SQL Statement with multiple conditions and Like values

Question

0.00/5 (No votes)

See more:

Greetings!

I am writing a VB.NET program that will be connecting to a SQL database programmically.

I have several SQL Statements that work just fine, however, one SQL Statements does not seem to work....

I have 2 tables in a database.

Table1
- employeeID
- employeName

Table2
- employeeID
- employeeBatchNumber
- employeezipcode
-employeephonenumber
-employeedeleted

What I need to do is search based on a text value from a combobox (employee name), however, I need to match employeeID's together to get the Table2 data..

What I have now is:

("Select Table2.employeeBatchNumber, Table2.employeezipcode, Table2.employeephonenumber, Table1.employeeName, Table1.employeeID from Table1, Table2 where Table2.employeedeleted = 'false' and Table2.employeeName like %" & ComboBox1.Text & "%' and Table1.employeeID = Table2.employee)", con)

this will fill a datagrid view with the results, however, it does not....

Can anyone look over my SQL Statement and let me know if you see anything wrong???

thanks in advanced

daveofgv

Posted 25-Apr-13 6:38am

daveofgv

Add a Solution

3 solutions

Solution 2

C#

string EmpName = ComboBox1.Text;

SqlCommand cmd = new SqlCommand("Select T2.employeeBatchNumber, T2.employeezipcode, T2.employeephonenumber, T1.employeeName, T1.employeeID FROM Table1 T1 INNER JOIN Table2 T2 ON T2.employeeID = T1.employeedID WHERE T2.employeedeleted = 0 AND T2.employeeName LIKE '"+EmpName+"'",con);

This is what it looks like with the very insecure way you're trying to do it. This is unacceptable in any real world environment though as ryan said, but just to give you a solution on the code you've provided this would be it.

Posted 25-Apr-13 7:56am

JasonMacD

Updated 25-Apr-13 10:48am

v2

Solution 3

Thank you for the reply..... With your answer - I got it to work... :)

I have accepted your answer and this can be closed.

Posted 25-Apr-13 8:19am

daveofgv

Comments

JasonMacD 25-Apr-13 16:50pm

If you'd like to comment on a solution use the 'Have a Question of Comment?' link to add a comment. This will keep you from getting down voted.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ZurdoDev · Accepted Answer · 2013-04-25T07:29:00

You need to use a join.

Try this:

SQL

SELECT t2.employeeBatchNumber, t2.employeezipcode, t2.employeephonenumber, t1.employeeName,    t1.employeeID
FROM Table1 t1
INNER JOIN Table2 t2 ON t1.employeeID = t2.employeeID
WHERE t2.employeedeleted = 'false' AND t2.employeeName LIKE @textBox

Then use a SqlCommand object and add the parameter. You need to look into SQL injections because as your code is now, someone how knows SQL could wipe out all your tables. It is very insecure.