C# OleDb Exception "No value given for one or more required parameters" while trying to delete from Access database

Question

I have a table with "SEMESTER, SUBJECT, OFFER, RESULT" where "SEMESTER" & "SUBJECT" is PRIMARY KEY. When i use the query

"DELETE FROM Course_Information WHERE Semester = 1 AND Subject = 'CSE-414' ;

Its working perfectly in access database but i always get exception when i tried to use it in my c# code.

Moreover its works if i use "DELETE FROM Course_Information WHERE Semester = 1 ;

I want to use both "SUBJECT" & "SEMESTER" In the WHERE condition (Because there could be different subject in the same semester)

See my code,

connection_string = aConnection.return_connectionString(connection_string);
            string sql_query = "DELETE FROM Course_Information WHERE Semester = " + this.textBox1.Text + " AND Subject = " + this.textBox2.Text + " ;";

            OleDbConnection connect = new OleDbConnection(connection_string);
            OleDbCommand command = new OleDbCommand(sql_query, connect);
            try
            {
                connect.Open();
                OleDbDataReader reader = command.ExecuteReader();
                MessageBox.Show("Delete Successful!");
                connect.Close();
                UpdateDatabase();
            }

            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }

Answer 1

Include the quotes around the value you get from this.textBox2.Text as in your working sample query.

" AND Subject = '" + this.textBox2.Text + "';";

Imagine this.textBox2.Text contains the text foo. Without adding those quotes in the WHERE clause the db engine would see ... WHERE Semester = 1 AND Subject = foo But it can't find anything in the data source named foo, so assumes it must be a parameter. You need the quotes to signal the db engine it's a string literal value, 'foo'.

Actually if you switch to a parameter query, you can avoid this type of problem because you won't need to bother with those quotes in the DELETE statement. And a parameter query will also safeguard you against SQL injection. If a malicious user can enter ' OR 'a' = 'a in this.textBox2.Text, all rows in the table would be deleted.

Answer 2

If you got a same error for "insert" query you can use this method for avoid exception

string sqlQuery = "INSERT into EndResultOfTestCases(IDsOfCases,TestCaseName,ResultCase,ResultLog) VALUES(@ids, @casename, @results, @logs)";

        connection = new OleDbConnection(connectionStringToDB);
        command = new OleDbCommand(sqlQuery, connection);
        command.Parameters.AddWithValue("@ids",IDs);
        command.Parameters.AddWithValue("@casename", CaseName);
        command.Parameters.AddWithValue("@results", resultOfCase);
        command.Parameters.AddWithValue("@logs", logs);
        connection.Open();
        command.ExecuteNonQuery();
        connection.Close();
    }

Answer 3

Have you changed any of the field names? I got this error when I had used Access to change a field name in my database. The old name was "DisbursementType". The new name was "ExpenseType". I used a query with the new field name to fill a dataset which worked fine.

string sqlQuery = "select * from Finance WHERE ExpenseType = 'MISC'";
System.Data.OleDb.OleDbCommand obiwan = new System.Data.OleDb.OleDbCommand();
obiwan.CommandText = sqlQuery;
this.financeTableAdapter.Adapter.SelectCommand.CommandText = sqlQuery;
this.financeTableAdapter.Fill(homeFinanceDataSet.Finance);

Using the same query string to open a record set failed.

string sqlQuery = "select * from Finance WHERE ExpenseType = 'MISC'";
string dbaseaddress = "";
ADODB.Recordset RS = new ADODB.Recordset();
if (openFileDialog1.ShowDialog()== DialogResult.OK)
        {
            dbaseaddress = openFileDialog1.FileName;
            ADODB.Connection fc = new ADODB.Connection();
            string str = "Provider=Microsoft.ACE.OLEDB.12.0;" +
          "Data Source=" + dbaseaddress + ";" +
          "Jet OLEDB:Database Password=" + "password" + ";";
            fc.Open(str);
            RS.Open(sqlQuery, fc, ADODB.CursorTypeEnum.adOpenStatic, &_ 
            ADODB.LockTypeEnum.adLockOptimistic,0);

An exception is thrown at the last line: "System.Runtime.InteropServices.COMException: 'No value given for one or more required parameters.'"

When the original name for the field is used no exception is thrown.

string sqlQuery = "select * from Finance WHERE DisbursementType = 'MISC'";
        string dbaseaddress = "";
        ADODB.Recordset RS = new ADODB.Recordset();
        if (openFileDialog1.ShowDialog()== DialogResult.OK)
        {
            dbaseaddress = openFileDialog1.FileName;
            ADODB.Connection fc = new ADODB.Connection();
            string str = "Provider=Microsoft.ACE.OLEDB.12.0;" +
          "Data Source=" + dbaseaddress + ";" +
          "Jet OLEDB:Database Password=" + "password" + ";";
            fc.Open(str);

            RS.Open(sqlQuery, fc, ADODB.CursorTypeEnum.adOpenStatic, ADODB.LockTypeEnum.adLockOptimistic,0);
            MessageBox.Show(string.Format("{0}",RS.RecordCount));