471,355 Members | 1,608 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,355 software developers and data experts.

How to use Variable in select statement?

I created a very simple form.

There are 2 text boxes; 1 for entering account number and other to display
its desription.

I also placed buttom so when it is clicked, select statement underneath grab
the description of that part number and display on the form.

I also created a data set for 2 tables both have account# as common field.

My sql statement is:

lcsql = "select acctnum, description, table2.amount from table1 inner join
table2 on table1.acctnum = table2.acctnum
where table1.acctnum = " & me!textbox1.text

I am trying to find out how to use form's variable in select statement like
textbox1.

I am very new to C# so please bear with me.
Sep 28 '07 #1
8 8576
On Sep 28, 12:54 pm, "Mehbs" <msam...@comcast.netwrote:
I created a very simple form.

There are 2 text boxes; 1 for entering account number and other to display
its desription.

I also placed buttom so when it is clicked, select statement underneath grab
the description of that part number and display on the form.

I also created a data set for 2 tables both have account# as common field.

My sql statement is:

lcsql = "select acctnum, description, table2.amount from table1 inner join
table2 on table1.acctnum = table2.acctnum
where table1.acctnum = " & me!textbox1.text

I am trying to find out how to use form's variable in select statement like
textbox1.

I am very new to C# so please bear with me.
Try setting the text in the text box as a variable:

public getInfo
{
string text = textbox1.text;

//OR

int text = Convert.ToInt32(textbox1.text); //for an integer value

string lcsql = "select acctnum, description, table2.amount from
table1 inner join
table2 on table1.acctnum = table2.acctnum
where table1.acctnum = '" + text + "'"";
}

There is a single quote followed by a double quote in front of text in
the SQL statement and a double-single-double after. If using the
integer variable then you will only need a double quote in front and
two double quotes at the end (providing you are using MSSQL)

HTH





Sep 28 '07 #2
While others may show you how to do what you ask, you should additionally be
aware that what you are doing is very dangerous. This link will help to
explain why:

http://msdn2.microsoft.com/en-us/library/ms161953.aspx

Google "Sql Injection" or "Sql Injection Attack" for more.

-HTH

-S
"Mehbs" <ms*****@comcast.netwrote in message
news:e7**************@TK2MSFTNGP06.phx.gbl...
>I created a very simple form.

There are 2 text boxes; 1 for entering account number and other to display
its desription.

I also placed buttom so when it is clicked, select statement underneath
grab the description of that part number and display on the form.

I also created a data set for 2 tables both have account# as common field.

My sql statement is:

lcsql = "select acctnum, description, table2.amount from table1 inner
join table2 on table1.acctnum = table2.acctnum
where table1.acctnum = " & me!textbox1.text

I am trying to find out how to use form's variable in select statement
like textbox1.

I am very new to C# so please bear with me.


Sep 28 '07 #3
Absolutely. The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.
Sep 28 '07 #4
Are you suggesting that the OP should have not been made aware of this
important security risk simply because it might confuse the OP?

If not, what is your reason for bringing up the possibility that someone
might be confused by something?

"[the use of parameters is] a little confusing" is a subjective conclusion.
Just because you are confused by them doesn't mean anybody else in the world
would be.

It is irresponsible to suggest to an admitted "new to C#" person that
something they should do is confusing.

-S
"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@19g2000hsx.googlegro ups.com...
Absolutely. The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.


Sep 28 '07 #5
Right, actually my statement was,

The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.

The last eight words qualifying the word 'confusing', and not after
implying that everyone is as dumb as myself.

I don't think he's giving public access to his application, I think
he's in the initial stages of learning the language. Best practices
and security come after syntax, in my opinion.

Sep 28 '07 #6
Thank you guys for your input.

BTW, would please suggest the best book that I can buy and follow the
instruction. Book with some example would help.

Thanks again.

"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...
Right, actually my statement was,

The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.

The last eight words qualifying the word 'confusing', and not after
implying that everyone is as dumb as myself.

I don't think he's giving public access to his application, I think
he's in the initial stages of learning the language. Best practices
and security come after syntax, in my opinion.

Sep 28 '07 #7
Querying a database from an application covers a lot of topic areas. There
is not one book I am aware of that addresses everything you would need to
know. Maybe someone else will provide such.

While not partaining exactly to your OP here...
For an excellent introductoin to SQL, have a look at "SQL Queries for Mere
Mortals" by Hernandez
He also has a good book on database design, "Database Design for Mere
Mortals" by Hernandez and Viescas.

For client-side stuff, check out Programming Microsoft ADO.NET 2.0 by David
Sceppa.

-HTH
"Mehbs" <ms*****@comcast.netwrote in message
news:OD*************@TK2MSFTNGP06.phx.gbl...
Thank you guys for your input.

BTW, would please suggest the best book that I can buy and follow the
instruction. Book with some example would help.

Thanks again.

"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...
>Right, actually my statement was,

The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.

The last eight words qualifying the word 'confusing', and not after
implying that everyone is as dumb as myself.

I don't think he's giving public access to his application, I think
he's in the initial stages of learning the language. Best practices
and security come after syntax, in my opinion.



Sep 29 '07 #8
Querying a database from an application covers a lot of topic areas. There
is not one book I am aware of that addresses everything you would need to
know. Maybe someone else will provide such.

While not partaining exactly to your OP here...
For an excellent introductoin to SQL, have a look at "SQL Queries for Mere
Mortals" by Hernandez
He also has a good book on database design, "Database Design for Mere
Mortals" by Hernandez and Viescas.

For client-side stuff, check out Programming Microsoft ADO.NET 2.0 by David
Sceppa.

-HTH
"Mehbs" <ms*****@comcast.netwrote in message
news:OD*************@TK2MSFTNGP06.phx.gbl...
Thank you guys for your input.

BTW, would please suggest the best book that I can buy and follow the
instruction. Book with some example would help.

Thanks again.

"Looch" <lu**********@yahoo.comwrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...
>Right, actually my statement was,

The use of parameters is defintately the way to go, albeit
a little confusing for someone just looking for the syntax mentioned
above.

The last eight words qualifying the word 'confusing', and not after
implying that everyone is as dumb as myself.

I don't think he's giving public access to his application, I think
he's in the initial stages of learning the language. Best practices
and security come after syntax, in my opinion.


Sep 29 '07 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Karzy | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.