No value given for one or more parameters requited

Question

0.00/5 (No votes)

See more:

I am experiencing an error 'No value given for one or more parameters required ' when executing the following code:

C#

private void availbleproduct_CellClick(object sender, DataGridViewCellEventArgs e)
        {
            string connstring = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\OBS\OBSAccounts.accdb";
            string productname = availbleproduct.Rows[e.RowIndex].Cells["prodname"].Value.ToString();
            string sql = "SELECT prodname FROM inventory WHERE prodname=" + productname + "";
            OleDbConnection conn = new OleDbConnection(connstring);
            OleDbCommand cmd = new OleDbCommand(sql, conn);
            OleDbDataReader reader;
            conn.Open();

            reader = cmd.ExecuteReader();

            while (reader.Read())
            {
                string proname = reader["prodname"].ToString();
                prod_name.Text = proname;
            }
        }

Posted 30-Aug-15 4:18am

Member 10908573

Updated 30-Aug-15 4:39am

Patrice T

v2

Add a Solution

3 solutions

Solution 1

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
The chances are that that will cure your problem at the same time.

C#

string sql = "SELECT prodname FROM inventory WHERE prodname=@PN";
using (OleDbConnection conn = new OleDbConnection(connstring))
   {
   using (OleDbCommand cmd = new OleDbCommand(sql, conn))
      {
      cmd.Parameters.AddWithValue("@PN",  productname);
      conn.Open();
      using (OleDbDataReader reader = cmd.ExecuteReader())
          {
          while (reader.Read())
              {
              ...

But do note that that will display only the last such value in the table - if there are more than one, only the last one returned will be displayed. Personally, I'd check the count and make sure there was only one.

Posted 30-Aug-15 4:41am

OriginalGriff

Solution 2

First of all, do not concatenate values directly to the SQL statement. This leaves you vulnerable to SQL injections. Instead use OleDbParameter[^].

So the query should look something like

C#

string connstring = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\OBS\OBSAccounts.accdb";
string productname = availbleproduct.Rows[e.RowIndex].Cells["prodname"].Value.ToString();
string sql = "SELECT prodname FROM inventory WHERE prodname=@prodname";
using (OleDbConnection conn = new OleDbConnection(connstring)) {
   using (OleDbCommand cmd = new OleDbCommand(sql, conn)) {
      OleDbDataReader reader;
      conn.Open();
      adapter.SelectCommand.Parameters.Add("@prodname", OleDbType.VarChar, 100).Value = productname;

      reader = cmd.ExecuteReader();

      while (reader.Read()) {
         string proname = reader["prodname"].ToString();
         prod_name.Text = proname;
      }
   }
}

Also check that the prodname variable contains proper value for the query (for example isn't empty).

Posted 30-Aug-15 4:42am

Wendelius

Updated 30-Aug-15 4:43am

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2015-08-30T04:42:00

Solution 3

It might be because you're missing the quotes

C#

string sql = "SELECT prodname FROM inventory WHERE prodname='" + productname + "'";

However this is a bad idea as it leaves you open to sql injection attacks, you should use parameterised queries instead.

Posted 30-Aug-15 4:42am

F-ES Sitecore