Converting a string to a number

Hello everyone, first post and all that, i got a bit of a problem.

First off, the DB information:
id: autonumber
score: text
Both these feilds in the database are numerical, however, the score is used as a text feild, the id an autonumber.
When i use a querystring to pass the score over to another page, so that the page produces only information with that perticular score matching, it works.
When i try to use the ID number, i get a case miss match.
I can only fathom that this is because its an autonumber. However, i need to keep the DB design as it is, as when i add a new article to the Database, the ID number is autogenerated and doesnt duplicate.
Is there anyway i can convert the value of ID from text to a number so that i can pull the information out of the DB?
Thanks.
0
northern_monkey
2/25/2005 12:15:52 PM
asp.net.getting-started 91979 articles. 3 followers. Follow

5 Replies
353 Views

Similar Articles

[PageSpeed] 53

Can we see the code that is giving you trouble?

Terri
Terri Morton
Engagement Manager, Neudesic

How to ask a question

0
tmorton
2/25/2005 1:06:45 PM
on the page where all reviews are selected


<a href=review.aspx?title=<%# Container.DataItem("id") %>>Read</a>

--
the reviews page (where the information should be called up)

sub page_load
dim id = request.QueryString("id")

dim dbconn,sql,dbcomm,dbread
dbconn=New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;data source=" & server.mappath("nbc.mdb"))
dbconn.Open()
sql="SELECT * FROM nbcreview where id='" & id & "'"
dbcomm=New OleDbCommand(sql,dbconn)
dbread=dbcomm.ExecuteReader()
user.DataSource=dbread
user.DataBind()
dbread.Close()
dbconn.Close()
end sub

If i change the query string to a text feild, it will work...if i try it with the id feild (which is an autonumber) it doesnt work and gives me a type missmatch error.
0
northern_monkey
2/25/2005 1:10:56 PM
Remove single quote from your query if the field is integer.

sql="SELECT * FROM nbcreview where id=" & integer.Parse(id )
It should work
Arvind Malik
0
arvind2004
2/25/2005 1:29:54 PM
Please never concatenate data into a SQL string to be executed!  This is opening your website up to SQL injection attacks.  Instead use parameters.

The end part of your code would be better like this:

sql="SELECT * FROM nbcreview where id=@ID"
dbcomm=New OleDbCommand(sql,dbconn)
dbcomm.Parameters.Add("@ID", OleDbType.Integer).Value=ID
dbread=dbcomm.ExecuteReader()
user.DataSource=dbread
user.DataBind()
dbread.Close()
dbconn.Close()

Terri
Terri Morton
Engagement Manager, Neudesic

How to ask a question

0
tmorton
2/25/2005 1:42:28 PM
Thanks a lot, it is working now.

I also spotted a glaring error in my programming (as usual).
On the first part of the code, the querystring was named title (after another test), though i changed it on local machine, i forgot to upload it.
D'oh.
Either way, it is working fine now, thanks for the help, expect a few more posts in the coming months. This site is for my dissertation at university and ive never programmed asp.net before (though can do asp and php)
Thanks again for the help guys!
0
northern_monkey
2/25/2005 1:44:17 PM
Reply: