Search code examples
c#asp.netoledb

C# ExecuteNonQuery Error (Connecting My.ASP Web Form to an Access DB)

I'm trying to connect my ASP.NET online registration form to MS Access backend database. The connection code I'm using is

String connString;
connString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Z\Desktop\Comp\MyWebsite\WorkDatabase.mdb";
OleDbConnection myConnection = new  OleDbConnection(connString);
myConnection.Open();
string myQuery = "INSERT INTO Parent([Username], [FirstName], [Surname], [Email], [Mobile], [Postcode], [Password]) values('" + Usernametb.Text + "','" + Firsttnametb.Text + "','" + Surnametb.Text + "','" + Emailtb.Text + "','" + Mobiletb.Text + "','" + Postcodetb.Text + "','" + Passwordtb.Text + "')";
OleDbCommand myCommand = new OleDbCommand(myQuery, myConnection);
myCommand.ExecuteNonQuery();
myConnection.Close();

try
{
    using (myConnection)
    {
        myConnection.Open();
        myCommand.ExecuteNonQuery();
        SuccReglbl.Text = "successful registration";
    }
}
catch (Exception ex)
{
    SuccReglbl.Text = "Exception in DBHandler" + ex;
}
finally
{

}

myCommand.ExecuteNonQuery();
OleDbDataReader myReader = myCommand.ExecuteReader();
while (myReader.Read())
{

}
myConnection.Close();

I keep getting an error when I click on the "Register" button. The error is

"ExecuteNonQuery requires an open and available Connection. The connection's current state is closed."

I'm unsure how to fix this.

Solution

  • Based on what you said you are trying to, this is all the code you need.

    Please be aware your code is vulnerable to SQL Injection because you are stuffing the user input directly into a query. A user can own your database or destroy it very easily. See this for more information and research OleDbParameter.

    string myQuery = "INSERT INTO Parent([Username], [FirstName], [Surname], [Email], [Mobile], [Postcode], [Password]) values('" + Usernametb.Text + "','" + Firsttnametb.Text + "','" + Surnametb.Text + "','" + Emailtb.Text + "','" + Mobiletb.Text + "','" + Postcodetb.Text + "','" + Passwordtb.Text + "')";
string connString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Z\Desktop\Comp\MyWebsite\WorkDatabase.mdb";
try
{
    using(OleDbConnection myConnection = new  OleDbConnection(connString))
    {
        using(OleDbCommand myCommand = myConnection.CreateCommand())
        {
            myCommand.CommandText = myQuery;
            myConnection.Open();
            myCommmand.ExecuteNonQuery();
            SuccReglbl.Text = "successful registration";
        }
    }
}
catch (Exception ex)
{
    SuccReglbl.Text = "Exception in DBHandler " + ex.Message;
}