473,322 Members | 1,347 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

problem with OleDbParameter (using a variable columnname in a sql string ).

Hi

I try to use this as sql string ( The field i compare with is variable. )

"SELECT * FROM FMatrix WHERE @wantedfield=@criteria"

i use the Parameters.Add with OleDbType.WChar .

Why can't i specify the field i want to use as a parameter ?

I have no error,but the query has no result when run.

of course i could solve it with

string wantedfield="MyField";

"SELECT * FROM FMatrix WHERE " + wantedfield + "=@criteria"

but i suspect it could be done by using parameters.Add

Do i need to set the OleDbParameter.SourceColumn ?
Any hint ?

Johan
Dec 2 '05 #1
2 2013
Hi,

Sagaert Johan wrote:
"SELECT * FROM FMatrix WHERE @wantedfield=@criteria"
Why can't i specify the field i want to use as a parameter ?
I have no error,but the query has no result when run.
That's because it is a valid query, but it doesn't do what you think it
does. You are comparing the two argument values, which is perfetly legal.
What this will do is return all rows from FMatrix if the value of
@wantedfield parameter happens to be equal to value of @criteria; none
otherwise.
of course i could solve it with
"SELECT * FROM FMatrix WHERE " + wantedfield + "=@criteria"
That would be the most reasonable solution for a simple case like yours.
but i suspect it could be done by using parameters.Add


If you really want to, you can achieve it with a considerably more complex
WHERE clause, such as:

SELECT * FROM FMatrix
WHERE (@wantedfield = 'Field1' AND Field1 = @criteria)
OR (@wantedfield = 'Field2' AND Field2 = @criteria)
OR (@wantedfield = 'Field3' AND Field3 = @criteria)
[... and so forth]
--
Chris Priede
Dec 2 '05 #2
Just to sate the obvious - as ever with string concatenation, with this
approach you should sanity-check the value of wantedfield (e.g. limit it to
a few known values, ideally via an enum or similar), and (in particular) do
*NOT* blindly accept string values from external sources (e.g. as an HTML
form variable) - otherwise you are opening yourself up to an SQL-injection
attack.

An example malformed string for memberfield: "1=0 DELETE FROM FMatrix --"

Marc

"Chris Priede" <pr****@panix.com> wrote in message
news:%2***************@TK2MSFTNGP11.phx.gbl...
Hi,

Sagaert Johan wrote:
"SELECT * FROM FMatrix WHERE @wantedfield=@criteria"
Why can't i specify the field i want to use as a parameter ?
I have no error,but the query has no result when run.


That's because it is a valid query, but it doesn't do what you think it
does. You are comparing the two argument values, which is perfetly legal.
What this will do is return all rows from FMatrix if the value of
@wantedfield parameter happens to be equal to value of @criteria; none
otherwise.
of course i could solve it with
"SELECT * FROM FMatrix WHERE " + wantedfield + "=@criteria"


That would be the most reasonable solution for a simple case like yours.
but i suspect it could be done by using parameters.Add


If you really want to, you can achieve it with a considerably more complex
WHERE clause, such as:

SELECT * FROM FMatrix
WHERE (@wantedfield = 'Field1' AND Field1 = @criteria)
OR (@wantedfield = 'Field2' AND Field2 = @criteria)
OR (@wantedfield = 'Field3' AND Field3 = @criteria)
[... and so forth]
--
Chris Priede

Dec 2 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Mullin Yu | last post by:
i have a stored procedure at sql server 2k. which will update records and select result from temp table. if i use SqlConnection class, and i do both. but, if i use OleDbConnection class, i can...
4
by: Arif Çimen | last post by:
Hi to everybody, I have chnged a button text in design mode. But After compiling and executing the program the text of the button do not change to new value. Any Ideas? Thaks for helps.
0
by: Chris Ericoli | last post by:
Hi, I am working with an 'in session' ado dataset with an asp.net application. My dataset is comprised of two tables, one of which maintains a few calculated datacolumns. For some reason these...
2
by: ddaniel | last post by:
I have read many posts and seen many papers on the different techniques for sort and filtering datagrids. Many do re-queries against the dB ala Fritz Onion. I am trying to leverage the Dataview....
0
by: B-lv | last post by:
I have an admin script to modify data in an Access db, but when I hit the update button after changing a field, I get a "Specified argument was out of the range of valid values. Parameter name:...
4
by: onecorp | last post by:
I have a SQL table comprised of 31 columns. The first column is simply an id column, the next 30 columns are labelled ,.... The numerical columns have a tinyint type and the data stored is either...
2
by: explode | last post by:
I made nova oledbdataadapter select update insert and delete command and connection veza. dataset is Studenti1data, I made it by the new data source wizard,and made datagridview and bindingsource...
5
by: explode | last post by:
I made a procedure Public Sub Novo(ByVal nova1 As String, ByVal nova2 As String) that creates a new oledbDataAdapter with insert update select and delete commads. I also added that commands can...
2
by: Tom | last post by:
This is driving me crazy ... I have a typed dataset that I created using VS2008. I created an Insert statement: "INSERT INTO x (v1, v2, v3, ..., vN) VALUES (?, ?, ?, ... N?)" Then I add...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.