ASP Classic - Data type mismatch error

Question

I'm trying to make an ID (primary key and autoincrement) from the MS Access database to be used as a login pass. But I'm receiving this error:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression.

And here is my code:

con.open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ="& Server.MapPath("db.mdb") &""
sql="SELECT * FROM tblLogin WHERE ID='" & request.form("id") & "';"

rs.CursorType=2

rs.Open sql,con

if rs.bof then
   response.redirect "loginpage.asp?msg=ID does not exist."
else
   response.redirect "adminpage.asp"
end if

Please correct me if I'm missing something or any solutions that you recommend.

Thanks in advance.

Answer 1

Change:

sql="SELECT * FROM tblLogin WHERE ID='" & request.form("id") & "';"

to

sql="SELECT * FROM tblLogin WHERE ID=" & request.form("id")

Then check like this:

If rs.EOF then
   response.redirect "loginpage.asp?msg=ID does not exist."
else
   response.redirect "adminpage.asp"
end if

Answer 2

Check 3 things:

1. make sure the form in previous page is submitted by POST method not GET.
2. remove single quote around the id as it is not a string (if ID column is integer) (@meda answer)
3. use if not rs.eof instead of if not rs.bof

And a security warning besides of your question:

before redirecting to admin page, undoubtedly you need some logic to set session or cookie to determine if real admin is going to target page. it seems that your admin page has no logic to check if user is coming from login page or coming there suddenly!