?
Solved

VB.Net 2008 - Need help with OleDbDataReader ERROR. Thanks

Posted on 2013-01-26
3
Medium Priority
?
357 Views
Last Modified: 2013-01-27
I get the following error when I'm stepping through my code on line 14 "An unhandled exception of type 'System.Data.OleDb.OleDbException' occured in System.Data.dll
Additional information: Data type mismatch in criteria expression

My DataGridView has several columns, the first column is my ClientID. When I double click on the row it runs the following code. Does anyone know why I'm getting this mismatch in criteria expression error?
In my Access database my ClientID is an integer so I don't think the mismatch is between the variable 'id' and the ClientID.

Private Sub DataGridView1_CellContentClick(ByVal sender As System.Object, ByVal e As System.Windows.Forms.DataGridViewCellEventArgs) Handles DataGridView1.CellDoubleClick

1.    Dim MyOleDbConnection As String = My.Settings.dbConnection
2.    Dim dbConnection As New OleDbConnection
3.    dbConnection.ConnectionString = MyOleDbConnection
4.
5.    dbConnection.Open()
6.    If e.RowIndex >= 0 Then
7.
8.          Dim id As Integer = DataGridView1("ClientID", e.RowIndex).Value
9.
10.          'Make the SQL Query using the ID
11.       Dim strSQL As String = "SELECT * FROM Clients WHERE ClientID = '" & id & "'"
12.
13.       Dim cmdSelect As New Data.OleDb.OleDbCommand(strSQL, dbConnection)
14.       Dim OleDbReader As Data.OleDb.OleDbDataReader = cmdSelect.ExecuteReader()
0
Comment
Question by:rfgraham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 42

Accepted Solution

by:
sedgwick earned 2000 total points
ID: 38823594
try:

Dim strSQL As String = String.Format("SELECT * FROM Clients WHERE ClientID = {0}", id)

Open in new window

0
 
LVL 6

Expert Comment

by:esolve
ID: 38823690
Your id is being handled as a string. You code generates this:

SELECT * FROM Clients WHERE ClientID = '2'

When it should generate this

SELECT * FROM Clients WHERE ClientID = 2

@sedgwick is correct

Your code is still  prone to sql injection. You should rather use sql parameters.

SelectCommand.Parameters.Add(
    "@SerialNum", SqlDbType.Int).Value = 239;


http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
0
 

Author Closing Comment

by:rfgraham
ID: 38825088
Brilliant, worked like a charm. Thank you!
0

Featured Post

Monthly Recap

May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
What do responsible coders do? They don't take detrimental shortcuts. They do take reasonable security precautions, create important automation, implement sufficient logging, fix things they break, and care about users.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Six Sigma Control Plans
Suggested Courses

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question