sql statement
-
this is m sql statement SELECT * FROM Persons WHERE FirstName LIKE '%la%' all i need is put a textbox for the user to write anything instead of "la" and i don't know how plz help
Hi, You could simply use the following: Dim strSQL as STring strSQL = "SELECT * FROM Persons WHERE FirstName LIKE '%" & TextBox1.Text & "%'" ... But this is not a secure way, SQL Injection could be possible here! regards, NajiCo http://www.InsideVB.NET[^]
It's nice 2b important, but it's more important 2b nice...
-
Hi, You could simply use the following: Dim strSQL as STring strSQL = "SELECT * FROM Persons WHERE FirstName LIKE '%" & TextBox1.Text & "%'" ... But this is not a secure way, SQL Injection could be possible here! regards, NajiCo http://www.InsideVB.NET[^]
It's nice 2b important, but it's more important 2b nice...
-
Hi, You could simply use the following: Dim strSQL as STring strSQL = "SELECT * FROM Persons WHERE FirstName LIKE '%" & TextBox1.Text & "%'" ... But this is not a secure way, SQL Injection could be possible here! regards, NajiCo http://www.InsideVB.NET[^]
It's nice 2b important, but it's more important 2b nice...
Naji El Kotob wrote:
But this is not a secure way, SQL Injection could be possible here!
That much is true. Read: SQL Injection Attacks and Tips on How to Prevent Them[^]
Upcoming events: * Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ... "I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless." My website
-
As the previous poster mentioned, the solution given is susceptable to SQL Injection Attacks. You should learn to defend yourself from them. Please read SQL Injection Attacks and Tips on How to Prevent Them[^]
Upcoming events: * Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ... "I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless." My website