Click here to Skip to main content
15,886,106 members
Search within:


Need to search in a database whille the criteria is a date field
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
VB
Hi All,

please i need your urgent help in solving the below problem..

I'm trying to fill a DataGridView with Access table but the selected data holding the below multiple criteria , the problem that it didn't results correctly as an error MSG appeared

below codes needs to be solved please..

P.S: if i removed the date section the query got executed correctly but i need the date criteria urgently plz

VB
Private Sub Supplier_Query()
        Dim Yesterday As DateTime = DateTime.Today.AddDays(-1)
        cnnOLEDB.ConnectionString = strConnectionString
        cnnOLEDB.Open()
        'Dim strUpdate As String
        Try
            Dim sqlQRY As String
            sqlQRY = "Select * From Customers WHERE SupplierName = '" & SuppNameVariable.Text & "' AND SupplierFeedbackDate = '.... / .... / .....' AND DateAdded <'" & CDate(Yesterday) & "'"
            Dim da As OleDbDataAdapter
            Dim ds As DataSet = New DataSet
            da = New OleDbDataAdapter(sqlQRY, cnnOLEDB)
            Dim cb As OleDbCommandBuilder = New OleDbCommandBuilder(da)
            da.Fill(ds, "Customers")
            Alerting_Escalation_Tool.DataGridViewCustomer.DataSource = ds
            Alerting_Escalation_Tool.DataGridViewCustomer.DataMember = "Customers"
        Catch ex As OleDbException
            MsgBox(ex.ToString)
        End Try
        cnnOLEDB.Close()
End  Sub()
Posted
Add a Solution
Comments
DamithSL 15-Dec-15 22:07pm    
what is the error message and what is the column data type of DateAdded in your access database?

2 solutions

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

—SA
 
Share this answer
 
Posted
This is how i fixed it..

and by the way the field DateAdded holds Date Type in data base design

sqlQRY = "Select * From Customers WHERE SupplierName = '" & SuppNameVariable.Text & "' AND SupplierFeedbackDate = '.... / .... / .....' AND DateAdded < #" + Yesterday + "#"

Thanks guys
Regards
Bassam
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Searching with date in SQL database
Searching related tables with multiple criteria
Need to group and sum on a criteria as specified
Conditional search on date field
How to list values from database using search criteria in MVC
Date criteria for SQL
Multiple search criteria for a database within C#
Database multiple search criteria
Search database or multiple criteria from front end...
Php and MYSQL typing % in a search field is getting all results from the table

Advertise
Privacy
Cookies
Terms of Use
Last Updated 16 Dec 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900