Click here to Skip to main content
14,175,219 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
Dim conns As New SqlConnection("Data Source=DESKTOP-IJRIL1\SQLEXPRESS;Initial Catalog=Sample_AES;Integrated Security=True")
Dim SubAD As new SqlDataAdapter("Select SubID, Subject From Subjects Where SubID = " & cbSubID.SelectedValue & "", conns)
Dim subtable As New DataTable

SubAD.Fill(subtable)

txtSubject.Text = subtable(0)(1)


What I have tried:

Where SubID = " & cbSubID.SelectedItem.ToString & "", conns)


there is still an error. any suggestions
Posted
Updated 25-Apr-19 8:16am
Comments
Mehdi Gholam 25-Apr-19 14:09pm
   
Try +
Richard Deeming 25-Apr-19 14:25pm
   
Dim SubAD As new SqlDataAdapter("Select SubID, Subject From Subjects Where SubID = @SubID", conns)
SubAD.SelectCommand.Parameters.AddWithValue("@SubID", cbSubID.SelectedValue)
Member 14331592 25-Apr-19 14:35pm
   
tried it but there's an error message about "No mapping exists from object type System.Data.DataRowView to a known managed provider native type."
Richard Deeming 25-Apr-19 14:38pm
   
Then you'll need to extract the relevant field from the selected item:
Dim SubAD As new SqlDataAdapter("Select SubID, Subject From Subjects Where SubID = @SubID", conns)
Dim row As DataRowView = DirectCast(cbSubID.SelectedValue, DataRowView)
SubAD.SelectCommand.Parameters.AddWithValue("@SubID", row("YOUR_FIELD_NAME_HERE"))

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

First you don't need the ending & "" garbage. I see that all the time with newb's and it's completely useless.

On your problem line, you start a string literal with a " and then you try to add a variable value to it without first closing the literal.

Next, DO NOT USE string concatenation to build an SQL query. ALWAYS use parameterized queries. See DataAdapter Parameters | Microsoft Docs[^] for how to do it.

Then go see Google: sql injection attack[^] for why.
   
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web04 | 2.8.190524.3 | Last Updated 25 Apr 2019
Copyright © CodeProject, 1999-2019
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100