how to find record from sql 2005 database using InputBox
-
8 июня 2012 г. 8:44
hiI want to find any specific Master/Detail record using inputbox
For example When I enter 00002 into inputBox then InputBox should search the related record both from master & detail table and my form will only show that record.
Following is my code that is not giving me any result
Dim com As New SqlCommand
com.Connection = dbcon
dbcon.Open()
Dim INPUT As String = InputBox("Enter Search Words Here")
Dim str As String = "SELECT * FROM REQUISTION WHERE RECEIVINGID = " & INPUT &
RequistionBindingSource.Filter = INPUT
Все ответы
-
8 июня 2012 г. 9:23
I can see this won't work.
YOu try to pass a String value to ReceivingID then you need to use the apostrophy as below:
Dimstr AsString="SELECT * FROM REQUISTION WHERE RECEIVINGID = '"&INPUT & "'"
- Изменено Steven Wang - Shangzhou 8 июня 2012 г. 9:24
-
8 июня 2012 г. 9:31actually recevingid datatype is nvarchar(50) in sql server
-
8 июня 2012 г. 9:33
that is why you need to use the form of '00002'.
if you don't use ' to close your value in your varialbe string you won't get back right value.
-
8 июня 2012 г. 9:45
"00002" is a record no and using as a primary key actually I am doing this job to edit or view any specific record from the database because I am using bindingnavigator and bindingsource to manipulate the datas
steven is this perfect way or not
if not please guide me any other way that is better for data editing
qayyum
- Изменено haqayyum 8 июня 2012 г. 9:48
-
8 июня 2012 г. 12:26
I'm betting Steven is correct: Try this temporary debugging statement after you compose str: (forgive any syntax errors): "MsgBox(str)".
You'll see that the query is not being constructed as you expect. It'll probably say something like "SELECT * FROM REQUISITION WHERE RECEIVINGID = 000021", or some other unusual concatenation of the part of the query leading up to the second ampersand, plus the RESULTS of the logical comparison "requisitinobinding source.filter = INPUT".
Then, after you resolve that, the next step (if necessary) depends on the specific datatype of ReceivingID in your table: If it's int, then data conversion will probably take care of it. If the data in the DB is in the format "nnnnn" with leading zeroes, you may need to do your own padding with zeroes, or type data into the form in it's expected format.
And of course, it's not safe to count on .net to filter out SQL Injection attack data being submitted into your form; Although .net "probably" filters them out for you, it's safer to shut out the window of opportunity.
-
8 июня 2012 г. 20:29Модератор
You need to use parameters in your code, simply google on ADO.NET SqlParameter
Dim com As New SqlCommand com.Connection = dbcon dbcon.Open() Dim INPUT As String = InputBox("Enter Search Words Here") Dim str As String = "SELECT * FROM REQUISTION WHERE RECEIVINGID = @Input"
For every expert, there is an equal and opposite expert. - Becker's Law
My blog- Предложено в качестве ответа dgjohnson 8 июня 2012 г. 20:33
-
9 июня 2012 г. 4:32
thank you Naomi
but your above suggested parameter not work
-
10 июня 2012 г. 2:57МодераторWhat exactly do you mean and what is your whole code now?
For every expert, there is an equal and opposite expert. - Becker's Law
My blog
.png)
