Session maintaining from access database having error.

Question

0.00/5 (No votes)

See more:

The following is error.

MSIL

Data type mismatch in criteria expression.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.OleDb.OleDbException: Data type mismatch in criteria expression.
Source Error:
Line 27:         string sql = "select count(*) from generate where roll_no =' +TextROLL.Text +'";
Line 28:         OleDbCommand checkuser = new OleDbCommand(sql, con);
Line 29:         int temp = Convert.ToInt32(checkuser.ExecuteScalar().ToString());
Line 30:         if (temp == 1)
Line 31:         {

Source File: e:\placement cell\studlgn.aspx.cs    Line: 29

The whole code is below.

C#

protected void Btnlgin_Click(object sender, EventArgs e)
{
  OleDbConnection con = new OleDbConnection();
  //con.ConnectionString = WebConfigurationManager.ConnectionStrings["sl"].ConnectionString;
  con.ConnectionString = @"Provider=Microsoft.Jet.OLEDB.4.0; Data Source=E:\placement cell\project.mdb";
  con.Open();
  //string sql= "SELECT roll_no FROM generate WHERE roll_no = '"+TextROLL.Text+"'";
  string sql = "select count(*) from generate where roll_no =' "+TextROLL.Text +"'";
  OleDbCommand checkuser = new OleDbCommand(sql, con);
  int temp = Convert.ToInt32(checkuser.ExecuteScalar().ToString());
  if (temp == 1)
  {
    string sql2 = "select pwd from generate where roll_no= '" + TextROLL.Text + "'";
    OleDbCommand pass = new OleDbCommand(sql2, con);
    string pwd = pass.ExecuteScalar().ToString();
    con.Close();
    if (pwd == TextPWD.Text)
    {
      Session["new"] = TextROLL.Text;
      Response.Redirect("student.aspx");
    }
    else
    {
      lblStatus.Visible = true;
      lblStatus.Text = "invalid password";
    }
  }
  else
  {
    lblStatus.Visible = true;
    lblStatus.Text = "invalid password";
  }
}

Posted 21-Mar-11 9:01am

harsh_deep

Updated 24-Mar-11 10:09am

HimanshuJoshi

v3

Add a Solution

Comments

HimanshuJoshi 24-Mar-11 16:10pm

Edited to improve text in title. Use full words and phrases when you post a question here.

2 solutions

Solution 1

My hunch is that the "roll_no" field in your database isn't a string type, but a number in which case the single quote needs to be removed from your query.

Posted 21-Mar-11 9:12am

fjdiewornncalwe

Comments

harsh_deep 24-Mar-11 16:01pm

i had done it..but having the same error..

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-03-21T09:32:00

To add to what Marcus says, please do not access your database like that anyway.
By concatenating strings to form your query, you leave yourself wide open to accidental or deliberate SQL Injection attacks. Use parametrized queries instead:

string sql2 = "select pwd from generate where roll_no=@RN";
OleDbCommand pass = new OleDbCommand(sql2, con);
pass.Parameters.AddwithValue("@RN", TextROLL.Text);

You also should close and dispose of your connection and command objects - using blocks are probably the cleanest way to do this.