Click here to Skip to main content
15,889,216 members
Search within:


syntax error in string in query expression "26-feb-12"where code=8'.
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
VB
VB
Private Sub upd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles upd.Click
        Try
            con.Open()
            Dim cmd As New OleDbCommand("update products set productname='" & pro.Text & "', company='" & com.Text & "', buyingprice='" & buy.Text & "', sellingprice='" & sell.Text & "', pdate='" & date1.Text & "' where code= " & CInt(code.Text) & "  ", con)
            cmd.ExecuteNonQuery()
            MessageBox.Show(" CHANGE SUCCESSFULLY")
            Dim da As New OleDbDataAdapter("select * from products", con)
            Dim dt As New DataTable
            da.Fill(dt)
            DataGridView1.DataSource = dt
            DataGridView1.Refresh()
        Catch ex As Exception
            MsgBox(ex.Message)
        End Try
        con.Close()
    End Sub
please help ms access database and vb.net ............ code as primary key ....as number..........

another datatype mismatch in criteria expression
Posted
Updated 25-Feb-12 20:48pm
v3
Add a Solution
Comments
Sergey Alexandrovich Kryukov 26-Feb-12 1:56am    
Not a question, just a code dump.
--SA

4 solutions

Actually, I adviced you to use a PARAMETERIZED QUERY here[^]! Parameterize it and your code will be so readable that all your errors will be solved!
 
Share this answer
 
Posted
I totally agree with Naerling - Use a parametrized query - It will save you lots of headaches. What if your company name has a single quote or any other special character - your query will bomb out. Parameterized queries solve so many problems with nulls, boolean values, dates, special characters in strings.

Maybe also do a bit of validation on the data before you write it to the database.

Limit input length on your text boxes to the size of your database field

Me.com.Text.MaxLength = 10


Mask the text boxes that contain numeric fields.

You can use a MaskedTextBox instead of a TextBox

Or

You can handle the keypress event and limit the input

VB
Private Sub buy.Text_KeyPress(sender As Object, e As System.Windows.Forms.KeyPressEventArgs) Handles buy.Text.KeyPress
 
        ' Allow Backspace or delete
        If Asc(e.KeyChar) = 8 Or Asc(e.KeyChar) = 127 Then
            Exit Sub
        End If

        
        'Ignore characters that are not numeric
        If Asc(e.KeyChar) < 47 Or Asc(e.KeyChar) > 57 Then
            e.Handled = True
            Exit Sub
        End If
    End Sub



Or with more control over the input

Private Sub buy.Text_KeyPress(sender As Object, e As System.Windows.Forms.KeyPressEventArgs) Handles buy.Text.KeyPress
        Dim decPlaces As Integer = 0
        Dim MaxIntVal As Long = 999999
        Dim AllowNeg As Boolean = False

        ' Allow Backspace or delete
        If Asc(e.KeyChar) = 8 Or Asc(e.KeyChar) = 127 Then
            Exit Sub
        End If

        'If decimal places are not allowed, ignore '.'
        If decPlaces = 0 And e.KeyChar = "." Then
            e.Handled = True
            Exit Sub
        End If

        'If the box already has '.' dont alow another one
        If sender.Text.Contains(".") And e.KeyChar = "." Then
            e.Handled = True
            Exit Sub
        End If

        'If negative values are not allowed, ingnore '-'
        If Not AllowNeg And e.KeyChar = "-" Then
            e.Handled = True
            Exit Sub
        End If

        'If there is not already a '-' then put the '-' in front
        If e.KeyChar = "-" And Not (sender.text.contains("-")) Then
            sender.text = "-" & sender.text
            e.Handled = True
            Exit Sub
        End If


        If sender.Text.Length >= 1 And e.KeyChar = "-" Then
            e.Handled = True
            Exit Sub
        End If

        If Asc(e.KeyChar) = 45 Or e.KeyChar = "." Then ' '-'  or '.' respectively
            Exit Sub
        End If

        'Limit the number of decimal places
        If sender.Text.Contains(".") Then
            If sender.Text.Length > sender.Text.IndexOf(".") + decPlaces Then
                e.Handled = True
                Exit Sub
            End If
        End If

        'Limit the value to a maximum
        If sender.Text.Length > 2 Then
            If Not (Asc(e.KeyChar) < 47) And Not (Asc(e.KeyChar) > 57) Then
                If Math.Truncate(Math.Abs(CDbl(sender.Text & e.KeyChar))) > MaxIntVal Then
                    e.Handled = True
                    Exit Sub
                End If
            End If

        End If

        'Ignore characters that are not numeric
        If Asc(e.KeyChar) < 47 Or Asc(e.KeyChar) > 57 Then
            e.Handled = True
            Exit Sub
        End If
    End Sub
 
Share this answer
 
Posted
Comments
Sander Rossel 26-Feb-12 3:45am    
Actually, the link in my answer also covered some input validation. Not as thorough as your answer though! My 5 :)
Richard.Berry100 26-Feb-12 4:12am    
Thanks - I only read your link after posting :) It is a very good example, and easy to follow - also mentions SQL Injection attack, and yeah, concatenating SQL statements with all those single quotes, and hashes for dates etc - what a pain! I hope morrish7 follows your advice on a parameterized query
Perhaps worth mentioning as well, Access does support @name parameters, but unlike SQL you have to add the parameters in the correct order. I simply use '?' for the parameters

VB
"UPDATE products set productname=@productname, company = @company WHERE ..."


You must add @productname parameter first then @companyname etc

I use a generic function called InsertRecord as follows:
VB
Private Sub Update()
        Dim params() As String = {Me.pro.text, Me.com.text, Me.code.Text}
        Dim strInsert As String = "UPDATE products SET productname = ?, company = ? WHERE code = ?)"
        If Not InsertRecord(strInsert, params) then
           'handle your error here....
        End If
        'Your code to fill the datatable with the updated records again
    End Sub


The params array must be in the same order as the '?'s in the Update string

Then the database write:

VB
Public Function InsertRecord(ByVal strInsert As String, params() As String) As Boolean
       Dim cnStr As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data source= C:\yourPath\YourDB.accdb"

       Dim cn As New OleDb.OleDbConnection(cnStr)
       Dim da As New OleDb.OleDbDataAdapter
       Dim cmd As New OleDb.OleDbCommand(strInsert, cn)
       'Add the parameters
       For i As Integer = 0 To params.Length - 1
           If params(i) = Nothing Then params(i) = ""
           cmd.Parameters.AddWithValue("?", params(i))
       Next
       da.InsertCommand = cmd
       Try
           cn.Open()
           da.InsertCommand.ExecuteNonQuery()
           cn.Close()
           Return True
       Catch ex As Exception
           messagebox.show( ex.Message)
           cn.Close()
           Return False
       Finally
           cn.Close()
       End Try

   End Function
 
Share this answer
 
Posted
Updated 25-Feb-12 23:03pm
Missing single quote after date1.Text & "'
VB
Dim cmd As New OleDbCommand("update products set productname='" & pro.Text & "', company='" & com.Text & "', buyingprice='" & buy.Text & "', sellingprice='" & sell.Text & "', pdate='" & date1.Text & "<big>'</big> where code= " & CInt(code.Text) & "   ", con)
 
Share this answer
 
Posted
Updated 25-Feb-12 20:49pm
v3
Comments
[no name] 26-Feb-12 2:22am    
thanks but now datatype mismatch in criteria expression
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Syntax error in date in query expression
Syntax error in query
Syntax error (missing operator) in query expression
Syntax error (missing operator) in query expression
Syntax error (missing operator) in query expression
How do I solve this? System.data.oledb.oledbexception: 'syntax error (missing operator) in query expression ''varga, '02134')'.'
I am getting an error "syntax error in string in query expression "-55"
Syntax error (missing operator) in query expression 'emp.emp_id ='.
Getting System.Data.OleDb.OleDbException (0x80040E14): Syntax error (missing operator) in query expression Exception
Syntax error (missing operator) in query expression

Advertise
Privacy
Cookies
Terms of Use
Last Updated 26 Feb 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900