Click here to Skip to main content
15,943,245 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hey friend. i have some project. i need get address to
lable when i enter name into textbox.my code is lile this
ds.clear
da=new sqldataadapter("SELECT * FROM members
WHERE name=" & textbox1.text &"", dbconn)
try
da.fill(ds,members")
bind()
catch ex as exception
messagebox.show(ex.message)
exit sub
end try
sub bind()
lable1.databindings.add("text",ds,"members.memname")
end sub
unfortunatly its not work. i see one erro msg. its 'invalied colinm name.but actually column name is corect. its sure.
then i try search infomation by there age. its worked. but
i have no idea to get address when emter there names.
im using vb.net and sql server.
please help me . please
I
Posted
Updated 3-Feb-12 4:44am
v2

The best way to handle this is to use parameters. See: SqlParameter[^].

So your code could be something like:
VB
dim cmd as new SqlCommand
cmd.CommandText = "SELECT * FROM members WHERE name=@name"
cmd.Connection = dbconn
cmd.Parameters.AddWithValue("@name", textbox1.text)
ds.clear
da=new sqldataadapter(cmd)
try
   da.fill(ds,members")
...
 
Share this answer
 
The reason you get that error is because you do not have single quotes around the text value. Your sql that is being executed looks like

SQL
SELECT * FROM members WHERE name=Bill

and it needs to be
SQL
SELECT * FROM members WHERE name='Bill'


But an even bigger issue is that this SQL is wide open for SQL injection. You need to change the value to use a SQL Parameter and never take input from the screen and put directly into a SQL statement.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900