C# - Get DataTable from Access. Please, help me. I can not know this bugs.
-
OK, so v stands for string ? Well, that's horrid, but whatever. If you want help, you'll have to give us your SQL, because that's where the error is, that's what the error message says. It seems to me unlikely that you've been coding for long if you don't understand that, so you have time to revisit your coding standard, which is kind of messy. You don't need to put a letter before methods, ever, and even variables, it just makes them hard to read.
Christian Graus Driven to the arms of OSX by Vista.
v: express variable of method l: local in method. vStrSQL = "select * from User where user = 'aaa' and passwd = 'bb'; I tested vStrSQL on MS Access. It is true. It used folow: vStrSQL = "select * from User where User = '" + txtUser.Text + "' and Passwd = '" + txtPassword.Text + "'"; DataTable lTbl = mUti.PGetDataTable(mConnectString, mStrSQL, "tbl"); //// Error ... System.Data.OleDb.OleDbException: Syntax error in FROM clause. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.OleDb.OleDbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
-
v: express variable of method l: local in method. vStrSQL = "select * from User where user = 'aaa' and passwd = 'bb'; I tested vStrSQL on MS Access. It is true. It used folow: vStrSQL = "select * from User where User = '" + txtUser.Text + "' and Passwd = '" + txtPassword.Text + "'"; DataTable lTbl = mUti.PGetDataTable(mConnectString, mStrSQL, "tbl"); //// Error ... System.Data.OleDb.OleDbException: Syntax error in FROM clause. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.OleDb.OleDbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
Sorry! It is not contain mUti. It correct: DataTable lTbl = PGetDataTable(mConnectString, mStrSQL, "tbl");
-
v: express variable of method l: local in method. vStrSQL = "select * from User where user = 'aaa' and passwd = 'bb'; I tested vStrSQL on MS Access. It is true. It used folow: vStrSQL = "select * from User where User = '" + txtUser.Text + "' and Passwd = '" + txtPassword.Text + "'"; DataTable lTbl = mUti.PGetDataTable(mConnectString, mStrSQL, "tbl"); //// Error ... System.Data.OleDb.OleDbException: Syntax error in FROM clause. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.OleDb.OleDbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
thuyphuongid wrote:
v: express variable of method l: local in method.
Can I suggest you do this with casing instead ? In any case, why does it matter, if a variable was passed in, unless it's a class ? You realise that your code means I can erase your database during the login process if I feel like it ? Research SQL Injection attacks. Could it be that you're calling a method that requires only a single result, but you're doing a select * ? What if you do a select Top 1 * ? Or could it be because your table name and a column name are the same ? The SQL itself looks fine, you are right there.
Christian Graus Driven to the arms of OSX by Vista.
-
Sorry! It is not contain mUti. It correct: DataTable lTbl = PGetDataTable(mConnectString, mStrSQL, "tbl");
Why do your methods start with a P ?
Christian Graus Driven to the arms of OSX by Vista.
-
Well, that's hungarian notation and it makes more sense, I guess, but it's very much out of vogue nowadays. The IDE will tell you the data type easy enough. The P in front of method names was more bizarre. I note he's still not actually given us the info we need to fix his bug.
Christian Graus Driven to the arms of OSX by Vista.
Christian Graus wrote:
that's hungarian notation
Not really used anymore.
Christian Graus wrote:
P in front of method names was more bizarre
That got me scratching my head. Wondering what the hell that was.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham
-
thuyphuongid wrote:
v: express variable of method l: local in method.
Can I suggest you do this with casing instead ? In any case, why does it matter, if a variable was passed in, unless it's a class ? You realise that your code means I can erase your database during the login process if I feel like it ? Research SQL Injection attacks. Could it be that you're calling a method that requires only a single result, but you're doing a select * ? What if you do a select Top 1 * ? Or could it be because your table name and a column name are the same ? The SQL itself looks fine, you are right there.
Christian Graus Driven to the arms of OSX by Vista.
Ok. Thank you for your help. See u later.
-
Why do your methods start with a P ?
Christian Graus Driven to the arms of OSX by Vista.
Got me on that one :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham
-
thuyphuongid wrote:
v: express variable of method l: local in method.
Can I suggest you do this with casing instead ? In any case, why does it matter, if a variable was passed in, unless it's a class ? You realise that your code means I can erase your database during the login process if I feel like it ? Research SQL Injection attacks. Could it be that you're calling a method that requires only a single result, but you're doing a select * ? What if you do a select Top 1 * ? Or could it be because your table name and a column name are the same ? The SQL itself looks fine, you are right there.
Christian Graus Driven to the arms of OSX by Vista.
Christian Graus wrote:
Research SQL Injection attacks
I noticed that with the wonderful string concatenation going on there.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham
-
Ok. Thank you for your help. See u later.
In your code, as Christian has said, you are open to sql injection attacks with the string concatenation. Read this fine article preventing sql injection attacks[^]. It is a very good reading and worth bookmarking.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham
-
Why do your methods start with a P ?
Christian Graus Driven to the arms of OSX by Vista.