Data type mismatch in criteria expression. MS Access VB

问题

' OK button

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
    Dim con As New OleDbConnection("Provider=Microsoft.jet.oledb.4.0;data source=C:\Users\Jill\Desktop\saddbase\Sadsystem\Sadsystem\bin\Debug\tenant.mdb")
    Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM info WHERE TN_ID = '" & UsernameTextBox.Text & "' AND Password = '" & PasswordTextBox.Text & "' ", con)
    con.Open()
    Dim sdr As OleDbDataReader = cmd.ExecuteReader()
    ' If the record can be queried, Pass verification and open another form.  
    If (sdr.Read() = True) Then
        MessageBox.Show("The user is valid!")

        Me.Hide()
    Else
        MessageBox.Show("Invalid Tenant ID or password!")


End If

When I run the program there's an error in cmd.ExecuteReader(). Data type mismatch in criteria expression please help how to fix this error.

回答1:

In your query you pass two strings for the TN_ID and Password fields.
Probably the TN_ID is a numeric field and you don't need to put quotation marks around it and I find really strange that you pass the value of a UserName textbox.

Said that, I wish to examine your query because there are potential problems that you have not seen:

First of all PASSWORD is a reserved Keyword and thus you need to use Square Brackets around it.
Second, do not use string concatenation to build sql commands but use a parameterized query like this

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click

    Dim commandText = "SELECT * FROM info WHERE TN_ID = ? AND [Password] = ?"
    Using con = New OleDbConnection(......))
    Using cmd = New OleDbCommand(commandText,con))
       con.Open()

       ' If the TN_ID is really a numeric field then you need '
       ' to conver the first parameter to a number '
       ' cmd.Parameters.AddWithValue("@p1", Convert.ToInt32(UsernameTextBox.Text))'

       cmd.Parameters.AddWithValue("@p1", UsernameTextBox.Text)
       cmd.Parameters.AddWithValue("@p2", PasswordTextBox.Text)
       Using sdr As OleDbDataReader = cmd.ExecuteReader())
        .....
       End Using
    End Using
    End Using    
End Sub

As a side note, not related to your problem, consider also to NOT store password in plain text in the database. There are techniques that HASH the password text and store the result in the database. In this way none can get the password simply looking at the database file. See the details in this question

回答2:

Private Sub SumOfIR()

    Try
        Dim con As New System.Data.OleDb.OleDbConnection(ConnectionString)
        Dim com As New System.Data.OleDb.OleDbCommand

        con.Open()
        com.Connection = con
        com.CommandText = "Select Sum(IR) from Spectrum where StdNu='" + TxtNuTeif.Text + "'"
        com.Parameters.Clear()
        Dim SumIR As OleDbDataReader = com.ExecuteScalar
        LblIRTeif.Text = com.ExecuteScalar("SumIR").ToString
        con.Close()
        com.Dispose()

    Catch ex As Exception
        BehComponents.MessageBoxFarsi.Show(ex.ToString, "", BehComponents.MessageBoxFarsiButtons.OK, MessageBoxIcon.Warning)

    End Try

End Sub

来源：https://stackoverflow.com/questions/19118744/data-type-mismatch-in-criteria-expression-ms-access-vb