I created a very simple form.
There are 2 text boxes; 1 for entering account number and other to display
its desription.
I also placed buttom so when it is clicked, select statement underneath grab
the description of that part number and display on the form.
I also created a data set for 2 tables both have account# as common field.
My sql statement is:
lcsql = "select acctnum, description, table2.amount from table1 inner join
table2 on table1.acctnum = table2.acctnum
where table1.acctnum = " & me!textbox1.text
I am trying to find out how to use form's variable in select statement like
textbox1.
I am very new to C# so please bear with me. 8 8679
On Sep 28, 12:54 pm, "Mehbs" <msam...@comcast.netwrote:
I created a very simple form.
There are 2 text boxes; 1 for entering account number and other to display
its desription.
I also placed buttom so when it is clicked, select statement underneath grab
the description of that part number and display on the form.
I also created a data set for 2 tables both have account# as common field.
My sql statement is:
lcsql = "select acctnum, description, table2.amount from table1 inner join
table2 on table1.acctnum = table2.acctnum
where table1.acctnum = " & me!textbox1.text
I am trying to find out how to use form's variable in select statement like
textbox1.
I am very new to C# so please bear with me.
Try setting the text in the text box as a variable:
public getInfo
{
string text = textbox1.text;
//OR
int text = Convert.ToInt32(textbox1.text); //for an integer value
string lcsql = "select acctnum, description, table2.amount from
table1 inner join
table2 on table1.acctnum = table2.acctnum
where table1.acctnum = '" + text + "'"";
}
There is a single quote followed by a double quote in front of text in
the SQL statement and a double-single-double after. If using the
integer variable then you will only need a double quote in front and
two double quotes at the end (providing you are using MSSQL)
HTH
While others may show you how to do what you ask, you should additionally be
aware that what you are doing is very dangerous. This link will help to
explain why: http://msdn2.microsoft.com/en-us/library/ms161953.aspx
Google "Sql Injection" or "Sql Injection Attack" for more.
-HTH
-S
"Mehbs" <ms*****@comcast.netwrote in message
news:e7**************@TK2MSFTNGP06.phx.gbl...
>I created a very simple form.
There are 2 text boxes; 1 for entering account number and other to display
its desription.
I also placed buttom so when it is clicked, select statement underneath
grab the description of that part number and display on the form.
I also created a data set for 2 tables both have account# as common field.
My sql statement is:
lcsql = "select acctnum, description, table2.amount from table1 inner
join table2 on table1.acctnum = table2.acctnum
where table1.acctnum = " & me!textbox1.text
I am trying to find out how to use form's variable in select statement
like textbox1.
I am very new to C# so please bear with me.
Absolutely. The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.
Are you suggesting that the OP should have not been made aware of this
important security risk simply because it might confuse the OP?
If not, what is your reason for bringing up the possibility that someone
might be confused by something?
"[the use of parameters is] a little confusing" is a subjective conclusion.
Just because you are confused by them doesn't mean anybody else in the world
would be.
It is irresponsible to suggest to an admitted "new to C#" person that
something they should do is confusing.
-S
"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@19g2000hsx.googlegro ups.com...
Absolutely. The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.
Right, actually my statement was,
The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.
The last eight words qualifying the word 'confusing', and not after
implying that everyone is as dumb as myself.
I don't think he's giving public access to his application, I think
he's in the initial stages of learning the language. Best practices
and security come after syntax, in my opinion.
Thank you guys for your input.
BTW, would please suggest the best book that I can buy and follow the
instruction. Book with some example would help.
Thanks again.
"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...
Right, actually my statement was,
The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.
The last eight words qualifying the word 'confusing', and not after
implying that everyone is as dumb as myself.
I don't think he's giving public access to his application, I think
he's in the initial stages of learning the language. Best practices
and security come after syntax, in my opinion.
Querying a database from an application covers a lot of topic areas. There
is not one book I am aware of that addresses everything you would need to
know. Maybe someone else will provide such.
While not partaining exactly to your OP here...
For an excellent introductoin to SQL, have a look at "SQL Queries for Mere
Mortals" by Hernandez
He also has a good book on database design, "Database Design for Mere
Mortals" by Hernandez and Viescas.
For client-side stuff, check out Programming Microsoft ADO.NET 2.0 by David
Sceppa.
-HTH
"Mehbs" <ms*****@comcast.netwrote in message
news:OD*************@TK2MSFTNGP06.phx.gbl...
Thank you guys for your input.
BTW, would please suggest the best book that I can buy and follow the
instruction. Book with some example would help.
Thanks again.
"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...
>Right, actually my statement was,
The use of parameters is defintately the way to go, albeit a little confusing for someone just looking for the syntax mentioned above.
The last eight words qualifying the word 'confusing', and not after implying that everyone is as dumb as myself.
I don't think he's giving public access to his application, I think he's in the initial stages of learning the language. Best practices and security come after syntax, in my opinion.
Querying a database from an application covers a lot of topic areas. There
is not one book I am aware of that addresses everything you would need to
know. Maybe someone else will provide such.
While not partaining exactly to your OP here...
For an excellent introductoin to SQL, have a look at "SQL Queries for Mere
Mortals" by Hernandez
He also has a good book on database design, "Database Design for Mere
Mortals" by Hernandez and Viescas.
For client-side stuff, check out Programming Microsoft ADO.NET 2.0 by David
Sceppa.
-HTH
"Mehbs" <ms*****@comcast.netwrote in message
news:OD*************@TK2MSFTNGP06.phx.gbl...
Thank you guys for your input.
BTW, would please suggest the best book that I can buy and follow the
instruction. Book with some example would help.
Thanks again.
"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...
>Right, actually my statement was,
The use of parameters is defintately the way to go, albeit a little confusing for someone just looking for the syntax mentioned above.
The last eight words qualifying the word 'confusing', and not after implying that everyone is as dumb as myself.
I don't think he's giving public access to his application, I think he's in the initial stages of learning the language. Best practices and security come after syntax, in my opinion. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Karzy |
last post by:
I would like to have a form that gives the user choices for selection
parameters for email, printing etc.
A real simple example:
Give me all ______ who ______ when _______ where _______
I...
|
by: Guy Hocking |
last post by:
Hi there,
I have a problem in my ASP/SQL Server application i am developing, i hope
you guys can help.
I have a ASP form with list boxes populated by SQL tables. When a user
selects a value...
|
by: jinksto |
last post by:
Hello,
How do I insert a local variable into a select statement when using the Oracle DB connecter in asp.net 2.0
In Code Behind: I set this the string to be the users id:
Protected Sub...
|
by: ramcouser |
last post by:
Hi
I am trying to select multiple rows from my table based on the search criteria.
in cics cobol.
with a host variable.
i am using a SELECT statement with LIKE :ws-custid.
here the like is...
|
by: micky125 |
last post by:
Hey guys I have been checking the forum for a way to populate a second select field depending on the choice made from the first one. Basically i am working on projects and the delays that occur. The...
| |
by: ramprat |
last post by:
Hi All,
I'm essentially trying to extract a value from the pre_05_growth_factor column of my traffic table and assign it to a variable to be used later.
Does anyone know why the code below...
|
by: ankitmathur |
last post by:
Hi All,
I'm facing a problem I'm unable to find a solution for. I hope fellow members would be able to help me out.
System Info:
PHP v5
MSSQL 2008
Linux box
|
by: gpsharma |
last post by:
Hi,
I need to pass a parameter into a stored procedure which values are dynamic always. Executing a variable which having the Select statement.
Following query working fine.
BEGIN
DECLARE...
|
by: ncsthbell |
last post by:
Once again... I am supporting another Access database that I did not build. The previous 'owner' of this built the tables with spaces in the table names as well as the column names. I am having a...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |