How do fix Syntax error in INSERT INTO statement in vbnet?

Question

I am trying to update my database and ran into this error. I am trying to update my database by adding new rows and run into this error.

    Dim dsNewRow As DataRow
    Dim ds As New DataSet

    Dim con As New OleDbConnection

    con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\POS DATABASE.mdb"
    con.Open()

    Dim sql As String = "SELECT * FROM manager_login_data"

    Dim da As New OleDbDataAdapter(sql, con)

    Dim cb As New OleDb.OleDbCommandBuilder(da)


    da.Fill(ds, "manager_login_data")

    dsNewRow = ds.Tables("manager_login_data").NewRow()

    dsNewRow.Item("username") = TextBox1.Text
    dsNewRow.Item("password") = TextBox2.Text



    ds.Tables("manager_login_data").Rows.Add(dsNewRow)


    da.Update(ds, "manager_login_data")

I want to know what I need to do in order to fix this and get my program running. The error takes place at the da.Update line.

EDIT: I found out that the sql command I am feeding the da has to be changed.

I just need to know into what.

EDIT 2:

Answer 1

You don't necessarily need to change your query. What is almost certainly happening is that one of your column names is a reserved word or contains spaces or other special characters. There are a number of ways to address this issue.

The first and best option is to change your column name(s). You should never use spaces or special characters in column names and you should avoid reserved words. It appears that this is login data in Access, which makes it likely that one of your columns is named Password . That is indeed a reserved word in Jet SQL. If you were doing things properly then you would not be storing passwords in clear text to begin with but, rather, hashing them instead. In that case, the column could be named PasswordHash and the issue goes away. If you can't change the column name to something more suitable, you need to try a different option.

Another option is to not use wildcards in your query. A command builder will simply use column names as they are if you do but, if you specify the columns explicitly, the command builder will use the same names you do. In that case, you would need to escape any problem column names in your query and then the command builder will do the same, eg

Dim sql As String = "SELECT UserName, [Password] FROM manager_login_data"

A third option is to tell the command builder to escape every column name, allowing you to continue to use wildcards in your query. You do this by setting the QuotePrefix and QuoteSuffix properties. As you can see from the above SQL example, the prefix is an opening bracket and the suffix is a closing bracket. Some other databases may use different characters, eg MySQL uses a grave for both. Eg

With cb
    .QuotePrefix = "["
    .QuoteSuffix = "]"
End With

You only need to do that once for each command builder and you must do it before calling Update on the data adapter. The most sensible option is to do it where you create the command builder, eg

Dim cb As New OleDbCommandBuilder(da) With {.QuotePrefix = "[",
                                            .QuoteSuffix = "]"}

Answer 2

You are hitting the database twice, once with the .Fill method and once with the .Update . All the overhead of DataAdapters, DataSets, DataTables and CommandBuilders is not necessary. If all you want to do is add one user then the following steps will accomplish this.

1. Create a connection passing the connection string to the constructor.

2. Create a command passing the command text and the connection to the constructor.

3. Create the parameters passing the parameter name, datatype and field size to the .Add method and set the values. I had to guess the datatype and field size. Consult the database for the real values and adjust the code accordingly.

4. Open the connection and execute the command.

I did escape password with brackets in the Sql statement as indicated by @jmcilhinney in his answer.

Private Sub InsertNewUser()
    Using con As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\POS DATABASE.mdb"),
            cmd As New OleDbCommand("Insert Into manager_login_data (username, [password]) Values (?,?);", con)
        With cmd.Parameters
            .Add("@user", OleDbType.VarChar, 100).Value = TextBox1.Text
            .Add("@password", OleDbType.VarChar, 100).Value = TextBox2.Text
        End With
        con.Open()
        cmd.ExecuteNonQuery()
    End Using
End Sub

EDIT

Try putting a DataGridView on a Form and run the following code after InsertNewUser has been executed.

Private Sub FillGrid()
    Dim dt As New DataTable
    Using con As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\POS DATABASE.mdb"),
        cmd As New OleDbCommand("Select * From manager_login_data;")
        con.Open()
        dt.Load(cmd.ExecuteReader)
    End Using
    DataGridView1.DataSource = dt
End Sub

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    FillGrid()
End Sub