There is no "popup" like PL/SQL in SQL statements in VB .NET code.
Your user enters the value to be found in a TextBox on the form. You use that TextBox value as a parameter to the SQL statement. In my example, I trim spaces from the beginning and end of the TextBox value because sometimes users accidentally enter them.
@CHUTE in the SQL statement below is the placeholder for the parameter.
The parameter value is put into a SqlParameter object. The SqlParameter object is added to the SqlCommand object.
Here is an example:
Dim cn As New SqlConnection
Dim obCommand As SqlCommand
Dim rs As SqlDataReader
'.... open the connection ...
cn.ConnectionString = "Your Connection String"
cn.Open()
...
Dim obCommand As SqlCommand
Const SQL_SELECT As String = "SELECT col1,col2,col3 FROM table1 WHERE col1=@CHUTE;"
obCommand = New SqlCommand(SQL_SELECT, cn) ' Instantiate SqlCommand object
Dim obParm As New SqlParameter
Dim strChute As String=TextBox1.Text.Trim ' Remove front and back spaces
Try
obParm.ParameterName = "CHUTE" ' Name of @ parameter in the SQL statement
obParm.SqlDbType = SqlDbType.NVarChar ' Data Type
obParm.Size = strChute.Length ' Size of parameter
obParm.Value = strChute ' Parameter value
obCommand.Parameters.Add(obParm) ' Add to SqlCommand object
obParm = Nothing
rs = obCommand.ExecuteReader ' Execute SQL statement
If rs.HasRows Then
While rs.Read ' Retrieve a row
...
...
...
End While
End If
Catch myException As SqlException
Call ShowSQLException(myException)
Catch myException As Exception
MsgBox(myException.Message, MsgBoxStyle.Critical, "Caption")
Finally
Try
rs.Close()
Catch
End Try
Try
rs.Dispose()
Catch
End Try
Try
obCommand.Dispose()
Catch
End Try
End Try