0
statement = "SELECT OrderID, (SELECT VendName FROM Vendors WHERE Vendors.VendorID = Orders.VendorID) " &
                        ",OrderDt, RcvdDt, OrderTotal " &
                        "FROM Orders " &
                        "WHERE VendName=? " &
                        "ORDER BY OrderDt DESC"

Dim cmd As New OleDbCommand(statement, connection)
cmd.Parameters.AddWithValue("VendName", txtVendorFilter.Text)
Dim reader As OleDbDataReader = cmd.ExecuteReader(CommandBehavior.Default)

I was trying to do this before by simply concatenating the textbox value right into the SQL and I was getting a "No values given for required parameters", and read that that I should use parameterized queries instead. So I tried this and it doesn't give me any errors, but the reader never has anything in it. I've never used parameterized queries before, so I'm a bit lost as to why this isn't working.

Edit: I've changed the above code to account for OLEDB from what I briefly read on how it should work, and it's giving me the "no values given for required parameters" again.

Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
Tomcat
  • 606
  • 6
  • 18

1 Answers1

3

One problem is here:

"WHERE VendName='@x' " &

Drop the ' marks - the parameterization will take care of this for you:

"WHERE VendName= @x " &

Using the ' in the query means that '@x' is treated as a string type, not a parameter name.

Additionally, since you are using OleDb, names parameters are not supported. You need to use ? to signify a parameter in the query:

"WHERE VendName= ? " &
Oded
  • 489,969
  • 99
  • 883
  • 1,009
  • Thanks. I did this, and now it is once again giving me an error on the execute reader saying that no value is given for one or more required parameters... – Tomcat Apr 15 '12 at 20:31
  • @user1335008 - I missed that you are using OleDb. Answer updated. – Oded Apr 15 '12 at 20:34