Click here to Skip to main content
15,747,766 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
I get this error:-System.Data.OleDb.OleDbException: 'Data type mismatch in criteria expression.'

What I have tried:

private void UPDATE_Click(object sender, EventArgs e)
            OleDbCommand cmd = con.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText = "update Test_1 set [IMAGE_PATH]= '" + t3.Text + "', [STON_ON] = '" + t4.Text + "', [TYPE] = '" + t5.Text + "', [VALUE] = '" + t6.Text + "' WHERE  [STON_ID] = '" + t2.Text + "'";
            MessageBox.Show("record update successfully...");
Updated 20-Jan-23 1:43am
Richard MacCutchan 20-Jan-23 8:17am    
Chances are that the VALUE column is numeric, not text. See also OriginalGriff's comments in Solution 2. Also, do not post messages like "record update successfully...", when you have ignored the return value from your call to ExecuteNonQuery, so you have no idea whether it was successful or not.

Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Share this answer
System.Data.OleDb.OleDbException: 'Syntax error in UPDATE statement.'

Pretty much clear on the reason of the error. Use IDE debugger and stop at the line post commandText to see what was formed there and you will be able to figure out the issue quickly. If there is anything specific with the values which is causing it.

Though to start with, believe it would be because you are using one of the columns which is a reserved word in SQL. Word is VALUE.
Refer: Reserved Keywords (Transact-SQL) - SQL Server | Microsoft Learn[^]

A quick solve would be to escape it using [].
Something line, ...[VALUE] = ...

BTW, would definitely not suggest above way to talk to database. It is open for SQL Injection and thus not a good practise. Use parameterized query.
Read about protecting from SQL Injection here: SQL Injection Mitigation: Using Parameterized Queries[^]

Following will help you learn about debugging:
Tutorial: Debug Visual Basic code - Visual Studio | Microsoft Docs[^]
First look at the debugger - Visual Studio | Microsoft Docs[^]
Share this answer
Member 15746979 20-Jan-23 1:51am    
I have changed your answer but according to the following error, I have changed the above, please check.
Sandeep Mewara 20-Jan-23 2:29am    
The error is clear again "'Data type mismatch in criteria expression.'". Copy the query you formed and run directly in your SQL - you will see same error. It must be because of some value you are trying to set must not be the same datatype as anticipated in the database column.

Example: ID might be INT but you are passing String

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900