how to find variable count in textbox

Question

0.00/5 (No votes)

See more:

i want to match first name nad last name of person to textbox value...
i got this code for this use array means first split that code and then match in select query but now i want to check in textbox only first name then differnt query and firstname &lastname then differnt query so how can i identify one word or two word in textbox????
plz help me..

my code is:-

C#

String Name = txtname.Text;
        String[] Spilted = Name.Split(new string[] { " " }, StringSplitOptions.RemoveEmptyEntries);
        String firstname = Spilted[0];
        String lastname = Spilted[1];


        SqlCommand cmd = new SqlCommand("Select PROFILE_ID,FIRST_NAME,PROFILE_REQUEST_STATUS from DSProfile.HDR_PROFILE  where FIRST_NAME='" + firstname + "' and LAST_NAME='" + lastname + "'  and PROFILE_REQUEST_STATUS='" + false + "'", con);
       // SqlCommand cmd = new SqlCommand("Select p.PROFILE_ID,g.FRIEND_ID,p.FIRST_NAME,g.ACCEPT_STATUS from DSProfile.HDR_PROFILE p,DSMailBox.HDR_GROUP g where p.FIRST_NAME='" + friendname + "' and p.PROFILE_ID=g.FRIEND_ID and ACCEPT_STATUS='" + false + "'", con);
        SqlDataAdapter sda = new SqlDataAdapter(cmd);
        DataSet ds = new DataSet();
        sda.Fill(ds);
        int cnt = ds.Tables[0].Rows.Count;
        DT = ds.Tables[0];
        GridView1.DataSource = ds;
        GridView1.DataBind();

[edit]Code block added - OriginalGriff[/edit]

Posted 25-Nov-12 21:20pm

Member 9027483

Updated 25-Nov-12 21:36pm

OriginalGriff

v2

Add a Solution

Comments

E.F. Nijboer 26-Nov-12 3:25am

You know about sql injection?
http://en.wikipedia.org/wiki/SQL_injection

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-11-25T21:44:00

There are a number of things wrong with your code:
Firstly, you don't check your inputs - if the user does not enter two words, separated by a space, you will get an "Out of range" exception. Always check - users make mistakes, and they would really rather your program didn't crash and take their data with it...

Secondly, please don't do it like that - as EF Nijboer has said, that leaves you wide open for SQL Injection attacks which can accidentaly or deliberately destroy your database. Use parametrized queries instead.

C#

SqlCommand cmd = new SqlCommand("Select PROFILE_ID,FIRST_NAME,PROFILE_REQUEST_STATUS from DSProfile.HDR_PROFILE where FIRST_NAME=@FN and LAST_NAME=@LN and PROFILE_REQUEST_STATUS=@PRS, con);
cmd.Parameters.AddWithValue("@FN", firstname);
cmd.Parameters.AddwithValue("@LN", ...

The way to check the number of words added is pretty simple: Check the Length of the Spilted array...