Member Avatar for dave1323

I am doing a simple profile update webpage, I keep getting this error and can'y figure out how to fix it. I have included the code. The only field in my database that isn't a text field is my userid field which is an autoinumber field.

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.

Userid = Request.Form("Uidfield")

strSQL = "SELECT * FROM users WHERE Uid='"& Userid &"';"

Set results = cnnEXDB.Execute(strSQL)

Any help with this would be greatly appreciated.

  • 2 Contributors
  • 1 Reply
  • 55 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by campkev
Member Avatar for campkev

by putting the single quotes around the it, you are making it text instead of a number. also you are leaving yourself open to a sql injection attack. you want this

Userid = CInt(Request.Form("Uidfield"))
'By using CInt you prevent people from passing in inappropriate data

strSQL = "SELECT * FROM users WHERE Uid="& Userid &";"

Set results = cnnEXDB.Execute(strSQL)
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.