 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / September 2007How to use Variable in select statement?
I created a very simple form. There are 2 text boxes; 1 for entering account number and other to display its desription. I also placed buttom so when it is clicked, select statement underneath grab the description of that part number and display on the form. I also created a data set for 2 tables both have account# as common field. My sql statement is: lcsql = "select acctnum, description, table2.amount from table1 inner join table2 on table1.acctnum = table2.acctnum where table1.acctnum = " & me!textbox1.text I am trying to find out how to use form's variable in select statement like textbox1. I am very new to C# so please bear with me. > I created a very simple form. > [quoted text clipped - 16 lines] > > I am very new to C# so please bear with me. Try setting the text in the text box as a variable: public getInfo { string text = textbox1.text; //OR int text = Convert.ToInt32(textbox1.text); //for an integer value string lcsql = "select acctnum, description, table2.amount from table1 inner join table2 on table1.acctnum = table2.acctnum where table1.acctnum = '" + text + "'""; } There is a single quote followed by a double quote in front of text in the SQL statement and a double-single-double after. If using the integer variable then you will only need a double quote in front and two double quotes at the end (providing you are using MSSQL) HTH While others may show you how to do what you ask, you should additionally be aware that what you are doing is very dangerous. This link will help to explain why: http://msdn2.microsoft.com/en-us/library/ms161953.aspx Google "Sql Injection" or "Sql Injection Attack" for more. -HTH -S >I created a very simple form. > [quoted text clipped - 16 lines] > > I am very new to C# so please bear with me. Absolutely. The use of parameters is defintately the way to go, albeit a little confusing for someone just looking for the syntax mentioned above. Are you suggesting that the OP should have not been made aware of this important security risk simply because it might confuse the OP? If not, what is your reason for bringing up the possibility that someone might be confused by something? "[the use of parameters is] a little confusing" is a subjective conclusion. Just because you are confused by them doesn't mean anybody else in the world would be. It is irresponsible to suggest to an admitted "new to C#" person that something they should do is confusing. -S > Absolutely. The use of parameters is defintately the way to go, albeit > a little confusing for someone just looking for the syntax mentioned > above. Right, actually my statement was, The use of parameters is defintately the way to go, albeit a little confusing for someone just looking for the syntax mentioned above. The last eight words qualifying the word 'confusing', and not after implying that everyone is as dumb as myself. I don't think he's giving public access to his application, I think he's in the initial stages of learning the language. Best practices and security come after syntax, in my opinion. Thank you guys for your input. BTW, would please suggest the best book that I can buy and follow the instruction. Book with some example would help. Thanks again. > Right, actually my statement was, > [quoted text clipped - 8 lines] > he's in the initial stages of learning the language. Best practices > and security come after syntax, in my opinion. Querying a database from an application covers a lot of topic areas. There is not one book I am aware of that addresses everything you would need to know. Maybe someone else will provide such. While not partaining exactly to your OP here... For an excellent introductoin to SQL, have a look at "SQL Queries for Mere Mortals" by Hernandez He also has a good book on database design, "Database Design for Mere Mortals" by Hernandez and Viescas. For client-side stuff, check out Programming Microsoft ADO.NET 2.0 by David Sceppa. -HTH > Thank you guys for your input. > [quoted text clipped - 15 lines] >> he's in the initial stages of learning the language. Best practices >> and security come after syntax, in my opinion. Querying a database from an application covers a lot of topic areas. There is not one book I am aware of that addresses everything you would need to know. Maybe someone else will provide such. While not partaining exactly to your OP here... For an excellent introductoin to SQL, have a look at "SQL Queries for Mere Mortals" by Hernandez He also has a good book on database design, "Database Design for Mere Mortals" by Hernandez and Viescas. For client-side stuff, check out Programming Microsoft ADO.NET 2.0 by David Sceppa. -HTH > Thank you guys for your input. > [quoted text clipped - 15 lines] >> he's in the initial stages of learning the language. Best practices >> and security come after syntax, in my opinion. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.