Seriously? :S Not a single soul provided an answer with a SqlParameter. It's sad to see a professional community still encourages people to generate SQL as string which is vulnerable to so many hacks.
OleDbConnection connection = new OleDbConnection("Read your connection string from a config file. May be an encrypted one");
try
{
connection.Open();
OleDbCommand command = connection.CreateCommand();
command.CommandType = CommandType.Text;
command.CommandText = "SELECT * FROM arrear where [uid] = @uid";
OleDbParameter parameter = command.CreateParameter();
parameter.ParameterName = "@uid";
parameter.DbType = DbType.Int32;
parameter.Value = someLabel.Text;
command.Parameters.Add(parameter);
OleDbDataReader reader = command.ExecuteReader();
}
finally
{
if (connection.State != ConnectionState.Closed)
connection.Close();
}
This will take away many data formatting issues, unless the value you pass into the parameter fails to be converted to the specified data type specified in the parameter DbType
Hope this helps, regards