C＃错误：{“ INSERT INTO语句中的语法错误。”} System.Data.OleDb.OleDbException

Question

这是我的第一篇文章，我是编程的新手。因此，在此先感谢您的帮助和反馈。

我必须构建一个连接到MS Access数据库的应用程序。我已经直接在数据库中创建了用户名和密码。但是，现在我必须添加一个位置，用户可以在其中创建自己的用户名和密码，然后使用这些凭据登录，使用Rubular表达式，以便他们输入大写，小写和数字。

此外，我必须确保它的安全性并防止SQL注入。

但是我无法继续，我不断遇到以下错误：

  

$ exception
  INSERT INTO语句中的语法错误。
  System.Data.OleDb.OleDbException

代码如下：

public partial class Form1 : Form
{
    private OleDbConnection connection = new OleDbConnection();

    public Form1()
    {
        InitializeComponent();
        connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;   Data Source=C:\Users\Paul\Desktop\Purdue Global\Classes\IT481 Advanced Software Development\Unit 9\Books2010_v2.accdb;Persist Security Info=False";
    }

    private void Form1_Load(object sender, EventArgs e)
    {
        try
        {
            connection.Open();

            CheckconnectionLabel2.Text = "Connection Successful";

            connection.Close();
        }
        catch (Exception ex)
        {
            MessageBox.Show("Error, " + ex);
        }
    }

    private void create_Button_Click(object sender, EventArgs e)
    {
        OleDbCommand command = new OleDbCommand();
        connection.Open();
        command.Connection = connection;
        command.CommandText = "insert into Users (user, password) values('" + user_Create.Text + "','" + password_Create.Text + "')";
        command.ExecuteNonQuery();
        MessageBox.Show("Data saved");
        connection.Close();
    }

    private void login_button_Click(object sender, EventArgs e)
    {
        connection.Open();
        OleDbCommand command = new OleDbCommand();
        command.Connection = connection;
        OleDbDataAdapter DBAdapter = new OleDbDataAdapter("select * from Users Where User= '" + text_Username.Text + "' and Password = '" + text_Password.Text + "' ", connection);
        DataTable dt = new System.Data.DataTable();
        DBAdapter.Fill(dt);

        if (dt.Rows.Count == 1)
        {
            switch (dt.Rows[0]["Role"] as string)
            {
                case "Admin":
                    {
                        //connection.Close();
                        //connection.Dispose();
                        this.Hide();
                        Form2 f2 = new Form2();
                        f2.ShowDialog();
                        break;
                    }

                case "User2":
                    {
                        //connection.Close();
                        //connection.Dispose();
                        this.Hide();
                        Form3 f3 = new Form3();
                        f3.ShowDialog();
                        break;
                    }

                case "User1":
                    {
                        //connection.Close();
                        //connection.Dispose();
                        this.Hide();
                        Form4 f4 = new Form4();
                        f4.ShowDialog();
                        break;
                    }

                default:

                    {
                        // ... handle unexpected roles here...
                        break;
                    }

            }

        }

        else
        {
            MessageBox.Show("Wrong username or passowrd");
        }
        connection.Close();

    }

} 
}

再次感谢您。

Paul Eames，