Click here to Skip to main content
15,937,602 members
Please Sign up or sign in to vote.
2.00/5 (1 vote)
See more:
here is my code.
C#
OleDbConnection con1 = new OleDbConnection(con);
       con1.Open();
       OleDbCommand cmd = new OleDbCommand("insert into reimb values('" +frm_date.Text + "','" + txt_todate.Text + "','"+dd1.SelectedItem.Value+"','"+people_num.Text+"','"+remarks.Text+"','"+bill_num.Text+"','"+bill_amount.Text+"')", con1);
       cmd.ExecuteNonQuery();
       Response.Write("Data saved");
       con1.Close();

it may be because of date but tell me what should I change..

What I have tried:

I have tried directly picking up the value from calendar and even tried by storing the selected date of calendar into a text box and saving the values of text box in ms-access but it still says data mismatch
Posted
Updated 21-Mar-16 4:05am
v2
Comments

Firstly, do not use concatenated strings to construct your sql query. It leaves you open to SQL Injection.

Secondly, the fix for that is to use Parameterized Queries (see Query Parameterization Cheat Sheet - OWASP[^])

Parameterized queries will also help you to overcome problems like this.

Lastly - with Dates always use Unambiguous Date formats (see Jamie Thomson : Unambiguous date formats : T-SQL Tuesday #001[^]) which will also help you get over this problem
 
Share this answer
 
It is because Access wants #'s around the dates, instead of single quotes. However, this method of concatenating strings together is a huge security risk called Sql injection. If you change your code to use Parameters instead this will work fine and be secure.

C#
cmd = new OleDbCommand("insert into reimb values(@field1, @field2, @field3");
cmd.Parameters.AddWithValue("@field1", frm_date.Text);
...
 
Share this answer
 
Stop doing that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Process your user inputs into appropriate datatypes - use DateTime.TryParse to convert strings to DateTime values for example - and pass those "real" values directly via parameters. You should find your problem disappears at the same time.

BTW: It's a very good idea to list the columns you are planning on insertign teh values to in your INSERT statement: that way chances to your DB don;t cause your code to craash or worse enter data in the wrong columns...
SQL
INSERT INTO MyTable (Column1Name, Column2Name) VALUES (....
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900