c# - Where to/ how to put the value in for a place holder, in a sSQL statement -

-

i have ssql statement want select values database, based on selected value of drop down list. here code.

string ssql = "";          ssql = ("select * tbl_tripprefixdestination country {0}", ddlcountryselect.selecteditem.text);         ssql += "";         ssql += "";          openconnection(conn);         datatable dt = new datatable();         sqlcommand cmd = new sqlcommand(ssql, conn);

to me seems right way this, yet still errors. can please me? ( dont mind

at simplest level need:

ssql = string.format("select * tbl_tripprefixdestination country '%{0}%'", ddlcountryselect.selecteditem.text);

if you're doing wild card search or

ssql = string.format("select * tbl_tripprefixdestination country = '{0}'", ddlcountryselect.selecteditem.text);

for exact match.

but should @ sqlparameter object: 

ssql = "select * tbl_tripprefixdestination country = @country"; ... sqlparameter param = new sqlparameter("@country", ddlcountryselect.selecteditem.text); sqlcommand cmd = new sqlcommand(ssql, conn); cmd.parameters.add(param);

as paulg says, 1 (big) reason using sqlparameter database automatically escape data preventing injection attacks - , improved performance. http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/


Comments

Post a Comment

Popular posts from this blog

Hatching array of circles in AutoCAD using c# -

-
i beginner in autocad plugins .i have created array of circle using following code. now, have hatch circles in array .how that??how hatch circles @ once? moreover, how can return hatch method , use hatch objects.sorry language.thanks in advance. [assembly: commandclass(typeof(beamsection.class1))] namespace beamsection { public class class1 { //class1 obj = new class1(); [commandmethod("beamatsupport")] public void addlightweightpolyline() { // current document , database document acdoc = application.documentmanager.mdiactivedocument; database accurdb = acdoc.database; promptpointresult ppr = acdoc.editor.getpoint("\nselect starting point "); var ucs = acdoc.editor.currentusercoordinatesystem; point3d startingpt = ppr.value.transformby(ucs); list<double> radius = new list<double>(); radius.add(0.5);
Read more

ios - UITEXTFIELD InputView Uipicker not working in swift -

-
hello trying pop uipickerview view programmatically when user clicks on textfield. have tried doesn't doing anything. isn't working. nothing happening when click textfield class userprofiletableviewcontroller: uitableviewcontroller,uitextfielddelegate,uipickerviewdelegate,uipickerviewdatasource { var itempicker: uipickerview! = uipickerview() @iboutlet weak var gendertxtfield: uitextfield! var gender = ["male","female"] override func viewdidload() { super.viewdidload() gendertxtfield.delegate = self itempicker!.delegate = self itempicker!.datasource = self itempicker!.backgroundcolor = uicolor.blackcolor() self.gendertxtfield.inputview = itempicker } func numberofcomponentsinpickerview(pickerview: uipickerview) -> int{ return 1 } // returns # of rows in each component.. func pickerview(pickerview: uipickerview, numberofrowsincomponent component:
Read more

Python Pig Latin Translator -

-
so have been working on @ codecademy.com while trying learn python. don't know if blind , can't see why won't work or what. here's code won't let me use. function print variable if had typed in , print "empty" if didn't type anything. print "welcome english pig latin translator!" original = raw_input("what's name?") if len(original) > 0 print original else print "empty" if len(original) > 0 else the above lines contains syntax errors. try: if len(original) > 0: else: note added colons, ( : ).
Read more