I have a C# desktop application project for school that uses an Access 2003 database (not designed by me) and I am running into issues using OleDBDataReader. It has been awhile since I have programmed anything and I have never had to connect to an Access database before, so this is a little new. What I am trying to do is create a login screen based off of the employee table in the database. There is no password yet, I am just trying to work the code out to even search the database for the user name (F_Name in the table). The form has a username text box, a password text box and a login command button.

The problem that I run in to is when I launch the app and type anything into Username and click the login button, the debugger highlights line

reader = objCommand.ExecuteReader();

and says "No value given for one or more required parameters."

I am using Visual Studio 2008.

This is the code that have thus far.

private void btnLogin_Click(object sender, EventArgs e)
        {
            
            string sqlEmployeeSearch = "Select F_Name from tblEmployee WHERE F_Name = "+txtUsername.Text+"";

            string dbconnect = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\WSC_teama.mdb;User Id=admin;Password=";
            


            OleDbConnection objConnection = new OleDbConnection(dbconnect);
            OleDbCommand objCommand = new OleDbCommand(sqlEmployeeSearch, objConnection);


            OleDbDataReader reader = null;

            searchTerm = txtUsername.Text;

            objConnection.Open();
          
            reader = objCommand.ExecuteReader();
            try
            {
                while (reader.Read())
                    //Info += reader.GetString(0).ToString() + reader.GetString(1) + reader.GetString(2).ToString() + "\n";
                    //MessageBox.Show(reader.GetValue(int).ToString());

                    if (searchTerm == reader.GetString(0))
                    {
                        MessageBox.Show("Winner!");
                        empFName = reader.GetString(0).ToString();
                    }

            }//closes try
            catch (Exception ex)
            {
                MessageBox.Show("read meathod " + ex);

            }//closes catch
            
            reader.Close();
            objConnection.Close();

If there is a better way to do this, I am not above using different methods to achieve the same goal.

Any help is appreciated. Thanks in advance!

The problem could be here.

string sqlEmployeeSearch = "Select F_Name from tblEmployee WHERE F_Name = "+txtUsername.Text+"";

In your Access database, the F_Name is probably text, correct? Assume the value of txtUsername is DaniWeb. Your constructed SQL statement would be

Select F_Name from tblEmployee Where F_Name = DaniWeb

Access is thinking DaniWeb is the name of another field in the table or a function that is available to it. Your text input should at minimum be enclosed in string delimitters, which would be a single quote.

Select F_Name from tblEmployee Where F_Name = 'DaniWeb'

I say at minimum because people could have placed a single quote inside the textbox somewhere. Or someone with a more malicious intent could be trying to damage your data or the security of your data. Either way, your SQL statement will not work as intended. Look into using an OleDbParameter.

The OleDbParameter got it!

This class is making me wish I had kept up with my programming more :icon_smile:

Thank you for the help, I do appreciate it.

This question has already been answered. Start a new discussion instead.