none
how to find record from sql 2005 database using InputBox

    Вопрос

  • You cannot vote on your own posthi

    I want to find any specific Master/Detail record using inputbox

    For example When I enter 00002 into inputBox then InputBox should search the related record both from master & detail table and my form will only show that record.

    Following is my code that is not giving me any result

      Dim com As New SqlCommand
            com.Connection = dbcon
            dbcon.Open()
            Dim INPUT As String = InputBox("Enter Search Words Here")
            Dim str As String = "SELECT * FROM REQUISTION WHERE RECEIVINGID = " & INPUT &
            RequistionBindingSource.Filter = INPUT

Все ответы

  • I can see this won't work.

    YOu try to pass a String value to ReceivingID then you need to use the apostrophy as below:

    Dimstr AsString="SELECT * FROM REQUISTION WHERE RECEIVINGID = '"&INPUT & "'"


  • actually recevingid datatype is nvarchar(50) in sql server
  • that is why you need to use the form of '00002'.

    if you don't use ' to close your value in your varialbe string you won't get back right value.

  • "00002" is a record no and using as a primary key actually I am doing this job to edit or view any specific record from the database because I am using bindingnavigator and bindingsource to manipulate the datas

    steven is this perfect way or not

    if  not please guide me any other way that is better for data editing

    qayyum


    • Изменено haqayyum 8 июня 2012 г. 9:48
  • I'm betting Steven is correct:  Try this temporary debugging statement after you compose str:  (forgive any syntax errors):   "MsgBox(str)".

    You'll see that the query is not being constructed as you expect.  It'll probably say something like "SELECT * FROM REQUISITION WHERE RECEIVINGID = 000021", or some other unusual concatenation of the part of the query leading up to the second ampersand, plus the RESULTS of the logical comparison "requisitinobinding source.filter = INPUT".

    Then, after you resolve that, the next step (if necessary) depends on the specific datatype of ReceivingID in your table:  If it's int, then data conversion will probably take care of it.  If the data in the DB is in the format "nnnnn" with leading zeroes, you may need to do your own padding with zeroes, or type data into the form in it's expected format.

    And of course, it's not safe to count on .net to filter out SQL Injection attack data being submitted into your form; Although .net "probably" filters them out for you, it's safer to shut out the window of opportunity.

    8 июня 2012 г. 12:26
  • You need to use parameters in your code, simply google on ADO.NET SqlParameter

    Dim com As New SqlCommand
            com.Connection = dbcon
            dbcon.Open()
            Dim INPUT As String = InputBox("Enter Search Words Here")
            Dim str As String = "SELECT * FROM REQUISTION WHERE RECEIVINGID = @Input"


    For every expert, there is an equal and opposite expert. - Becker's Law


    My blog

    • Предложено в качестве ответа dgjohnson 8 июня 2012 г. 20:33
    8 июня 2012 г. 20:29
  • thank you Naomi

    but your above suggested parameter not work

  • What exactly do you mean and what is your whole code now?

    For every expert, there is an equal and opposite expert. - Becker's Law


    My blog

    10 июня 2012 г. 2:57