Click here to Skip to main content
15,867,308 members
Home / Discussions / ASP.NET
   

ASP.NET

 
Questionhow to auto print label in vb to be in the database Pin
IsdKirti L&tSou20-Feb-23 0:06
IsdKirti L&tSou20-Feb-23 0:06 
AnswerRe: how to auto print label in vb to be in the database Pin
Richard Deeming20-Feb-23 0:45
mveRichard Deeming20-Feb-23 0:45 
QuestionIs it possible to use OData in local mode? Pin
Alex Wright 202217-Feb-23 21:28
Alex Wright 202217-Feb-23 21:28 
QuestionHow to enable nested json result in OData (ASP.NET Core API) Pin
Alex Wright 202214-Feb-23 20:57
Alex Wright 202214-Feb-23 20:57 
AnswerRe: How to enable nested json result in OData (ASP.NET Core API) Pin
Richard Deeming14-Feb-23 22:11
mveRichard Deeming14-Feb-23 22:11 
GeneralRe: How to enable nested json result in OData (ASP.NET Core API) Pin
Alex Wright 202214-Feb-23 22:33
Alex Wright 202214-Feb-23 22:33 
Question(SOLVED) Having problem showing just a section of a page. Pin
samflex16-Jan-23 10:40
samflex16-Jan-23 10:40 
SuggestionRe: Having problem showing just a section of a page. Pin
Richard Deeming16-Jan-23 22:11
mveRichard Deeming16-Jan-23 22:11 
samflex wrote:
VB.NET
Dim sqlStatement As String = "Select o.PrimaryFirst, o.PrimaryLast, ap.applicant, FORMAT(ap.DateReceived, 'd','us') as DateReceived,o.SecondaryFirst,o.SecondaryLast,ad.InstallAddress,ad.InstallCity, ad.InstallState, ad.InstallZip, ad.WaterAcctNo from Applications ap "
sqlStatement += "inner Join Addresses ad on ap.WaterAccountNo = ad.WaterAcctNo inner join Owner o on ap.OwnerCode = o.OwnerID Where ad.InstallAddress Like '%" & address.Replace("'", "''").Trim() & "%'"
Your code is almost certainly vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
VB.NET
Const sqlStatement As String = "Select o.PrimaryFirst, o.PrimaryLast, ap.applicant, FORMAT(ap.DateReceived, 'd','us') as DateReceived, o.SecondaryFirst, o.SecondaryLast, ad.InstallAddress, ad.InstallCity, ad.InstallState, ad.InstallZip, ad.WaterAcctNo from Applications ap inner Join Addresses ad on ap.WaterAccountNo = ad.WaterAcctNo inner join Owner o on ap.OwnerCode = o.OwnerID Where ad.InstallAddress Like @query"

Using sqlCmd2 As New SqlCommand(sqlStatement, myConnection)
    sqlCmd2.Parameters.AddWithValue("@query", address.Trim())
    Using reader As SqlDataReader = sqlCmd2.ExecuteReader()
        If reader.HasRows Then
            div1.Visible = False
            While reader.Read()
                ' NB: Overwriting the contents of a single set of controls with the
                '     data from each record; you will only display the last record.
                
                installationAddress.Text = String.Format("{0} {1}, {2} {3}", reader("InstallAddress"), reader("InstallCity"), reader("InstallState"), reader("InstallZip"))
                waterAccountNumber.Text = reader("WaterAcctNo").ToString()
                ownerInformation.Text = String.Format("{0} {1}", reader("PrimaryFirst"), reader("PrimaryLast"))
                dateReceived.Text = reader("dateReceived").ToString()
                applicantName.Text = reader("applicant").ToString()
            End While
        Else
            div1.Visible = True
        End If
    End Using
End Using




"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: Having problem showing just a section of a page. Pin
samflex17-Jan-23 6:21
samflex17-Jan-23 6:21 
QuestionASP.NET core web api Pin
tixzre28-Dec-22 7:15
tixzre28-Dec-22 7:15 
AnswerRe: ASP.NET core web api Pin
tixzre29-Dec-22 5:41
tixzre29-Dec-22 5:41 
GeneralRe: ASP.NET core web api Pin
Richard Deeming5-Jan-23 0:28
mveRichard Deeming5-Jan-23 0:28 
QuestionStore Rich Text in DATA Base Pin
CARBER25-Nov-22 22:05
CARBER25-Nov-22 22:05 
AnswerRe: Store Rich Text in DATA Base Pin
RedDk26-Nov-22 9:08
RedDk26-Nov-22 9:08 
GeneralRe: Store Rich Text in DATA Base Pin
CARBER26-Nov-22 11:03
CARBER26-Nov-22 11:03 
AnswerRe: Store Rich Text in DATA Base Pin
Sam Hobbs26-Nov-22 12:22
Sam Hobbs26-Nov-22 12:22 
QuestionSuggestion on searching thru jobs and resumes Pin
Michael Clinton21-Oct-22 9:44
Michael Clinton21-Oct-22 9:44 
AnswerRe: Suggestion on searching thru jobs and resumes Pin
Richard MacCutchan21-Oct-22 21:43
mveRichard MacCutchan21-Oct-22 21:43 
AnswerRe: Suggestion on searching thru jobs and resumes Pin
rareprob solutions31-Oct-22 22:54
rareprob solutions31-Oct-22 22:54 
AnswerRe: Suggestion on searching thru jobs and resumes Pin
jsc4226-Nov-22 4:59
professionaljsc4226-Nov-22 4:59 
Question(SOLVED) Error: The string was not recognized as a valid DateTime. There is an unknown word starting at index 0. Pin
samflex19-Oct-22 8:11
samflex19-Oct-22 8:11 
AnswerRe: Error: The string was not recognized as a valid DateTime. There is an unknown word starting at index 0. Pin
Dave Kreskowiak19-Oct-22 12:26
mveDave Kreskowiak19-Oct-22 12:26 
GeneralRe: Error: The string was not recognized as a valid DateTime. There is an unknown word starting at index 0. Pin
samflex20-Oct-22 7:03
samflex20-Oct-22 7:03 
AnswerRe: (SOLVED) Error: The string was not recognized as a valid DateTime. There is an unknown word starting at index 0. Pin
Eddy Vluggen20-Oct-22 21:56
professionalEddy Vluggen20-Oct-22 21:56 
QuestionHow to Add Add Microsoft Extensions Hosting Manually in .Net Project Pin
Member 1279932118-Oct-22 8:43
Member 1279932118-Oct-22 8:43 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.