exception
-
hi I established a data base connection, where I used a query
sql_querry="SELECT name FROM sample_table"is displaying all values perfectly, now I want to use where conditionsql_querry="SELECT name FROM sample_table WHERE"+"(Designation=SE)"But it is throwing an exception. I think this one I am getting because I am not giving query perfectly. Please tell me how to write this query. Thanx in advance...........sampath-padamatinti
-
hi I established a data base connection, where I used a query
sql_querry="SELECT name FROM sample_table"is displaying all values perfectly, now I want to use where conditionsql_querry="SELECT name FROM sample_table WHERE"+"(Designation=SE)"But it is throwing an exception. I think this one I am getting because I am not giving query perfectly. Please tell me how to write this query. Thanx in advance...........sampath-padamatinti
sql_querry="SELECT name FROM sample_table WHERE Designation='SE'"
'Never argue with an idiot; they'll drag you down to their level and beat you with experience.' ~ anonymous 'Life's real failure is when you do not realize how close you were to success when you gave up.' ~ anonymous
-
hi I established a data base connection, where I used a query
sql_querry="SELECT name FROM sample_table"is displaying all values perfectly, now I want to use where conditionsql_querry="SELECT name FROM sample_table WHERE"+"(Designation=SE)"But it is throwing an exception. I think this one I am getting because I am not giving query perfectly. Please tell me how to write this query. Thanx in advance...........sampath-padamatinti
You should not use inline queries, they are dangerous and can lead to SQL Injection attacks. Before you get a bad habit ingrained into your coding style learn how to use parameterised queries (or parameterized queries, spelling differs). There is a reasonable tutorial here[^] in PDF format, although it deals with Access it covers how to convert an inline query into a parameterised one, and the principles are the same. If you don't like that one then there are plenty more examples, just google for the phrase. :)
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
-
hi I established a data base connection, where I used a query
sql_querry="SELECT name FROM sample_table"is displaying all values perfectly, now I want to use where conditionsql_querry="SELECT name FROM sample_table WHERE"+"(Designation=SE)"But it is throwing an exception. I think this one I am getting because I am not giving query perfectly. Please tell me how to write this query. Thanx in advance...........sampath-padamatinti
sampath-padamatinti wrote:
sql_querry="SELECT name FROM sample_table WHERE"+"(Designation=SE)"
On tpo of what everyone else said, if you look at the string you built closely, you'll see there is no space between "WHERE" and "(Designation=SE)". The resulting SQL looks like this (which is not a valid statement!):
SELECT name FROM sample\_table **WHERE(Designation=SE)**A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008
But no longer in 2009... -
sampath-padamatinti wrote:
sql_querry="SELECT name FROM sample_table WHERE"+"(Designation=SE)"
On tpo of what everyone else said, if you look at the string you built closely, you'll see there is no space between "WHERE" and "(Designation=SE)". The resulting SQL looks like this (which is not a valid statement!):
SELECT name FROM sample\_table **WHERE(Designation=SE)**A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008
But no longer in 2009... -
Dave, SQL Server parses and executes this statement. But if there was no '(' after the where clause, things would be different :-)
Shameel wrote:
Dave, SQL Server parses and executes this statement.
No kidding. I know that.
Shameel wrote:
But if there was no '(' after the where clause, things would be different
Besides not having the "SE" in quotes, better yet, even as a SqlParameter, I like to see spaces where they are necessary and consistantly used, regardless of what the next character is.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008
But no longer in 2009...