Insert item to database

Question

I have a problem with insert into statement..

cmd = new OleDbCommand("insert into FWINFOS (ID,Name,Gender,DateOfBirth,Race,WorkingPlace,PassportNO,DateOfExpire,Position,Photo) " +
                       "values('" + textBox5.Text + "','" + textBox1.Text + "','" + textBox2.Text + 
                       "','" + dateTimePicker1.Value + "','" + textBox3.Text + "','" + textBox4.Text + 
                       "','" + textBox6.Text + "','" + dateTimePicker2.Value + "',@Position,@Photo)", con);

conv_photo();
cmd.Parameters.AddWithValue("@Position", comboBox1.SelectedValue);
con.Open();
int n = cmd.ExecuteNonQuery();
//cmd.ExecuteNonQuery();
con.Close();
if (n > 0)
{
    MessageBox.Show("Inserted");
    loaddata();
    rno++;
}
else
    MessageBox.Show("No Insert");

ERROR : Syntax Error INSERT INTO

Anyone can advise me? Please, Sorry for my bad English grammar.

Answer 1

There is no value for parameter @Photo, and if your photo field is not nullable or empty
in database structure then how you can add null value in that.So make your data field 
nullable or pass value to parameter @Photo.I think it will solve your problem.

cmd = new OleDbCommand("insert into FWINFOS (ID,Name,Gender,DateOfBirth,Race,WorkingPlace,PassportNO,DateOfExpire,Position,Photo) " +
                       "values('" + textBox5.Text + "','" + textBox1.Text + "','" + textBox2.Text + 
                       "','" + dateTimePicker1.Value + "','" + textBox3.Text + "','" + textBox4.Text + 
                       "','" + textBox6.Text + "','" + dateTimePicker2.Value + "',@Position,@Photo)", con);

conv_photo();
cmd.Parameters.AddWithValue("@Position", comboBox1.SelectedValue);
cmd.Parameters.AddWithValue("@Photo", assignvalue);
con.Open();
int n = cmd.ExecuteNonQuery();
//cmd.ExecuteNonQuery();
con.Close();
if (n > 0)
{
    MessageBox.Show("Inserted");
    loaddata();
    rno++;
}
else
    MessageBox.Show("No Insert");

Answer 2

Seem like you are missing out a parameter in your query, try using this

cmd.CommandText = "insert into Table1 (id,Position) values (@id,@Position)";

cmd.parameters.addwithvalue("@id", textBox1.Text);
cmd.parameters.addwithvalue("@Position", combobox1.selectedvalue);

new updated -the position is the oleh db reserved words, try change to this query, put the cover to Position like below

cmd = new OleDbCommand("insert into FWINFOS (ID,Name,Gender,DateOfBirth,Race,WorkingPlace,PassportNO,DateOfExpire,[Position],Photo) " +
                   "values('" + textBox5.Text + "','" + textBox1.Text + "','" + textBox2.Text + 
                   "','" + dateTimePicker1.Value + "','" + textBox3.Text + "','" + textBox4.Text + 
                   "','" + textBox6.Text + "','" + dateTimePicker2.Value + "',@Position,@Photo)", con);

Answer 3

You have missed adding @Photo parameter in your code.

That is ok for testing purpose but you should never insert to database this way. This expose your system to a SQL Injection. You should use parametrized queries where possible. Something like

int result=0;
using (OleDbConnection myConnection = new OleDbConnection ("YourConnectionString"))
{
    cmd = new OleDbCommand("insert into FWINFOS (ID,Name,Gender,DateOfBirth,Race,WorkingPlace,PassportNO,DateOfExpire,Position,Photo) values (@ID, @Gender, @DateOfBirth, @Race, @WorkingPlace, @PassportNO, @DateOfExpire, @Position, @Photo)", con);

        conv_photo();
        cmd.Parameters.AddWithValue("@ID", textBox5.Text);
        // Specify all parameters like this
        try
        {   
          con.Open();
          result = Convert.ToInt32(cmd.ExecuteNonQuery()); 
        }

        catch( OledbException ex)
        {
             // Log error
        }
        finally
        {
           if (con!=null) con.Close();
            }
        }

if(result > 0)
     // Show success message

Also note that OleDb parameters are positional, means you have to specify them in the exact order as in your query. OleDbParameter Class (MSDN)