|
capamaro wrote: ("'select * from emp where empno='" & Val(Text1(0).Text) & "'[insert space] and ename='" & Val(Text1(1).Text) & "'[insert space]and hidate=[#]" & Text1(5).Text & "[#];")
You have an extra single quote in that query and are missing some spacing. When in doubt do a Debug.Print SQLQuery to see how it looks to the database engine.
You should really take a look at the article below, it’s not in the same language, but the content is still worth reading. Protecting the database is your number one goal no matter who the end users are. The way your queries are run they are prime for SQL injection attacks.
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|
|
It is vulnerable to SQL injection.
(Also try wrapping the date in ##
A man said to the universe:
"Sir I exist!"
"However," replied the Universe, "The fact has not created in me A sense of obligation."
-- Stephen Crane
|
|
|
|
|
Hi,
I want to join 2 xml documents to get the result into one table. Can any one gives the syntax.
Regards,
Kalyan
|
|
|
|
|
I want to update a cell in a datagrid, and then update my database with the cellvalue - Hopefully, using a contextmenu.
I am using a data/adapter.fill for the grid
Gord Warwick
|
|
|
|
|
Isn't updating the cell in grid update the database automatically?
|
|
|
|
|
No...I would like some code examples, please
|
|
|
|
|
try this web site:
<a href="http://samples.gotdotnet.com/quickstart/aspplus/" rel="nofollow">http://samples.gotdotnet.com/quickstart/aspplus/</a>
|
|
|
|
|
Thanks...I am a Virgin (Novice) .NET developer
This is not an ASP.NET project...it is a WINDOWS app
|
|
|
|
|
Hi
What is the activex control name for PivotTable and SpreadSheet and Chart?
I want to use them in a "Windows Form Application".
|
|
|
|
|
I use C# to Insert values into tables.
Now, I have a table that has a automatic counter as the ID.
Is there away that after I make insert I will get the ID of the row ? or do I have to make another pass using select ?
|
|
|
|
|
clint1982 wrote: Is there away that after I make insert I will get the ID of the row ?
INSERT ....
SELECT SCOPE_IDENTITY() AS Id
|
|
|
|
|
Hi
I want to insert into a table information and if the value exists it shouldn't insert but also not throw an error message.
Is there any option to the insert statement ?
It is in SQL Server.
Thanks,
Clint
|
|
|
|
|
BEGIN TRANSACTION
IF NOT EXISTS (SELECT * FROM SomeTable WHERE SomeColumn = @SomeValue)
BEGIN
INSERT ....
END
END TRANSACTION
|
|
|
|
|
Is there anyway to avoid two passes over the table ?
|
|
|
|
|
Yes, but you'll have to catch the exception. The overhead for the exception is probably greater than the overhead for passing over the table twice in a single operation.
|
|
|
|
|
Are you doing from Sql Server itself orfrom a client application? If it's the case wich is the programming language you are using?
Marc.
... she said you are the perfect stranger she said baby let's keep it like this... Dire Straits
|
|
|
|
|
I have a sql statement were I am trying to do string comparison by passing a value.
SELECT CustName, CustAdd, CustCity, CustState, CustZip
FROM CustomerList
WHERE CustType = 1 OR CustType = 6 AND CustName >= @BNAME AND CustName <= @ENAME ORDER BY CustName
When the value passed is "z" and "z" it returns much more than that. Why is that so? Is it because the name is longer than "z"? How could I write this statement to work like I want it?
Thanx in advance
Jude
|
|
|
|
|
I'm not entirely sure what you want, is it something like this:
For table:
Alice
Bob
Charlie
Dave
Pass in 'B' and 'D', do you want to get everybody but Alice?
|
|
|
|
|
|
I suspect operator precedence is biting you. Put brackets around the 'OR' part, or use 'IN':
WHERE (CustType = 1 OR CustType = 6)
AND CustName >= @BNAME AND CustName <= @ENAME
WHERE CustType IN ( 1, 6 )
AND CustName >= @BNAME AND CustName <= @ENAME
|
|
|
|
|
That was it! Thanx alot!
Jude
|
|
|
|
|
Well, it works...to a point. Let's say that ENAME = "z" or "Z", "Zelda" is not included, but it is not included when ENAME = "ZZZZZZ" or "zzzzzz". That boggles my mind
Jude
|
|
|
|
|
We are just starting the use of BindingSource between two datagrids so that when a record is selected in table A, the detail is shown from table B. Works just great!!
The problem is that our dba runs mini-builds that reconstruct our schema every week in all environments except for production. (through a tool called Erwin(?) ) This, of course, immediately breaks our BindingSource since all of the relationship tables are renamed.
How do I programmatically discover the name of the relationship table that binds tableA to tableB??
Any info -- even an article -- would be a life saver.
Thanks.
|
|
|
|
|
Shoot the dba.
We need to graduate from the ridiculous notion that greed is some kind of elixir for capitalism - it's the downfall of capitalism. Self-interest, maybe, but self-interest run amok does not serve anyone. The core value of conscious capitalism is enlightened self-interest.
Patricia Aburdene
|
|
|
|
|
I agree. With a small caliber gun, starting at the feet and working your way up.
|
|
|
|