Error ( Syntax Error Every Time Update or Save on Data)

By : Richard
Source: Stackoverflow.com
Question!

Here is my button command for save. need help in getting this to work, will be getting this to defend for tomorrow school project. Thanks! Its for Datagridview, access, c#. I use 2010VS and 2007MSaccess.

private void save_Click(object sender, EventArgs e) {

        if (adminyes.Checked == true || adminno.Checked == true && textBox1.Text != null && textBox2.Text != null && textBox3.Text != null)
        {
            admin = "Yes";

            if (mode == "a")
            {
                x = 0;
                connect.Close();
                connect.ConnectionString = inventorydb;
                connect.Open();
                sqlcommand.CommandText = "SELECT * FROM Users WHERE Username ='" +textBox2.Text+ "' Or User_ID ='" +textBox1.Text+ "' ";
                sqlcommand.Connection = connect;
                OleDbDataReader reader = sqlcommand.ExecuteReader();
                while (reader.Read())
                {
                    x++;
                }

                if (x != 0)
                {
                    MessageBox.Show("", "",MessageBoxButtons.OK);
                }
                else
                {
                    DialogResult res = MessageBox.Show("Are you sure?", "Save User", MessageBoxButtons.YesNo, MessageBoxIcon.Warning);

                    if (DialogResult.Yes == res)
                    {
                        connect.Close();
                        connect.ConnectionString = inventorydb;
                        connect.Open();
                        sqlcommand.CommandText = "INSERT INTO Users (User_ID, Username, Password, Admin) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "', '" + textBox3.Text + "', '" + admin + "') ";
                        sqlcommand.Connection = connect;
                        reader = sqlcommand.ExecuteReader();
                        MessageBox.Show("Record(s) Saved", "Sample");
                    }

                    reset();
                }
            }
            else if (mode == "e")
            {
                DialogResult res = MessageBox.Show("Are you sure?", "Update User", MessageBoxButtons.YesNo, MessageBoxIcon.Warning);

                if (DialogResult.Yes == res)
                {
                    connect.Close();
                    connect.ConnectionString = inventorydb;
                    connect.Open();
                    sqlcommand.CommandText = "UPDATE Users SET User_ID = '" + textBox1.Text + "',  Username = '" + textBox2.Text + "', Password = '" + textBox3.Text + "',Admin = '" + admin + "' WHERE SerialID = '" + idholder + "'  ";
                    sqlcommand.Connection = connect;
                    OleDbDataReader reader = sqlcommand.ExecuteReader();
                    reader.Read();
                    MessageBox.Show("Record(s) Updated", "Sample");

                }

                reset();
            }
        }
        else 
        {
            MessageBox.Show("", "", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
    }
By : Richard


Answers

Password is a reserved word in Access. Change it to [Password] in your SQL queries. You should wrap all columns and tables like this.

Although this is just a school project I'll mention a few things:

Your code is vulnerable to SQL injection. Here's how to fix this for your insert method as an example:

sqlcommand.CommandText = "INSERT INTO [Users] ([User_ID], [Username], [Password], [Admin]) VALUES (@user_id, @username, @password, @admin)";
sqlcommand.Connection = connect;
sqlcommand.Parameters.AddWithValue("@user_id", textBox1.Text);
sqlcommand.Parameters.AddWithValue("@username", textBox2.Text);
sqlcommand.Parameters.AddWithValue("@password", textBox3.Text);
sqlcommand.Parameters.AddWithValue("@admin", admin);
reader = sqlcommand.ExecuteReader();

Also passwords shouldn't be stored in plain text. Look into password hashing and salting and how to approach it properly for more information.

By : dukedukes


Depends on how accurate you want the speedtest to be, the larger the file the more accurate it is. But this can be a big annoyance/data hog for the user.

The big number appears because it's in bytes, to get Mb/s you need to do Your result / 1024^2.



Disable attribute only associates button and input filelds, the thing you want to do here is , event.preventDefault . It will work like disable, but it will depend upon your coding, if you want to show it disabled, you have to add add via jquery



This video can help you solving your question :)
By: admin