lea <le********@no-mx.msusenet.com> wrote:
i write this, im using access and oledb:
i have a lblDate=Date.Today in form load
"DELETE FROM Tblname WHERE SaleDate='" & lblDate.text "'"
i just want to delete the records with SaleDate=today date but when i
run the system, it delete all the records. I put the Record's
field(SaleDate) as null, and i think it should not be deleted because
it's not match with lblDate.text? my concept is wrong? :mad:
For one thing, it's *very* dangerous to include user input in a SQL
query just like that.
Instead, use a parameterised query, which means you get to use a
strongly typed date rather than assuming the user has used the right
date format for your database.
See
http://www.pobox.com/~skeet/csharp/faq/#db.parameters for more
information.
--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too