How do i...display a data on my windows form with search button and search textbox

Question

1.00/5 (2 votes)

See more:

Already have a code under the search button but when I debug and type in IDnum, it doesn't display any thing

What I have tried:

This is what my code look like:

Dim src As SqlCommand = sqlcommand("select * from Admission WHERE FolderNumber='"& txtFolder.Text & "'", DBcon)
Dim rd As SqlDataReader = src.ExecuteReader

Posted 26-Oct-17 4:55am

Adepa Acqosuah Banieh

Updated 27-Oct-17 1:40am

Add a Solution

Comments

Sinisa Hajnal 26-Oct-17 11:12am

FIRST AND FOREMOST: NEVER TRUST USER INPUT. Google SQL Injection...or try to enter into your textbox the following text (without brackets): [ '; DROP TABLE ADMISSION; -- ]

Second, you got the reader, that doesn't mean you can get the variable filled automatically, you need to rd.GetString or whatever the type of ID is. Google it, it should be faster than you waiting for an answer here. Do some work yourself before asking.

phil.o 27-Oct-17 3:23am

Well done... you just suggested the user to enter something that will actually drop his/her table. While drawing user's attention on SQL injections is a good thing, you should take care to do it in a way that is not ambiguous.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Lockwood · Accepted Answer · 2017-10-27T01:40:00

Solution 1

Here's a basic shell.
You'll need to build around it, but this is the foundation for you to work from.

VB

Using src As New SqlCommand("SELECT * FROM Admissions WHERE FolderNumber = @FolderNumber",DBCon)
    src.Parameters.AddwithValue("FolderNumber",txtFolder.Text)
    DBCon.Open
    Using rd = src.ExecuteReader
        Do While rd.Read
            Debug.Print(rd("FieldName"))
        Loop
    End Using
End Using

Posted 27-Oct-17 1:40am

Lockwood

Comments

Adepa Acqosuah Banieh 27-Oct-17 9:48am

@Lockwood thanks very much for the answer code but I was able to fix it in a different

Lockwood 30-Oct-17 9:32am

Excellent.

You MUST pay serious thought to SQL Injection attack though, hopefully your different solution takes that into account.