Question Update Command Error

hisheeraz

Member
Joined
Oct 5, 2008
Messages
11
Programming Experience
1-3
hello friends

fellow i am having error in this querry, can any one help me with this please ?

VB.NET:
Dim myCommand As OleDb.OleDbCommand
        Dim strInsterQuery As String = String.Empty
        myCommand = New OleDb.OleDbCommand

        strInsterQuery = "UPDATE tblPaying SET STime='" & STime.Text & "'"


strInsterQuery += " WHERE PayingDate='" & CDate(txtPayingDate.Text) & "'"
        strInsterQuery += " AND CarNumber='" & txtTaxiNumber.Text & "'"
        strInsterQuery += " AND dName='" & txtDriverName.Text & "'"

        myCommand.CommandText = strInsterQuery
        myCommand.Connection = con
        myCommand.ExecuteNonQuery()
        myCommand.Dispose()

and here is the error i am getting

VB.NET:
Data type mismatch in criteria expression.

The fields in my access database are

STime of Type Integer
eDate of Type Date/Time
CarNumber of Type Text
dName od Type Text

Any Help please...will be much appreciated.
Thanks
Shiraz
 

jmcilhinney

VB.NET Forum Moderator
Staff member
Joined
Aug 17, 2004
Messages
14,717
Location
Sydney, Australia
Programming Experience
10+
Don't use string concatenation to insert variables into SQL statements. It is a great way to introduce all sorts of issues like this and, more importantly, SQL injection attacks that can allow a malicious user to do bad things to0 your data, potentially deleting your entire database. You should always use parameters for this type of thing. It will inherently prevent many errors.

Follow the Blog link in my signature and check out my post on Parameters In ADO.NET. Make the appropriate changes to your code and, if you still have issues, post back and show us the new code and a description of the error(s).
 

BlackByte

Well-known member
Joined
Jun 29, 2008
Messages
126
Location
South Africa, Durban
Programming Experience
1-3
Don't use string concatenation to insert variables into SQL statements. It is a great way to introduce all sorts of issues like this and, more importantly, SQL injection attacks that can allow a malicious user to do bad things to0 your data, potentially deleting your entire database. You should always use parameters for this type of thing. It will inherently prevent many errors.

Follow the Blog link in my signature and check out my post on Parameters In ADO.NET. Make the appropriate changes to your code and, if you still have issues, post back and show us the new code and a description of the error(s).

coudn't have said it any beter..
 

hisheeraz

Member
Joined
Oct 5, 2008
Messages
11
Programming Experience
1-3
thats the only traditional way i know guys

could any one give me any code example on how to update

data using paameters please...
thanks shiraz
 

jmcilhinney

VB.NET Forum Moderator
Staff member
Joined
Aug 17, 2004
Messages
14,717
Location
Sydney, Australia
Programming Experience
10+
thats the only traditional way i know guys
Noone's saying that you have to have known to use parameters. I certainly didn't.
could any one give me any code example on how to update

data using paameters please...
Please open your eyes and read what's posted. I have already provided you with more than just a code example:
Follow the Blog link in my signature and check out my post on Parameters In ADO.NET. Make the appropriate changes to your code and, if you still have issues, post back and show us the new code and a description of the error(s).
 
Top Bottom