Its ok!  Hmm you could try deleting that column (user_id), and just leave the two columns in there as a test.  They are spelt correctly, exactly as they are in the database?

Right, i've checked the spelling and also deleted the user_id as a test but nothing is working, it brings the same error. I even changed the name "password" from the database to password_test as for some reason it gave me problems in my previous website..

My web method again is:-

[WebMethod]
    public void CreateUser(string username, string password)
    {
        string connStr = "Provider=Microsoft.Jet.OleDb.4.0;Data Source=|DataDirectory|/forum.mdb;Persist Security Info=True";
        string cmdTxt = "INSERT INTO members([username], [password_test]) Values(" + username + ", " + password + ")";

        System.Data.OleDb.OleDbConnection myConn = new System.Data.OleDb.OleDbConnection(connStr);
        System.Data.OleDb.OleDbCommand myCmd = new System.Data.OleDb.OleDbCommand(cmdTxt, myConn);

        try
        {
            myConn.Open();
            myCmd.ExecuteNonQuery();
        }
        finally
        {
        }

        if (myConn.State == System.Data.ConnectionState.Open)
            myConn.Close();

        myConn.Dispose();
        myCmd.Dispose();
    }

 The code of the website is:-

try

finally

Hmm very strange.  If you zip up the service and access database and email it to davidkiff (at) hotmail.co.uk I will take a look for you? 

Hey,

I don't want to get you into trouble.

I have sent the file now, thanks alot for this.

Appreciate it

Regards

Morning!  I have found the issue.  The values within the insert statement were not encased in single quotes, which means they were not recognised as a value.  The insert should look like this:

"INSERT INTO members ([username], [password]) Values('" + username + "', '" + password + "')";

Hey,

Thanks alot pal. I can't believe it was something like that lol.

just one last question before i stop bugging you. Is this method of registering users using "Parameterized" values?

Thanks again your a legend!

No problem.  And not it is not using parameterised values, which can lead to security vunerabilities, such as SQL Injection attacks.  It would be much better to do this:

[WebMethod]

myCmd.Parameters.AddWithValue("Username", username);

I thought using parameters prevents SQL Injection? I have been using them as so:-

This is an example of how i have used in one of my previouos websites. Any chance you can explain how your method is different..?

 string conString = "Provider=Microsoft.Jet.OleDb.4.0;" + "Data Source=|DataDirectory|test.mdb;";
                OleDbConnection empConnection = new OleDbConnection(conString);

                string insertStatement = "INSERT INTO tbl_taxicompanies " + "([title], [fname]"
                    + "VALUES (@title, @fname)";

                OleDbCommand insertCommand = new OleDbCommand(insertStatement, empConnection);

                insertCommand.Parameters.Add("@title", OleDbType.Char).Value = DropDownList1.SelectedValue;
                insertCommand.Parameters.Add("@fname", OleDbType.Char).Value = txt_fname.Text;

                empConnection.Open();

billy_111:

I thought using parameters prevents SQL Injection?

That is correct.  The code you had previously concatenated the insertStatement string, which means it was not using parameters.

The method you have posted is also perfectly fine :)   As with most things in development, there are hundreds of ways to do the same thing!  As long as your using parameters though :)

Thanks pal.

I will be posting new threads regarding login etc, but i assume it will be the same as how i have used it before whe i was not using web services.

Anyway i would be grateful if you could offer any advice in future posts by myself.

Thanks again

Hey,

I've posted another thread regarding a login script, but don't seem to be getting anywhere, would appreciate it if you could offer any assistance.

Thanks

Regards

Billy