Member Avatar for sundog1

Hi again guys...

I have a little but of an issue with a select statement I cannot seem to fathem out. Below is the code:

            else if (radioButton3.Checked == true) ;
            {
                //Looks at the row Selected in the GridView and then takes the Account Number and Stores in a String Value called 'Customer ID'//
                DataGridViewRow drow = dataGridView1.SelectedRows[0];
                String CustomerID = Convert.ToString(drow.Cells[0].Value);

                //Message to Test ID has been stored//
                MessageBox.Show("Customer ID Stored");

                //Creates new versions of the Connection string and Data Set//
                con = new System.Data.OleDb.OleDbConnection();
                ds3 = new DataSet();

                //The actual connection to the database//
                con.ConnectionString = "PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source = E:/Orders1.mdb";

                //The SQL String you need to pass into the Data Adapter to collect the information//
                string OrdersLine50CustomerSQL = "SELECT cashID, cashQTY, cashDescription, cashSupplier, cashDate, cashCost, cashSell, accAccRef_FKID from cashOrders WHERE cashOrders.accAccRef_FKID = " + CustomerID.ToString();
                da = new System.Data.OleDb.OleDbDataAdapter(OrdersLine50CustomerSQL, con);

                //The Data Adapater (da) is told to fill the DataSet (ds) with the information pulled from the SQL Query and call this fill "cashCustomers"//
                da.Fill(ds3, "OrdersLine50Customers");

                //Opens the connection//
                con.Open();

                //Closes The Connection//
                con.Dispose();

                //Tells the dataGridView to load with the information stored in table called 'cashCustomers' in the DataSet (DS)//
                dataGridView2.DataSource = ds3.Tables["OrdersLine50Customers"];
            }

This code is sitting with "private void dataGridView1_CellContentClick"

When Debugging the code an watching the 'Locales' window it seems to pick up the Correct ID (in this case A1D001).. going through more of the code down to the SQL Statement checking the 'Text Visualizer' it seems to state the correct SQL (I think).

SELECT cashID, cashQTY, cashDescription, cashSupplier, cashDate, cashCost, cashSell, accAccRef_FKID from cashOrders WHERE cashOrders.accAccRef_FKID = A1D001

But the error I get seems to come up stating "No Value given for one of more required parameters"

Screenshot attached.

Any advice on this guys would be a great help.

Cheers.
Mark.

Capture4.PNG 44.83 KB
  • 3 Contributors
  • 3 Replies
  • 158 Views
  • 24 Minutes Discussion Span
  • Latest Post Latest Post by sundog1

Recommended Answers

All 3 Replies

Member Avatar for deceptikon

Quote your string in the SQL statement:

string OrdersLine50CustomerSQL = "SELECT cashID, cashQTY, cashDescription, cashSupplier, cashDate, cashCost, cashSell, accAccRef_FKID from cashOrders WHERE cashOrders.accAccRef_FKID = '" + CustomerID.ToString() + "'";
Member Avatar for Ketsuekiame

When executing SQL, to be safe, you should use parameters. Otherwise someone could quite easily perform an SQL Injection attack.

More on parameters Here

commented: Good advice :) +13
Member Avatar for sundog1

Ahhh, awesome!

Many thanks for that guys. I have changed the code for this project as mentioned by 'Deceptikon' - many thanks for that.

and many thanks for all your help on this guys.

regards
Mark.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.