Solved

VB.Net 2008 - Need help with OleDbDataReader ERROR. Thanks

Posted on 2013-01-26
3
353 Views
Last Modified: 2013-01-27
I get the following error when I'm stepping through my code on line 14 "An unhandled exception of type 'System.Data.OleDb.OleDbException' occured in System.Data.dll
Additional information: Data type mismatch in criteria expression

My DataGridView has several columns, the first column is my ClientID. When I double click on the row it runs the following code. Does anyone know why I'm getting this mismatch in criteria expression error?
In my Access database my ClientID is an integer so I don't think the mismatch is between the variable 'id' and the ClientID.

Private Sub DataGridView1_CellContentClick(ByVal sender As System.Object, ByVal e As System.Windows.Forms.DataGridViewCellEventArgs) Handles DataGridView1.CellDoubleClick

1.    Dim MyOleDbConnection As String = My.Settings.dbConnection
2.    Dim dbConnection As New OleDbConnection
3.    dbConnection.ConnectionString = MyOleDbConnection
4.
5.    dbConnection.Open()
6.    If e.RowIndex >= 0 Then
7.
8.          Dim id As Integer = DataGridView1("ClientID", e.RowIndex).Value
9.
10.          'Make the SQL Query using the ID
11.       Dim strSQL As String = "SELECT * FROM Clients WHERE ClientID = '" & id & "'"
12.
13.       Dim cmdSelect As New Data.OleDb.OleDbCommand(strSQL, dbConnection)
14.       Dim OleDbReader As Data.OleDb.OleDbDataReader = cmdSelect.ExecuteReader()
0
Comment
Question by:rfgraham
3 Comments
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 38823594
try:

Dim strSQL As String = String.Format("SELECT * FROM Clients WHERE ClientID = {0}", id)

Open in new window

0
 
LVL 6

Expert Comment

by:esolve
ID: 38823690
Your id is being handled as a string. You code generates this:

SELECT * FROM Clients WHERE ClientID = '2'

When it should generate this

SELECT * FROM Clients WHERE ClientID = 2

@sedgwick is correct

Your code is still  prone to sql injection. You should rather use sql parameters.

SelectCommand.Parameters.Add(
    "@SerialNum", SqlDbType.Int).Value = 239;


http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
0
 

Author Closing Comment

by:rfgraham
ID: 38825088
Brilliant, worked like a charm. Thank you!
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
A short article about problems I had with the new location API and permissions in Marshmallow
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question