Click here to Skip to main content
15,868,016 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
My original query for data from the database was:

VB
Dim SQL_RecentWorkOrders As String =
    "Select * from workorder WHERE date>#"
    + dtToday.AddYears(-YearsToGoBack).ToString
    + "# ORDER BY worknum DESC"



The updated query is as follows:

VB
Dim SQL_RecentWorkOrders As String =
     "SELECT * FROM workorder
      INNER JOIN customer ON workorder.custid = customer.custid
      WHERE workorder.date>#"
      + dtToday.AddYears(-YearsToGoBack).ToString
      + "# ORDER BY worknum DESC"


The rest of the code is as as follows:

VB
daAccess = New OleDbDataAdapter(SQL_RecentWorkOrders, cnAccess)
daAccess.Fill(dsAccess, "WorkOrders")
Debug.Print(dsAccess.Tables(0).Rows.Count.ToString)

'Bind Work Orders
'WorkOrderNumberCbo.DataBindings.Add("Text", dsAccess.Tables(0), "worknum")

WorkOrderNumberCbo.DataSource = dsAccess.Tables("WorkOrders").DefaultView
WorkOrderNumberCbo.DisplayMember = "workorder.worknum"
WorkOrderNumberCbo.ValueMember = "workorder.worknum"

CustIDTxt.DataBindings.Add("Text", dsAccess.Tables(0), "workorder.custid")
LastNameTxt.DataBindings.Add("Text", dsAccess.Tables(0), "workorder.operlast")
FirstNameTxt.DataBindings.Add("Text", dsAccess.Tables(0), "workorder.operfirst")
DescriptionTxt.DataBindings.Add("Text", dsAccess.Tables(0), "workorder.description")
AcresTxt.DataBindings.Add("Text", dsAccess.Tables(0), "workorder.acres")
GridSizeSelection.DataBindings.Add("Text", dsAccess.Tables(0), "workorder.grid")
cmWorkOrder = CType(Me.BindingContext(dsAccess.Tables(0)), CurrencyManager)

...I added the table identifier, "workorder." in the data member string after receiving the following error: "Cannot bind to the property or column custid on the DataSource.
Parameter name: dataMember".

If I do the following in the immediate window, I get the results shown

VB
?dsAccess.Tables(0).Columns(0).ColumnName.ToString
"worknum"
?dsAccess.Tables(0).Columns(1).ColumnName.ToString
"workorder.custid"


I'm not interested in updating the data. Other than setting up aliases for each field, how can i reference the tablename.fieldname in the DataMember string parameter for DataBindings.Add? Is there an escape character?
Posted
Updated 2-Aug-11 11:41am
v2
Comments
Richard Deeming 8-Jan-15 15:34pm    
Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Since you're only using DateTime.Now.ToString, it might seem like your code is safe. However, if the code is running on the user's PC, they could modify their regional settings to control what that method returns.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900