0

I need help with my Microsoft access database assignment using C# on visual studios. I have all the code written, but I keep getting errors on the query message area in the combo box event handler. The error that I keep getting says that I have an issue with the query expression by the zip code table and INNER JOIN area.

Here is the code - 

    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Final_Programming
{
    public partial class customerInformationFRM : Form
    {
        public customerInformationFRM()
        {
            InitializeComponent();
        }

        OleDbConnection cusInfoConnection = new OleDbConnection();
        string chosenCustomer;

        // Method for access database connection
        private void databaseConnection()
        {
            try
            {
                // Establishes where provider to go to in order to open microsoft access file
                string connect = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" +
                                  "FinalDatabase.accdb;Persist Security Info=False;";

                // Open database connection
                cusInfoConnection.ConnectionString = connect;
                cusInfoConnection.Open();
            }
            catch (Exception errMsg)
            {
                // Messagebox pops up if theres an error
                MessageBox.Show("Error in databaseConnection method: " + errMsg.Message,
                    "databaseConnection method error",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Error);
            }
        }

        // Method to fill combo box
        private void fillComboBox()
        {
            try
            {
                string cusInfoQRY = "SELECT PersonalInfo.[IDnumber] FROM PersonalInfo";

                // Define Adapter
                OleDbDataAdapter cusNumDA = new OleDbDataAdapter(cusInfoQRY, cusInfoConnection);
                cusNumDA.Fill(cusNumDS, "IDnumber");
                cusNumCMB.DataSource = cusNumDS.Tables[0];
                cusNumCMB.DisplayMember = "IDnumber";
                cusNumCMB.ValueMember = "IDnumber";
            }
            catch (Exception errMsg)
            {
                MessageBox.Show("Error in fill combo box method: " + errMsg.Message,
                    "Combo box error",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Error);
            }
        }

        private void customerInformationFRM_Load(object sender, EventArgs e)
        {
            try
            {
                databaseConnection();
                fillComboBox();
            }
            catch (Exception errMsg)
            {
                MessageBox.Show("Error in form load: " + errMsg.Message,
                    "Form load error",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Error);
            }
        }

        private void cusNumCMB_SelectedIndexChanged(object sender, EventArgs e)
        {
            try
            {
                cusNumDS.Clear();
                customerInfoDS.Clear();
                orderInfoDS.Clear();
                chosenCustomer = cusNumCMB.Text;

                if (chosenCustomer != "System.Data.DataRowView")
                {
                    string cusInfoSQL = "SELECT PersonalInfo.FirstName, PersonalInfo.LastName, PersonalInfo.PhoneNumber, " +
                        "PersonalInfo.EmailAddress, PersonalInfo.Address, ZipCode.City, ZipCode.State, ZipCode.Zip" +
                        "FROM ZipCode INNER JOIN PersonalInfo ON ZipCode.[Zip] = PersonalInfo.[Zip] where PersonalInfo.IDnumber = '" +
                        chosenCustomer + "'";

                    OleDbDataAdapter customerNumberDA = new OleDbDataAdapter(cusInfoSQL, cusInfoConnection);

                    customerNumberDA.Fill(customerInfoDS, "customerInfo");

                    DataRow customerInfoDR = customerInfoDS.Tables[1].Rows[0];

                    firstNameTB.Text = customerInfoDR[0].ToString();
                    lastNameTB.Text = customerInfoDR[1].ToString();
                    phoneNumTB.Text = customerInfoDR[2].ToString();
                    emailTB.Text = customerInfoDR[3].ToString();
                    addressTB.Text = customerInfoDR[4].ToString();
                    cityTB.Text = customerInfoDR[5].ToString();
                    stateTB.Text = customerInfoDR[6].ToString();
                    zipTB.Text = customerInfoDR[7].ToString();

                    string orderSQL = "SELECT OrderInfo.[OrderDate], " +
                        "OrderInfo.[OrderShipped], OrderInfo.[ShippingFee]FROM OrderInfo where " +
                        "OrderInfo.[OrderNumber] = '" + chosenCustomer + "'";

                    OleDbDataAdapter itemsDA = new OleDbDataAdapter(orderSQL, cusInfoConnection);
                    itemsDA.Fill(orderInfoDS, "order");

                    decimal total = 0.0m;

                    foreach (DataRow currentRow in orderInfoDS.Tables[0].Rows)
                    {
                        total = Convert.ToDecimal(currentRow[3]);

                        customerDataDGV.Rows.Add(currentRow[0].ToString(), currentRow[1].ToString(), currentRow[2].ToString(), Convert.ToString(total.ToString("C")));

                        totalShippingTB.Text = Convert.ToString(total.ToString("C"));
                    }
                }
            }
            catch (Exception errMsg)
            {
                MessageBox.Show("Error in combo box event handler: " + errMsg.Message,
                    "Combo box error",
                    MessageBoxButtons.OK,
                    MessageBoxIcon.Error);
            }
        }
    }
}
programmingGolfer8888
  • 9
  • 3
  • What is the **exact** value of `cusInfoSQL` and `orderSQL`? What happens when you try to run those queries directly against Microsoft Access? (without C# involved) – mjwills Dec 04 '18 at 10:21
  • Possible duplicate of [SQL Injection prevention with Microsoft Access and VB.NET](https://stackoverflow.com/questions/16759516/sql-injection-prevention-with-microsoft-access-and-vb-net) – mjwills Dec 04 '18 at 10:22
  • I suspect you meant to put a space at the end of this string - `ZipCode.Zip"`. – mjwills Dec 04 '18 at 10:22
  • Unfortunately all that got me was to an error that says there's a data type mismatch in criteria expression – programmingGolfer8888 Dec 04 '18 at 10:29
  • All **what** got me? – mjwills Dec 04 '18 at 10:30
  • Also note that our aim here isn't to solve **every** problem in your code. It is to answer your initial question. You asked why you were getting an error and I pointed out why. Your 'new' error is almost certainly due to your use of your quotes in your query - which you **must not do**, since it is a SQL Injection risk. Check the duplicate link I provided. – mjwills Dec 04 '18 at 10:31
  • Also, please answer the three questions I asked in my first comment. – mjwills Dec 04 '18 at 10:36

0 Answers0