Text}', Apellido='{Apellido.Text}', Nombre_Usu='{NombreUsu.Text}' Clave='{txtContra.Password.Encriptar()}'");
       // }

    }

Alright, that is the code for the Register form/window, where the user will input the data and insert that into the DB. The "Query.Check" is another class (Query) in which I wrote the SQL methods, to reuse code and save space. Oh and the ".Encriptar()" is just a method to hash the password. Here it is:

     public static long Execute(string query)
    {
        var con = Connection.Create();
        var command = new MySqlCommand(query, con);
        command.ExecuteNonQuery();
        con.Close();
        return command.LastInsertedId;
    }

So... I don't know why this isn't working, since I did exactly the same thing with a previous app and worked just fine! Please, someone help me. Btw, I'm new here, so sorry if I didn't write the post correctly.

Answer 1

you are missing a , in your sql

, Nombre_Usu='{NombreUsu.Text}' Clave='{txtContra.Password.Encriptar()}'

needs to be

, Nombre_Usu='{NombreUsu.Text}', Clave='{txtContra.Password.Encriptar()}'

Beyond that, use paramatized queries ( lots of questions on here about that )

Answer 2

Your SQL syntax for the INSERT is incorrect. It should be

INSERT INTO usuario (Nombre, Apellido, Nombre_Usu, Clave) VALUES (@Nombre, @Apellido, @Nombre_Usu, @Clave)

Also as Jon stated in the comments, you will want to parameterize your query.