Home/ Questions/Q 8881523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T20:21:53+00:00

I have a very simple database in Access 2007 that I’m connecting to using

  • 0

I have a very simple database in Access 2007 that I’m connecting to using VB 2010. There are two tables, MenuItems and Orders, and Orders.orderDate is of type “Date”.

I’m running the following code in one of my VB forms (the connection string and everything else is fine):

  sql = "SELECT OrderDate, MenuItem FROM MenuItems, Orders WHERE Orders.itemID = MenuItem.ID AND Orders.orderDate BETWEEN '" + fromDate + "' AND '" + toDate + "'"
  Dim cmd As New OleDb.OleDbCommand(sql, con)
  Dim count As Integer = cmd.ExecuteNonQuery()

But I get an error that:

System.Data.OleDb.OleDbException (0x80040E10): value wan't given for one or more of the required parameters

Nothing seems to be missing. I’ve used the same code for another query, except the sql was different. But I think my sql is simple enough. Here’s the sql that was generated in one instance (I’ve double checked, all table and column names are correct):

SELECT OrderDate, MenuItem From MenuItems, Orders WHERE Orders.itemID = MenuItem.ID AND Orders.orderDate BETWEEN '11/21/2012' AND '11/24/2012'
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should use parametrized queries for at least two reasons.

    1. You don’t have to worry about date (and other) literals and locale problems.

    2. You don’t have to worry about SQL injection attacks, where someone enters malicious code in a text box that turns a SQL statement into a harmful one.

    Change your statement to

    sql = "SELECT Orders.OrderDate, MenuItems.MenuItem " & _
    "FROM MenuItems INNER JOIN Orders ON MenuItems.ID = Orders.itemID " & _
    "WHERE Orders.orderDate BETWEEN ? AND ?"

    Then execute the command like this

    Dim fromDate, toDate As DateTime

fromDate = DateTime.Parse(fromDateTextBox.Text)
toDate = DateTime.Parse(toDateTextBox.Text)

Dim dataset As New DataSet()
Using conn As New OleDbConnection(connectionString)
    Using adapter As New OleDbDataAdapter()
        Dim cmd As New OleDbCommand(sql, conn)
        cmd.Parameters.Add("?", fromDate)
        cmd.Parameters.Add("?", toDate)
        adapter.SelectCommand =  cmd
        adapter.Fill(dataset)
    End Using
End Using
    • 0