0

I am doing a simple profile update webpage, I keep getting this error and can'y figure out how to fix it. I have included the code. The only field in my database that isn't a text field is my userid field which is an autoinumber field.

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.

Userid = Request.Form("Uidfield")

strSQL = "SELECT * FROM users WHERE Uid='"& Userid &"';"

Set results = cnnEXDB.Execute(strSQL)

Any help with this would be greatly appreciated.

2
Contributors
1
Reply
2
Views
11 Years
Discussion Span
Last Post by campkev
0

by putting the single quotes around the it, you are making it text instead of a number. also you are leaving yourself open to a sql injection attack. you want this

Userid = CInt(Request.Form("Uidfield"))
'By using CInt you prevent people from passing in inappropriate data

strSQL = "SELECT * FROM users WHERE Uid="& Userid &";"

Set results = cnnEXDB.Execute(strSQL)
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.