Solved

VB.Net 2008 - Need help with OleDbDataReader ERROR. Thanks

Posted on 2013-01-26
3
352 Views
Last Modified: 2013-01-27
I get the following error when I'm stepping through my code on line 14 "An unhandled exception of type 'System.Data.OleDb.OleDbException' occured in System.Data.dll
Additional information: Data type mismatch in criteria expression

My DataGridView has several columns, the first column is my ClientID. When I double click on the row it runs the following code. Does anyone know why I'm getting this mismatch in criteria expression error?
In my Access database my ClientID is an integer so I don't think the mismatch is between the variable 'id' and the ClientID.

Private Sub DataGridView1_CellContentClick(ByVal sender As System.Object, ByVal e As System.Windows.Forms.DataGridViewCellEventArgs) Handles DataGridView1.CellDoubleClick

1.    Dim MyOleDbConnection As String = My.Settings.dbConnection
2.    Dim dbConnection As New OleDbConnection
3.    dbConnection.ConnectionString = MyOleDbConnection
4.
5.    dbConnection.Open()
6.    If e.RowIndex >= 0 Then
7.
8.          Dim id As Integer = DataGridView1("ClientID", e.RowIndex).Value
9.
10.          'Make the SQL Query using the ID
11.       Dim strSQL As String = "SELECT * FROM Clients WHERE ClientID = '" & id & "'"
12.
13.       Dim cmdSelect As New Data.OleDb.OleDbCommand(strSQL, dbConnection)
14.       Dim OleDbReader As Data.OleDb.OleDbDataReader = cmdSelect.ExecuteReader()
0
Comment
Question by:rfgraham
3 Comments
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 38823594
try:

Dim strSQL As String = String.Format("SELECT * FROM Clients WHERE ClientID = {0}", id)

Open in new window

0
 
LVL 6

Expert Comment

by:esolve
ID: 38823690
Your id is being handled as a string. You code generates this:

SELECT * FROM Clients WHERE ClientID = '2'

When it should generate this

SELECT * FROM Clients WHERE ClientID = 2

@sedgwick is correct

Your code is still  prone to sql injection. You should rather use sql parameters.

SelectCommand.Parameters.Add(
    "@SerialNum", SqlDbType.Int).Value = 239;


http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
0
 

Author Closing Comment

by:rfgraham
ID: 38825088
Brilliant, worked like a charm. Thank you!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Computer science students often experience many of the same frustrations when going through their engineering courses. This article presents seven tips I found useful when completing a bachelors and masters degree in computing which I believe may he…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question