Having a problem with my sql, I am creating program for my ALevel and when I go to create a logins page I wish to have a button that will allow me to create a new login and save it to my database. when I click the button I keep getting 'Syntax error in INSERT INTO statement.' I have tried coding this in many different ways and my teacher can't figure it out! Any advice?

Imports System.Data

Public Class Login
    Public Con As New OleDb.OleDbConnection
    Public userds As New DataSet
    Public userda As OleDb.OleDbDataAdapter

    Dim NumberofRecords As Integer
    Dim CurrentRecord As Integer = 0

    Private Sub RefreshData()
        userda = New OleDb.OleDbDataAdapter("Select * From tblLoginDetails", Con)
        userda.Fill(userds, "Logins")
        NumberofRecords = userds.Tables("Logins").Rows.Count - 1
    End Sub

    Private Sub MakeSQL(ByVal SQLString As String)
        Dim cmd As New OleDb.OleDbCommand
        If Not Con.State = ConnectionState.Open Then
        End If
        cmd.Connection = Con
        cmd.CommandText = SQLString
        CurrentRecord = 0
    End Sub

    Public Sub Login_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Con.ConnectionString = "Provider=Microsoft.Jet.OleDb.4.0; Data Source =" & Application.StartupPath & "\AddressBook.mdb"
    End Sub

    Private Sub cmdNewLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdNewLogin.Click
        Dim Answer As Integer = MsgBox("Add this as a new record?", MsgBoxStyle.YesNo, "Request")
        If Answer = 6 Then

            'Create INSERT INTO    SQL command

            Dim SQLSend As String = "INSERT INTO tblLoginDetails(Username, Password) " & _
                   " VALUES('" & Me.txtUsername.Text & "','" & txtPassword.Text & "')"

            MakeSQL(SQLSend)    ' Call SQL function with above string as parameter
            MsgBox("Record Added", MsgBoxStyle.Information, "Info")
            MsgBox("Record not Added", MsgBoxStyle.Information, "Info")
        End If
    End Sub
End Class
Dim dc As SqlCommand = New SqlCommand

     With dc

                .Connection = con 'assuming con is connection string
                .CommandText = "INSERT INTO tblLoginDetails" & _
               "(UserName, password)" & _
               "VALUES ( @user, @pass)"
                .Parameters.AddWithValue("@user", txtuserName.Text)
                .Parameters.AddWithValue("@pass", txtpassword.Text)

            End With


            Catch sqlexceptionerr As SqlException
            End Try
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.