ADO.NET Question
-
May i know what is the problem in my code below? Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Try If TextBox1.Text <> "" Then Dslogin1.Clear() OleDbDataAdapter1.SelectCommand.CommandText = _ "SELECT * FROM Login WHERE username = " & TextBox1.Text & "" OleDbDataAdapter1.Fill(Dslogin1, "Login") DataGrid1.SetDataBinding(Dslogin1,"Login") End If Catch e1 As Exception MessageBox.Show(e1.ToString) End Try End Sub i cant search the username from the textbox1.
-
May i know what is the problem in my code below? Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Try If TextBox1.Text <> "" Then Dslogin1.Clear() OleDbDataAdapter1.SelectCommand.CommandText = _ "SELECT * FROM Login WHERE username = " & TextBox1.Text & "" OleDbDataAdapter1.Fill(Dslogin1, "Login") DataGrid1.SetDataBinding(Dslogin1,"Login") End If Catch e1 As Exception MessageBox.Show(e1.ToString) End Try End Sub i cant search the username from the textbox1.
ghost181 wrote:
OleDbDataAdapter1.SelectCommand.CommandText = _ "SELECT * FROM Login WHERE username = " & TextBox1.Text & ""
Include Quotation marks: OleDbDataAdapter1.SelectCommand.CommandText = _ "SELECT * FROM Login WHERE username =
'" & TextBox1.Text & "'"_____________________________ Success is not something to wait for, its something to work for.
-
May i know what is the problem in my code below? Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Try If TextBox1.Text <> "" Then Dslogin1.Clear() OleDbDataAdapter1.SelectCommand.CommandText = _ "SELECT * FROM Login WHERE username = " & TextBox1.Text & "" OleDbDataAdapter1.Fill(Dslogin1, "Login") DataGrid1.SetDataBinding(Dslogin1,"Login") End If Catch e1 As Exception MessageBox.Show(e1.ToString) End Try End Sub i cant search the username from the textbox1.
Ignore the last response because he doesn't actually solve your real problem. Your real problem is the code is susceptable to a SQL Injection Attack. You should use parameterised queries. e.g.
OleDbDataAdapter1.SelectCommand.CommandText =
"SELECT * FROM Login WHERE username = ?";
OleDbDataAdapter1.SelectCommand.Parameters.Add("", TextBox1.Text);This will go some way to protecting your database from attack. You will want to read SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
Ignore the last response because he doesn't actually solve your real problem. Your real problem is the code is susceptable to a SQL Injection Attack. You should use parameterised queries. e.g.
OleDbDataAdapter1.SelectCommand.CommandText =
"SELECT * FROM Login WHERE username = ?";
OleDbDataAdapter1.SelectCommand.Parameters.Add("", TextBox1.Text);This will go some way to protecting your database from attack. You will want to read SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
Ignore the last response because he doesn't actually solve your real problem. Your real problem is the code is susceptable to a SQL Injection Attack. You should use parameterised queries. e.g.
OleDbDataAdapter1.SelectCommand.CommandText =
"SELECT * FROM Login WHERE username = ?";
OleDbDataAdapter1.SelectCommand.Parameters.Add("", TextBox1.Text);This will go some way to protecting your database from attack. You will want to read SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
Colin Angus Mackay wrote:
SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
As often as that article is referenced why not just include it in your sig? :)
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
-
Colin Angus Mackay wrote:
SQL Injection Attacks and Tips on How to Prevent Them[^] which tells you what a SQL Injection Attack is, how to spot code that is susceptable and how to correct the problem.
As often as that article is referenced why not just include it in your sig? :)
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
S Douglas wrote:
As often as that article is referenced why not just include it in your sig?
I don't currently have room. :) I'll consider it when space frees up a bit.
Scottish Developers events: * .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog