Click here to Skip to main content
15,881,089 members
Search within:


Checking Two textboxes in sql queries?
Please Sign up or sign in to vote.
1.60/5 (2 votes)
See more:
C#
ASP.NET
C#
String selQuery = "SELECT Id FROM MapDataImage WHERE Source='" + TextBox1.Text + "' Destination='"  +TextBox2.Text + ;";


i just made a code for check two textbox values?
is it okay?
Posted
Updated 10-Jul-13 4:43am
v2
Add a Solution
Comments
[no name] 10-Jul-13 10:53am    
No it is not okay. You are missing an "AND" or an "OR", a quote character and you are subjecting yourself to SQL injection attacks. The error message that you got would have told you.

4 solutions

If your database is SQL then try
String selQuery = "SELECT Id FROM MapDataImage WHERE Source = @t1 AND Destination = @t2";
SqlCommand cmd = new SqlCommand(selQuery);
cmd.Parameters.Add("@t1", TextBox1.Text);
cmd.Parameters.Add("@t2", TextBox2.Text);


Other databases do similar things - you just need to change the SqlCommand to the appropriate object, and be aware that not all DBMS' allow for named parameters
 
Share this answer
 
Posted
If you want to match both values exactly, then use following

C#
String selQuery = "SELECT Id FROM MapDataImage WHERE Source='" + TextBox1.Text + "' AND Destination='"  +TextBox2.Text + "'";



but if you want to match value of any one text box, then use this


C#
String selQuery = "SELECT Id FROM MapDataImage WHERE (Source='" + TextBox1.Text + "' OR Destination='"  +TextBox2.Text + "')";
 
Share this answer
 
Posted
C#
please modify your query 

see this 

String selQuery = "SELECT Id FROM MapDataImage WHERE Source='" + TextBox1.Text + "' and Destination='"  +TextBox2.Text + "'";
 
Share this answer
 
Posted
Updated 10-Jul-13 20:06pm
v2
Comments
CHill60 10-Jul-13 13:36pm    
There's no "AND" or "OR" in this either
If the columns, 'source' and 'destination' are of datatype varchar then it is always better to use like in your Where clause


SQL
String selQuery = "SELECT Id FROM MapDataImage WHERE Source like '%" + TextBox1.Text + "%' or Destination like '%"  +TextBox2.Text + "%'";
 
Share this answer
 
Posted
Updated 10-Jul-13 10:43am
v2
Comments
CHill60 10-Jul-13 17:38pm    
I'd be interested to know why you consider it better to use "like" - I would have thought that a query written with wildcards would be considerably less performant than one that is explicit. Plus what if TextBox1.Text is something like "Finsbury"? Then the search would (incorrectly) also return "Finsbury Park" and "Finsbury Leisure Centre" etc etc
Teenustar 11-Jul-13 15:18pm    
What if the user tries to type in "Fins", in that case he wouldnt get the expected result of Finsbury.
Teenustar 11-Jul-13 15:19pm    
From a user perspective, I assume a search made using text value brings the result matching the search criteria, rather than bringing only the exact match. Just like the Google search. I haven’t used wildcards.
CHill60 12-Jul-13 14:42pm    
'%' is a wildcard in sql - hence my comment. Fair comment from you on the 'Fins' bit - I suppose it depends the application. Thanks for your reply
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Sql query for check two tables record is matched or not
How to get two results for the SQL query
Add two query different tables to one query and one table
Check two datetime with current datetime in SQL select query
giving two condition in sql query
How to find the nearest of two numbers average in the given three numbers in SQL query
Checking query in SQL
How to Display two rows of SQL Table into two different textboxes?
Convert SQL query to KQL
I need a help for solving SQL query

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Jul 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900