I want to find any specific Master/Detail record using inputbox
For example When I enter 00002 into inputBox then InputBox should search the related record both from master & detail table and my form will only show that record.
Following is my code that is not giving me any result
Dim com As New SqlCommand
com.Connection = dbcon
Dim INPUT As String = InputBox("Enter Search Words Here")
Dim str As String = "SELECT * FROM REQUISTION WHERE RECEIVINGID = " & INPUT &
RequistionBindingSource.Filter = INPUT
"00002" is a record no and using as a primary key actually I am doing this job to edit or view any specific record from the database because I am using bindingnavigator and bindingsource to manipulate the datas
steven is this perfect way or not
if not please guide me any other way that is better for data editing
- Изменено haqayyum 8 июня 2012 г. 9:48
I'm betting Steven is correct: Try this temporary debugging statement after you compose str: (forgive any syntax errors): "MsgBox(str)".
You'll see that the query is not being constructed as you expect. It'll probably say something like "SELECT * FROM REQUISITION WHERE RECEIVINGID = 000021", or some other unusual concatenation of the part of the query leading up to the second ampersand, plus the RESULTS of the logical comparison "requisitinobinding source.filter = INPUT".
Then, after you resolve that, the next step (if necessary) depends on the specific datatype of ReceivingID in your table: If it's int, then data conversion will probably take care of it. If the data in the DB is in the format "nnnnn" with leading zeroes, you may need to do your own padding with zeroes, or type data into the form in it's expected format.
And of course, it's not safe to count on .net to filter out SQL Injection attack data being submitted into your form; Although .net "probably" filters them out for you, it's safer to shut out the window of opportunity.
You need to use parameters in your code, simply google on ADO.NET SqlParameter
Dim com As New SqlCommand com.Connection = dbcon dbcon.Open() Dim INPUT As String = InputBox("Enter Search Words Here") Dim str As String = "SELECT * FROM REQUISTION WHERE RECEIVINGID = @Input"
For every expert, there is an equal and opposite expert. - Becker's Law
- Предложено в качестве ответа dgjohnson 8 июня 2012 г. 20:33