Re: SQL WHERE Command Help [C# Win]
- From: "MikeY" <mikesinfo@xxxxxxxx>
- Date: Tue, 19 Sep 2006 20:11:17 -0400
Just typing an update for others that might need this line of code. Hope
this helps others as these two fellows helped me. Txs Again.
//SQL Command for myConnection
OleDbCommand myCommand = myConnection.CreateCommand();
//Initialize SQL SELECT command to retrieve data
myCommand.CommandText = "SELECT * FROM [Food Lunch Menu] WHERE
[ItemCatagory] = @cat";
myCommand.Parameters.Add(new OleDbParameter ("@cat",Extract_Parameter));
//This Syntax works, but opens your program up too Syntax Attacks "sql
injection"
//myCommand.CommandText = "SELECT * FROM [Food Lunch Menu] WHERE
[ItemCatagory] = '" + Extract_Parameter + "'";
//Create DataReader
OleDbDataReader myDataReader = myCommand.ExecuteReader();
MikeY
"MikeY" <mikesinfo@xxxxxxxx> wrote in message
news:uthV7f$2GHA.1040@xxxxxxxxxxxxxxxxxxxxxxx
Hi everyone,
I'm having problems with my WHERE Clause syntax with in my SQL
CommandText. The error that it is display is "You Have No Data". My
problem lies with in the WHERE clause not finding up my passed variable
from my get/set function. I have done watch's on the variable and the data
name I'm looking for is present.
I thought my syntax was correct, but maybe it's not. Can someone look it
over and see if there is anything wrong with it and give me a correct
solution if there is something wrong. Thank you all in advance.
public string Extract_Parameter
{
get
{
return extract_parameter;
}
set
{
extract_parameter = value;
}
}
public void Load_Lunch_Menu_Extract()
{
try
{
//Connetion to DataBase
OleDbConnection myConnection = new OleDbConnection(@"Provider =
Microsoft.Jet.OLEDB.4.0;Data Source = C:\Host 017.mdb");
//Open Connection to DataBase
myConnection.Open();
//SQL Command for myConnection
OleDbCommand myCommand = myConnection.CreateCommand();
//Initialize SQL SELECT command to retrieve data
myCommand.CommandText = "SELECT * FROM [Food Lunch Menu] WHERE
[ItemCatagory] = 'Extract_Parameter'";
//Create DataReader
OleDbDataReader myDataReader = myCommand.ExecuteReader();
//Cycle through data and display
test = new ArrayList();
while(myDataReader.Read())
{
}
//Close Connection to DataBase
myDataReader.Close();
myConnection.Close();
test.Sort(0, test.Count, new ArrayList_Sort());
}
catch(Exception myException)
{
MessageBox.Show(myException.Message);
}
}
}
Thanks,
MikeY
.
- References:
- SQL WHERE Command Help [C# Win]
- From: MikeY
- SQL WHERE Command Help [C# Win]
- Prev by Date: Re: Wried problem
- Next by Date: Re: Check for null object
- Previous by thread: Re: SQL WHERE Command Help [C# Win]
- Next by thread: Re: App.Config and .NET 2.0
- Index(es):
Relevant Pages
|
