ADO.NET update/select question
-
I'm modifying a program (oQuery) that I found on this site so that it will allow updates too. My problem is how do I do an update using some generic query execution. My problem comes up when I try and get the number of rows returned. So how can I tell that the user just did an update and then find out how many rows were affect by that update?
mssqlComm.CommandType = CommandType.Text mssqlComm.CommandText = sqlQuery 'this is the query from the user mssqlComm.Connection = mssqlConn mssqlcomm.ExecuteNonQuery() mssqladpt = New SqlDataAdapter(mssqlcomm) mssqlds = New DataSet mssqladpt.fill(mssqlds)Thanks TomTom Wright tawright915@gmail.com
-
I'm modifying a program (oQuery) that I found on this site so that it will allow updates too. My problem is how do I do an update using some generic query execution. My problem comes up when I try and get the number of rows returned. So how can I tell that the user just did an update and then find out how many rows were affect by that update?
mssqlComm.CommandType = CommandType.Text mssqlComm.CommandText = sqlQuery 'this is the query from the user mssqlComm.Connection = mssqlConn mssqlcomm.ExecuteNonQuery() mssqladpt = New SqlDataAdapter(mssqlcomm) mssqlds = New DataSet mssqladpt.fill(mssqlds)Thanks TomTom Wright tawright915@gmail.com
-
I'm modifying a program (oQuery) that I found on this site so that it will allow updates too. My problem is how do I do an update using some generic query execution. My problem comes up when I try and get the number of rows returned. So how can I tell that the user just did an update and then find out how many rows were affect by that update?
mssqlComm.CommandType = CommandType.Text mssqlComm.CommandText = sqlQuery 'this is the query from the user mssqlComm.Connection = mssqlConn mssqlcomm.ExecuteNonQuery() mssqladpt = New SqlDataAdapter(mssqlcomm) mssqlds = New DataSet mssqladpt.fill(mssqlds)Thanks TomTom Wright tawright915@gmail.com
Colin must be asleep...
Tom Wright wrote:
sqlQuery 'this is the query from the user
I assume you're parsing this string to check for any kind of SQL injection attack ? Accepting raw SQL and running it blindly is a real recipe for someone to wipe your DB on you.
Christian Graus - Microsoft MVP - C++ "I am working on a project that will convert a FORTRAN code to corresponding C++ code.I am not aware of FORTRAN syntax" ( spotted in the C++/CLI forum )