473,486 Members | 2,394 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

How to pass textBox.Text to Sql query

I want button1_Click on Form1 to send a query using the textBox1.Text string
as part of the query. I want to populate a dataGridView from an Access
database file. I am trying to build a search box with the textBox1. How do I
pass the textBox1.Text string to the query? The query string below gives me
one blank row:

string strOleDb = "Select * from ProjectTable WHERE (ProjectName LIKE
'textBox1.Text')";
-Tim Sprout
Jun 25 '07 #1
3 15862
"Tim Sprout" <tm**@ptialaska.netwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
>I want button1_Click on Form1 to send a query using the textBox1.Text
string
as part of the query. I want to populate a dataGridView from an Access
database file. I am trying to build a search box with the textBox1. How do
I
pass the textBox1.Text string to the query? The query string below gives
me
one blank row:

string strOleDb = "Select * from ProjectTable WHERE (ProjectName LIKE
'textBox1.Text')";
The easiest -and not recommended- way to do it is to concatenate the text
to the query:

string strOleDb = "Select * from ProjectTable WHERE (ProjectName LIKE '" +
textBox1.Text + "')";

This would work, BUT it has the risk of suffering what is known as a "Sql
Injection attack": If a user enters in the textbox something that looks like
Sql, it would be executed at your server. It also has other problems, for
instance, if the Text were "O'Donell", the code would crash with a syntax
error due to the single quote.

The recommended way to pass the text is to parameterize the Sql Query:

string strOleDb = "Select * from ProjectTable WHERE (ProjectName LIKE ?)";
OleDbCommand cmd = new OleDbCommand(strOleDb, connection);
cmd.Parameters.AddWithValue("FirstParam", textBox1.Text);
Jun 25 '07 #2
"Alberto Poblacion" wrote;
>
The recommended way to pass the text is to parameterize the Sql Query:

string strOleDb = "Select * from ProjectTable WHERE (ProjectName LIKE ?)";
OleDbCommand cmd = new OleDbCommand(strOleDb, connection);
cmd.Parameters.AddWithValue("FirstParam", textBox1.Text);

Thank you!

-Tim Sprout
Jun 28 '07 #3
Won't it accept Text = "'some'; drop table ProjectTable;"?
"Tim Sprout" <tm**@ptialaska.netwrote in message
news:Om**************@TK2MSFTNGP04.phx.gbl...
>"Alberto Poblacion" wrote;

The recommended way to pass the text is to parameterize the Sql
Query:

string strOleDb = "Select * from ProjectTable WHERE (ProjectName LIKE
?)";
OleDbCommand cmd = new OleDbCommand(strOleDb, connection);
cmd.Parameters.AddWithValue("FirstParam", textBox1.Text);


Thank you!

-Tim Sprout


Jun 28 '07 #4
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
7
23627
pass data by query string using submit button
by: Matt | last post by:
In ASP, when we pass data between pages, we usually pass by query string. If we pass data by query string, that means we need to use submit button, not by regular button, and the form will pass to...
ASP / Active Server Pages
2
2513
session problem with textbox text
by: TattyMane bigpond.net.au> | last post by:
asp.net, visual studio 2003, IE6 I have a sample web page that is linked to another page. On the first page, I have a text box, on the second, the first page's text box text is displayed using a...
.NET Framework
2
4805
How to save textbox.text to the dataset when it's bound to datagri
by: Alpha | last post by:
Hi, I have a window based program. One of the form has several textboxes and a datagrid. The textboxes are bind to the same dataset table as the datagrid and the text changes to reflect different...
C# / C Sharp
5
2462
Using TextBox.Text
by: Steve S | last post by:
Heres what I want to do...User types into a texbox, clicks a button, the button saves that text to a file. The problem is that when I click the submit button, any changes made to the textbox are...
ASP.NET
2
5680
trying to save TextBox.Text value to database
by: jason | last post by:
hello. i am just trying to save a TextBox.Text value to a database, but strangely, when the value is changed on the web form, the changes are not recognized in the event where i try to save the...
Visual Basic .NET
3
1946
How to tell TextBox.Text is null or not
by: Henry Lee | last post by:
Hi, I want to tell if the .NET textbox.text control on the web page has been input or not So I write If TextBox.Text <> "" then ..... End IF But you know it does not work , the error "'text'...
ASP.NET
0
1842
SqlDataSource INSERT query and TextBox text
by: Hrvoje Vrbanc | last post by:
Hello all! I'm new to ASP.NET 2.0 and I tried connecting and inserting to a SQL database by using SqlDataSource control. I build an INSERT query using the query builder tool but I'm puzzled...
ASP.NET
0
2593
Binding TextBox.Text to ScrollBar.Value
by: d.steininger | last post by:
Hi there! Is there a way to bind a Textbox.Text to a ScrollBar.Value (not the Textbox-own Scrollbar) and vice versa? The Problem: I have to deal with two controls. The Textbox should accept...
Visual Basic .NET
3
2392
formatting TextBox.Text
by: dougancil | last post by:
I have a web page that will be supplying data to a sql query and I want my users to type in dates as mm/dd/yyyy but my sql query needs the dates as yyyy/dd/mm. How can I reformat the textbox.text to...
ASP.NET
0
7105
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
6967
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7132
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7180
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
7341
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5439
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
4870
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
1
600
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
266
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us