|
this is m sql statement
SELECT * FROM Persons
WHERE FirstName LIKE '%la%'
all i need is put a textbox for the user to write anything instead of "la"
and i don't know how
plz help
|
|
|
|
|
Hi,
You could simply use the following:
Dim strSQL as STring
strSQL = "SELECT * FROM Persons WHERE FirstName LIKE '%" & TextBox1.Text & "%'"
...
But this is not a secure way, SQL Injection could be possible here!
regards,
NajiCo http://www.InsideVB.NET[^]
It's nice 2b important, but it's more important 2b nice...
|
|
|
|
|
|
As the previous poster mentioned, the solution given is susceptable to SQL Injection Attacks. You should learn to defend yourself from them. Please read SQL Injection Attacks and Tips on How to Prevent Them[^]
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
My website
|
|
|
|
|
Naji El Kotob wrote: But this is not a secure way, SQL Injection could be possible here!
That much is true.
Read: SQL Injection Attacks and Tips on How to Prevent Them[^]
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
My website
|
|
|
|
|
Hi, I get the error message '(' expected on the line Dim _buf As Byte() = CByte.parse(_cmd.ExecuteScalar()) . I also get the error message saying that _buf is undefined on the line Response.BinaryWrite(_buf) in the following code.
Try
_con.Open()
Dim _cmd As SqlCommand = _con.CreateCommand()
_cmd.CommandText = "select logo from" + " pub_info where pub_id='" + id + "'"
Dim _buf As Byte() = CByte.parse(_cmd.ExecuteScalar())
'stream it back in the HTTP response
Response.BinaryWrite(_buf)
Catch
Finally
_con.Close()
End Try
I tried enclosing _cmd.ExecuteScalar() with one more ellipsis but that didn't help. I also tried changing Dim _buf As Byte() to
Dim _buf() As Byte and
Dim _buf As Byte .
Neither of them solved the problem. Please help me determine what is causing the error. Thank you in advance for your help.
-- modified at 2:50 Thursday 19th July, 2007
|
|
|
|
|
It should be:
Dim _buf As Byte() = CByte(parse(_cmd.ExecuteScalar())
Ben
|
|
|
|
|
I see several problems with this code snippet:
"select logo from" + " pub_info where pub_id='" + id + "'" Why are you concatenating "select logo from" and " pub_info where pub_id=" ??
This is a better approach:
string.Format("select logo from pub_info where pub_id='{0}'", id) Only one string is declared and no concatenation takes place.
CByte() attempts a conversion from something to a Byte , not an array of bytes. If the scaler execution is returning an array of bytes then with option strict off you should be able to just assign it. If you want to program decently and switch option strict on then the following would assign it:
Dim _buf As Byte() = DirectCast(_cmd.ExecuteScaler(), Byte()) If you get an invalid type / cast exception then the result of the query is not a byte array.
Finally I see a Finally clause in use to close the connection, which is great. But why is there an empty Catch ? It's not needed.
Hope this helps.
I'm largely language agnostic
After a while they all bug me
|
|
|
|
|
MidwestLimey wrote: Why are you concatenating "select logo from" and " pub_info where pub_id=" ??
This is a better approach:
string.Format("select logo from pub_info where pub_id='{0}'", id)
That will work, but it is still subject to SQL injection attacks.
"Any sort of work in VB6 is bound to provide several WTF moments." - Christian Graus
|
|
|
|
|
True, assuming you pass the value from the UI to the data layer unaltered.
So either use a sproc or:
StringBuilder sb = New StringBuilder(id)
sb.Replace("\", "\\")
sb.Replace("'", "\'")
...
string.Format("select logo from pub_info where pub_id='{0}' ESCAPE '\'", sb.ToString())
Something like that will work I believe.
I'm largely language agnostic
After a while they all bug me
|
|
|
|
|
i was doing the deployment of my program in vb.net.i faced the following problem.i need to install the .net framework 2.0.50727.i have added the .net framework in the project.
Sonia Gupta
Soniagupta1@yahoo.co.in
Yahoo messengerId-soniagupta1
Love is Friendship and Friendship is Love....
|
|
|
|
|
|
well if you have studio installed then framework must be there automatically
this problem generally comes when you install your package on any other system which doesnt have framework installed.
coz dot net application needs framework to run.
please specify your problem more clearly.
|
|
|
|
|
How can i display time in following format
10:20 AM (without seconds)
on "datetimepicker"
thanks..
|
|
|
|
|
(1) set the Format property to Custom
(2) set the CustomFormat either to "h" or"hh" .
BTW I don't know how is it possible to show the AM/PM indicator.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
|
|
|
|
|
|
Good to know, Thank you!
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
|
|
|
|
|
Anyway it doesn't work on my DateTimePicker (I have VS 2003).
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
|
|
|
|
|
|
I really need help... Please can somebody tell me the source codes how to create a simple program with VB 6 / .net to capture an image from webcam.. thanks for the help!!!!
Caliber Studio
|
|
|
|
|
That depends on the webcam. Most will let you get an image from the Windows Image Acquisition API. For others, you'll have to use an SDK for that webcam, if there is one.
Google for "VB.NET WIA" for examples. Guess which site the first hit is going be??
|
|
|
|
|
Hi,
If you need something generic you can use avicap32.dll library
Regards
NajiCo http://www.InsideVB.NET[^]
It's nice 2b important, but it's more important 2b nice...
|
|
|
|
|
I have a program that imports txt files into a MySQL db. The problem is that one of the files have a invalid character(ç) and when it try to import this row I get the error "Out of range value adjusted for row "OrderItemQuantity" at row 1. Any ideas on how to remove this character from that row?
jds1207
|
|
|
|
|
Validate and normalize the data in each field before you pass that data to the database. Read a line, the parse, normalize, and validate each field before you assign it to parameters in the database INSERT statement.
|
|
|
|
|
What is the best way to get the data in a datagrid. I want to take to data in the datagrid and write it to a file. Multiple rows.
|
|
|
|