Creating a SELECT Query Based on Textbox Data

I'm building a simple windows form app which stores all of my DVD's (pet project, just for learning; I'm sure there are plenty already out there). I'm able to add items into the database (azure SQL Server) perfectly, even leaving some or most textboxes blank (the title column is setup as NOT NULL in my table) but I can't get it to retrieve any data. Here is my OnClick method:

private void searchButton_Click(object sender, EventArgs e)
{
string qString = @"SELECT Title, Director, Genre, ReleaseYear, Length, NumberofDisks, Description FROM Base WHERE Title = '" + titleTextbox.Text + "' AND Director = '" + directorTextbox.Text + "' AND Genre = '" + genreCombobox.GetItemText(genreCombobox.SelectedItem) + "' AND ReleaseYear = '" + yearCombobox.GetItemText(yearCombobox.SelectedItem) + "' AND Length = '" + lengthTextbox.Text + "' AND NumberOfDisks = '" + numberOfDisksTextbox.Text + "' AND Description = '" + descriptionTextbox.Text + "';";

string cString = @"Server=MyAzureServer,MyPortNumber;Database=MyDatabase;User ID=me@MyAzureServer;Password=MyPassword;Trusted\_Connection=False;Encrypt=True;Connection Timeout=30;";

DataTable dTable = new DataTable();

SqlConnection sConnection = new SqlConnection(cString);

sConnection.Open();

using(SqlCommand sCommand = new SqlCommand(qString, sConnection))
    {
    	try
	{
		SqlDataReader sReader = sCommand.ExecuteReader();
		dTable.Load(sReader);
	}
	catch(SqlException sEx)
	{
		MessageBox.Show(sEx.Message);
	}

	resultsDataGridView.DataSource = dTable;
}

	sConnection.Close();

}

and here is my table:

CREATE TABLE [dbo].[Base]
(
[MediaID] [int] IDENTITY(1,1) PRIMARY KEY,
[Title] [nvarchar](50) NOT NULL,
[Director] [nvarchar](50) NULL,
[Genre] [nvarchar](50) NULL,
[ReleaseYear] [date] NULL,
[Length] [time] NULL,
[NumberOfDisks] [int] NULL,
[Description] [nvarchar](200) NULL
)

I absolutely realize this is open to SQL injection. My plan is to just 'get it working' and then I will go back over it and and change to parameterized queries (I have to read up on how to use them). The program compiles and runs fine. When I click the search button with all or any of the textboxes filled, it returns no results in the datagridview. The white grid shows up but it is empty. I can query the database directly and get the results I'm looking for, but not programatically. Do I need to build the query using logic? Since almost all of my columns accept

ok this is great, I need everyone to come to vegas and pay my taxes for me!

Thanks, John

So yesturday I strolled on over to the microsoft forums on MSDN and noticed their new (to me anyhow) forum layout. One thing that has me a bit confused is that I can't seem to find anywhere a forum for MFC or even Win32. Am I completely blind and am missing it, or is it really no where to be found. I couldn't imagine that they would NOT have forums for these technologies. So Christian, and others who use the boards, where are they!?! Thanks, John

I'm in the process of building my first n-tier software package. However I'm kind of stuck on a design decision. I posted in the C# forum since this is the language I am using, however the responses will most likely be algorithmic and language agnostic. So here is the issue (VERY basic) I'm sure... Each user needs to be logged into the program in order to use it. I'm going to use a basic username/password authentication scheme however, how would I implement this? I've never done anything like this before and I am not a professional. My first idea was to keep a SQL2005 table of users with information for each user such as password and other personal information. I was going to use SqlCommand() to do a select query where the username and password match on a character by character basis. Is this the best, or at least an "ok" way to do this? How is authentication "normally" implemented using .NET? Thanks, John

Could anyone tell me what I'm doing wrong here: // variables defined private: array^ m_sAddressList = gcnew array{"localhost"}; private: int m_nCurrentAddress; ... // attempting to make a property out of them public: property array^ m_psAddressList{ String^ get(){ return array(m_nCurrentAddress);} } I'm getting the following compiler error: error C3901: 'get': must have return type 'cli::array ^' c:\documents and settings\john\my documents\programming\visual studio 2005\projects\winbot\winbot\ConnectionOperations.h 53 Any information would be greatly appreciated. Thanks, John

Check out http://www.slashdot.org[^] Thanks, John

You're using 2 different languages here. I don't know that C# has a dereference operator, except in unsafe blocks. Thanks, John

huh? :confused:

Hey George, I'm still working on this same problem, let me show you what I have: for each(Control^ ctrl in this->AddCustomerFormSiteInformationGroupBox->Controls) { if (ctrl->GetType() == TextBox) { TextBox^ txt = safe_cast<TextBox^>(ctrl); if (txt->Text->Length > 0) { if (MessageBox::Show("Discard Changes?", "Confirm", MessageBoxButtons::YesNo, MessageBoxIcon::Warning) == ::DialogResult::Yes) this->Close(); } else { this->Close(); } } } I'm not sure what you're refering to with TextBox::typeid Thanks, John

Heyas all, So let's say that my windows form has approx 20 different textbox controls on it. I'm wanted to do something like this: for each(System::Windows::Forms::Textbox txt in MainForm) { if (txt.Text.Length > 0) DoSomething(); else if (txt.Text.Length == 0) DoSomethingElse(); } Obviously this is semipseudocode and doesn't work, would anyone be willing to show me this code in working order? I'd really appreciate it. Thanks, John

That would work perfectly, thanks a lot guffa :) Thanks, John

Heyas all, Is it possible, using the .NET framework, to programmatically determine if there is text in a textbox control or not. Say just a simple Bool value or something similiar. Basically I'm trying to build a query string dependant on what textboxes have text in them, if a textbox has text then include that text in the query if not, ignore completely. Is this possible or should I be going a completely different route? Thanks, John

Visual C++ .NET 2003 and Visual C++ 2005 are two (almost) completely different languages. the 2005 version cleans the syntax up A LOT and is called C++/CLI. The express edition should be compatible with any recent SDK's. I recommend downloading 2005 since it's free, and it makes it a lot easier to target the .NET platform Thanks, John

OK, I deleted all files pertaining to my form, and recreated, then deleted all precompiled headers etc. and now it works perfectly. that is rediculous. grrr thanks a ton for your help though :) Thanks, John

Yes, the form was created by visual studio, so the namespace is correct, and the form is inherited correctly. This is driving me nuts! Thanks, John

Heyas all, I've added a new form to my project called ExitForm. In the main form of the project I've added #include "ExitForm.h". I'm trying to do the following: void onSomeEvent(object^ sender, EventArgs^ e) { ExitForm^ eForm = gcnew ExitForm(); eForm->ShowDialog(); } I get ExitForm: undeclared identifier Can anyone shed some light on what I'm forgetting to do to make ExitForm visible to other files in the project? Thanks, John

ah ha! working now. thanks a lot. I thought default constructors were public by default. thanks again! Thanks, John

I realize that error descriptions have gotten better, but they still need to come a long way. I will post both my error message and code in hopes that someone can help me out with this, because I am lost. error: error C3767: 'JensonDispatch::DataOperations::DataOperations': candidate function(s) not accessible c:\documents and settings\kathy\my documents\visual studio 2005\projects\jenson dispatch\jenson dispatch\MainForm.h 24 DataOperations.cpp #include "StdAfx.h" #include "DataOperations.h" namespace JensonDispatch { DataOperations::DataOperations(void) //default contructor { } DataOperations::~DataOperations(void) //Nothing to see here, move along { } int DataOperations::ConnectToDataStore(SqlConnection^ conn, String ^query) { try { SqlCommand^ sqlComm = gcnew SqlCommand(query, conn); sqlComm->ExecuteNonQuery(); MessageBox::Show("Connected!"); } catch (Exception^ e) { MessageBox::Show("Error!", e->ToString()); } return 0; } int DataOperations::DisconnectFromDataStore(SqlConnection^ conn, String^ query) { return 0; } int DataOperations::AddCallToDataStore(SqlConnection^ conn, String^ query) { return 0; } int DataOperations::RemoveCallFromDataStore(SqlConnection^ conn, String^ query) { return 0; } int DataOperations::AddCustomerToDataStore(SqlConnection^ conn, String^ query) { return 0; } int DataOperations::RemoveCustomerFromDataStore(SqlConnection^ conn, String^ query) { return 0; } } DataOperations.h #pragma once namespace JensonDispatch { using namespace System; using namespace System::Data::SqlClient; using namespace System::IO; using namespace System::Windows::Forms; public ref class DataOperations { DataOperations(void); ~DataOperations(void); public: int ConnectToDataStore(SqlConnection^, String^); int DisconnectFromDataStore(SqlConnection^, String^); int AddCallToDataStore(SqlConnection^ , String^); int RemoveCallFromDataStore(SqlConnection^, String^); int AddCustomerToDataStore(SqlConnection^, String^); int RemoveCustomerFromDataStore(SqlConnection^, String^); }; } MainForm.h: #pragma once #in

I use OnTime[^] it serves my needs and best of all, for independent developers it's FREE!!!! The only thing is it uses SQL server MSDE, 2005 Express or otherwise, I definately recommend checking it out. Thanks, John

The only thing here though is now you are 100% responsible for that data, if something should happens, who knows what course of action the company can take Thanks, John