Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
EricBHK
Starting Member
18 Posts |
 Posted - 2012-08-28 : 08:00:20
|
| Hi !I have a SQL string with a hard coded ID value as follows that is just working fine sql = "SELECT * FROM Bibliothèque WHERE Id = 194"However, I now need to change the hard coded value to the variable in my VB.NET textbox. I tried something like this sql = "SELECT * FROM Bibliothèque WHERE Id = ('" & TextBox1.Text & "') "Unfortunately, this (as well a some alternatives) is giving OLEDBerrors.What would be the proper SQL syntax ?Thanks ! |
|
|
sunitabeck
Master Smack Fu Yak Hacker
5155 Posts |
Posted - 2012-08-28 : 08:23:33
|
Assuming Id is numeric, the following should work. If that does not work, you can print out or examine using the debugger the string that you are sending to SQL server and it should be exactly the string that you would use in the hard coded query.sql = "SELECT * FROM Bibliothèque WHERE Id = " & TextBox1.Text If ID is not numeric, use this:sql = "SELECT * FROM Bibliothèque WHERE Id = '" & TextBox1.Text & "'" |
 |
|
|
EricBHK
Starting Member
18 Posts |
Posted - 2012-08-28 : 08:30:21
|
| ID is numeric, so your first solution is working perfectly.thanks |
|
|
|
Transact Charlie
Master Smack Fu Yak Hacker
3451 Posts |
Posted - 2012-08-28 : 08:38:13
|
wwatch out for sql injection....what would happen when you get this string in your textbox?id or worse:0; DROP TABLE Bibliothèque; -- HAHA Transact CharlieMsg 3903.. The ROLLBACK TRANSACTION request has no corresponding BEGIN TRANSACTION. http://nosqlsolution.blogspot.co.uk/ |
|
|
|
sunitabeck
Master Smack Fu Yak Hacker
5155 Posts |
Posted - 2012-08-28 : 10:34:09
|
quote:
wwatch out for sql injection....what would happen when you get this string in your textbox?
Ouch!! I feel like if I were a physician, I would have been sued for malpractice and my license taken away for not pointing that out!Thanks Charlie!!! |
|
|
|
|
|
|
variable Row ID