String.Format
-
Hi, I have posted this question before but the response was less than satisfactory. What does the following line of code actually do?
strSQL = String.Format("SELECT UserName FROM MembersInfotbl WHERE (email='{0}');", txtUserName.Text)I had done some search on String.Format and some of the sites I visited said that the 1st value within the parentheses serves as the place holder for the 2nd value. So for example if k=String.Format( Page{0}, 1) the number 0 will be replaced by the 2nd number which is 1. That doesn't make sense when applied to the line above, because then email='{0}' would become email= txtUserName.text. Please correct me if I'm wrong. Thank you in advance for your help.
-
Hi, I have posted this question before but the response was less than satisfactory. What does the following line of code actually do?
strSQL = String.Format("SELECT UserName FROM MembersInfotbl WHERE (email='{0}');", txtUserName.Text)I had done some search on String.Format and some of the sites I visited said that the 1st value within the parentheses serves as the place holder for the 2nd value. So for example if k=String.Format( Page{0}, 1) the number 0 will be replaced by the 2nd number which is 1. That doesn't make sense when applied to the line above, because then email='{0}' would become email= txtUserName.text. Please correct me if I'm wrong. Thank you in advance for your help.
ASPnoob wrote:
I had done some search on String.Format and some of the sites I visited said that the 1st value within the parentheses serves as the place holder for the 2nd value.
What you have got from the search is right. But you have a small misunderstanding with that.
ASPnoob wrote:
strSQL = String.Format("SELECT UserName FROM MembersInfotbl WHERE (email='{0}');", txtUserName.Text)
if the textbox has some value say XXX@YYY.COM, then strSQL will be
SELECT UserName FROM MembersInfotbl WHERE (email='XXX@YYY.COM');Regards, Arun Kumar.A
-
ASPnoob wrote:
I had done some search on String.Format and some of the sites I visited said that the 1st value within the parentheses serves as the place holder for the 2nd value.
What you have got from the search is right. But you have a small misunderstanding with that.
ASPnoob wrote:
strSQL = String.Format("SELECT UserName FROM MembersInfotbl WHERE (email='{0}');", txtUserName.Text)
if the textbox has some value say XXX@YYY.COM, then strSQL will be
SELECT UserName FROM MembersInfotbl WHERE (email='XXX@YYY.COM');Regards, Arun Kumar.A
The reason I was confused was because txtUserName.text is used for inputing a user's user name. The following was the code that I found for validating a user's Login.
Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
Dim bResult As Boolean = False
Dim objConn As New OleDbConnection(ConfigurationSettings.AppSettings("myDB"))
Dim strSQL As String
Dim strGoodPassword As String
Dim objCommand As New OleDbCommandobjCommand.Connection = objConn strSQL = String.Format("SELECT p\_w FROM myDB WHERE (email='{0}');", txtUserName.text) objCommand.CommandText = strSQL objCommand.CommandType = CommandType.Text objConn.Open() strGoodPassword = CType(objCommand.ExecuteScalar, String) objConn.Close() If Not strGoodPassword Is Nothing Then If strGoodPassword = strPassword Then bResult = True Else lblMessage.Text = "Invalid Login!" lblMessage.Text &= " If you are not a member please click the above link to register." End If Else lblMessage.Text = "Invalid Login!" lblMessage.Text &= " If you are not a member please click the above link to register." End If Return bResult End FunctionCould you please explain the role of strSQL in this code? I am confused as to why it was used like that. Thank you in advance for your help.
-
The reason I was confused was because txtUserName.text is used for inputing a user's user name. The following was the code that I found for validating a user's Login.
Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
Dim bResult As Boolean = False
Dim objConn As New OleDbConnection(ConfigurationSettings.AppSettings("myDB"))
Dim strSQL As String
Dim strGoodPassword As String
Dim objCommand As New OleDbCommandobjCommand.Connection = objConn strSQL = String.Format("SELECT p\_w FROM myDB WHERE (email='{0}');", txtUserName.text) objCommand.CommandText = strSQL objCommand.CommandType = CommandType.Text objConn.Open() strGoodPassword = CType(objCommand.ExecuteScalar, String) objConn.Close() If Not strGoodPassword Is Nothing Then If strGoodPassword = strPassword Then bResult = True Else lblMessage.Text = "Invalid Login!" lblMessage.Text &= " If you are not a member please click the above link to register." End If Else lblMessage.Text = "Invalid Login!" lblMessage.Text &= " If you are not a member please click the above link to register." End If Return bResult End FunctionCould you please explain the role of strSQL in this code? I am confused as to why it was used like that. Thank you in advance for your help.
hi, the purpose of strSQL is to store the sql command string, which in this case will retrieve the field p_w from the table myDB and whose email is equal to the email address provided by the user. the string.format function simply replaces {0} with the string from the textbox - txtUserName, which the user provided. the otput of this will be same as : strSQL = "SELECT p_w FROM myDB WHERE (email='" & txtUserName.text & "');" you need this string because it tells the command object what to fetch from the database. hope this helps.
regards :)
-
The reason I was confused was because txtUserName.text is used for inputing a user's user name. The following was the code that I found for validating a user's Login.
Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
Dim bResult As Boolean = False
Dim objConn As New OleDbConnection(ConfigurationSettings.AppSettings("myDB"))
Dim strSQL As String
Dim strGoodPassword As String
Dim objCommand As New OleDbCommandobjCommand.Connection = objConn strSQL = String.Format("SELECT p\_w FROM myDB WHERE (email='{0}');", txtUserName.text) objCommand.CommandText = strSQL objCommand.CommandType = CommandType.Text objConn.Open() strGoodPassword = CType(objCommand.ExecuteScalar, String) objConn.Close() If Not strGoodPassword Is Nothing Then If strGoodPassword = strPassword Then bResult = True Else lblMessage.Text = "Invalid Login!" lblMessage.Text &= " If you are not a member please click the above link to register." End If Else lblMessage.Text = "Invalid Login!" lblMessage.Text &= " If you are not a member please click the above link to register." End If Return bResult End FunctionCould you please explain the role of strSQL in this code? I am confused as to why it was used like that. Thank you in advance for your help.
Firstly, that appears to be a nasty bit of code. No wonder you're confused. If I were you I'd do some research, some learning & then rewrite it properly. strSQL is being used here as an SQL Select statement[^] that retrieves data, in this case an email address, from a database (I'm guessing Access) using a Command Object[^]. Why is this code is bad? Here's a few reasons off the cuff - I'm giving you these (and a few links for your benefit) to point you in the right direction when you rewrite it 1. The function is being passed an argument (strUsername) that is never used. 2. There is no input validation being done on the email address in the SQL statement which opens the database up to SQL Injection[^]. 3. There are no Try...Catch...Finally[^] blocks - standard practice when working with a database. I shudder to think what the rest of this code looks like... Good luck.