MySQL Forums
Forum List  »  Newbie

Re: "where" select commands
Posted by: Phillip Ward
Date: April 19, 2018 10:03AM

comm.CommandText is a String variable that just happens to contain some text that is meaningful to your DBMS.

You assemble it as a String, but what you end up with in that string has to be sensible SQL.

Always give yourself the opportunity to examine the assembled string value (usually to copy and paste it into your favourite database utility to make sure that it works!).

comm.CommandText = "select * from daten where Ort like txt.Text";

What would you expect the SQL
select * from daten where Ort like txt.Text
to do?

comm.CommandText = "select * from daten where Ort like 'txt.Text'";

What would you expect the SQL
select * from daten where Ort like 'txt.Text'
to do?

What you're looking for is more like this:

comm.CommandText = "select * from daten where Ort like '" + txt.Text + "'";
which gives you the SQL
select * from daten where Ort like 'whatever you typed into theTextBox txt'

Of course, in any "real" application, you wouldn't do that either, because you'd be using parameterised statements to avoid SQL injection attacks
(Obligatory XKCD reference: Little Bobby Tables).

Regards, Phill W.

Options: ReplyQuote


Subject
Written By
Posted
April 19, 2018 08:31AM
Re: "where" select commands
April 19, 2018 10:03AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.