I'm getting an error "no value given for one or more required parameters"

Question

1.00/5 (1 vote)

See more:

Dim cmd As New OleDb.OleDbCommand
       If MainAdmin.DataGridView4.Rows.Count > 0 Then
           If MainAdmin.DataGridView4.SelectedRows.Count > 0 Then
               Dim strStdID As String = MainAdmin.DataGridView4.SelectedRows(0).Cells("Username").Value
               'open connection
               If Not cnn.State = ConnectionState.Open Then
                   cnn.Open()
               End If
               'delete data
               cmd.Connection = cnn
               cmd.CommandText = "DELETE FROM DAdmin WHERE Username =" & strStdID
               cmd.ExecuteNonQuery()
           End If
       End If
       cnn.Close()

What I have tried:

Please help me debug this line of codes

Posted 1-Mar-17 5:48am

CaptainChizni

Updated 1-Mar-17 6:32am

Add a Solution

Comments

[no name] 1-Mar-17 11:51am

Debug it yourself. We don't have your code, your forms, your project, your database, so we can't debug it for you.

Bryian Tan 1-Mar-17 11:57am

Make sure Username column is in the database

3 solutions

Solution 1

You should be using Parameterized Queries[^] to prevent SQL injection[^], and it will also eliminate the error which is the missing quotes around 'strStdID', i.e.

cmd.CommandText = "DELETE FROM DAdmin WHERE Username ='" & strStdID & "'"

Posted 1-Mar-17 5:57am

Peter Leow

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2017-03-01T06:03:00

If strStdID is "Joe Bloggs" then what SQL are you executing?

DELETE FROM DAdmin WHERE Username = Joe Bloggs

Is that valid SQL? What if your username was "me or 1=1" then your SQL would be

DELETE FROM DAdmin WHERE Username = me or 1 = 1

what would happen then? (Google "little bobby tables" for a clue).

You need to put text parameters in quotes, however the best way of doing this is to use parameters and let ado.net sort it out for you

cmd.CommandText = "DELETE FROM DAdmin WHERE Username = @userID";
cmd.Parameters.AddWithValue ("@userID", strStdID);
cmd.ExecuteNonQuery()

If you still get the error it could be because Username is a reserved word so you might need to use square brackets to let the database know you mean the column name and not the reserved word

cmd.CommandText = "DELETE FROM DAdmin WHERE [Username] = @userID";

Patrice T · Accepted Answer · 2017-03-01T06:32:00

Solution 3

Looks like you forgot to tell that strStdID is a string

VB

cmd.CommandText = "DELETE FROM DAdmin WHERE Username = '" & strStdID & "'"

Posted 1-Mar-17 6:32am

Patrice T