Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VB.NET
I want to store query result in string variable.I am using following code
Dim str As String = ("SELECT Item_name FROM Item_Master where Item_no='" & cmbItemName.SelectedValue & "'")
System throws an error: Operator '&' is not defined for string "SELECT * FROM Item_Master where " and type 'DataRowView'.(Invalid cast exception)
 
Please suggest me right query format.
 
Thanks in Advance
Posted 3-Dec-12 5:35am
Edited 3-Dec-12 5:39am
RyanDev114.8K
v2
Comments
ryanb31 at 3-Dec-12 11:40am
   
You sure that is the error you are getting on that line? It sounds like you are trying to concatenate a string and a DataRowView together.
CPallini at 3-Dec-12 12:16pm
   
How is declared cmbItemName (ryanb31 observation is right)?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Either:
1) Try this
Dim str As String = ("SELECT Item_name FROM Item_Master where Item_no='" & cmbItemName.SelectedValue.ToString() & "'")
Or
2) - And preferably - use parametrised queries instead. There isn't that much risk of SQL Injection from a combobox, but parametrized queries gets rid of it.
  Permalink  
Comments
Yogi ,Pune at 3-Dec-12 12:31pm
   
Thanks
OriginalGriff at 3-Dec-12 13:58pm
   
You're welcome!
RaisKazi at 3-Dec-12 14:52pm
   
Clean!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 CPallini 365
1 Sergey Alexandrovich Kryukov 252
2 OriginalGriff 165
3 George Jonsson 159
4 Richard MacCutchan 110
0 OriginalGriff 6,344
1 Sergey Alexandrovich Kryukov 5,860
2 CPallini 5,125
3 George Jonsson 3,559
4 Gihan Liyanage 2,522


Advertise | Privacy | Mobile
Web04 | 2.8.140916.1 | Last Updated 3 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100