Click here to Skip to main content
15,942,934 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Please tell me what this sql query would be if it was parameterised.
str = "SELECT * FROM Login WHERE username= '" & txtUsername.Text & "' and password ='" & txtPassword.Text & "'"
[no name] 6-Jul-13 14:54pm    
What do you mean "what it would be"? It would be a parameterized query if it were paramterized, that is what it would be....

1 solution

Share this answer
hlsc1983 7-Jul-13 11:54am    
I tried to follow your instructions and this is my code now.

Dim str As String
str = "SELECT * FROM Login WHERE username= @txtUsername.Text & password = @txtPassword.Text"
Dim cmd As OleDbCommand = New OleDbCommand(str, DBconnection)
dr = cmd.ExecuteReader
If dr.HasRows Then
End If

'dr' is a datareader declared in my module

i get an error associated with the line "dr = cmd.ExecuteReader"
the error is "No value given for one or more required parameters."
Zoltán Zörgő 7-Jul-13 15:43pm    
No, you haven't followed my instructions at all. Re-read the links.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900