Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VB.NET
I want to store query result in string variable.I am using following code
Dim str As String = ("SELECT Item_name FROM Item_Master where Item_no='" & cmbItemName.SelectedValue & "'")
System throws an error: Operator '&' is not defined for string "SELECT * FROM Item_Master where " and type 'DataRowView'.(Invalid cast exception)
 
Please suggest me right query format.
 
Thanks in Advance
Posted 3-Dec-12 5:35am
Edited 3-Dec-12 5:39am
RyanDev90.8K
v2
Comments
ryanb31 at 3-Dec-12 11:40am
   
You sure that is the error you are getting on that line? It sounds like you are trying to concatenate a string and a DataRowView together.
CPallini at 3-Dec-12 12:16pm
   
How is declared cmbItemName (ryanb31 observation is right)?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Either:
1) Try this
Dim str As String = ("SELECT Item_name FROM Item_Master where Item_no='" & cmbItemName.SelectedValue.ToString() & "'")
Or
2) - And preferably - use parametrised queries instead. There isn't that much risk of SQL Injection from a combobox, but parametrized queries gets rid of it.
  Permalink  
Comments
Yogi ,Pune at 3-Dec-12 12:31pm
   
Thanks
OriginalGriff at 3-Dec-12 13:58pm
   
You're welcome!
RaisKazi at 3-Dec-12 14:52pm
   
Clean!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Your Filters
Interested
Ignored
     
0 Shai Vashdi 1,838
1 Tadit Dash 310
2 OriginalGriff 283
3 Sergey Alexandrovich Kryukov 260
4 Peter Leow 220
0 Sergey Alexandrovich Kryukov 9,440
1 OriginalGriff 5,618
2 Peter Leow 4,280
3 Maciej Los 3,540
4 Abhinav S 3,363


Advertise | Privacy | Mobile
Web03 | 2.8.140415.2 | Last Updated 3 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Use
Layout: fixed | fluid