index > .NET Framework Data Access and Storage > HELP!! writing sql in vb.net (ado.net)

HELP!! writing sql in vb.net (ado.net)

i want to select data from tblcontacts table using the WHERE...LIKE statement so it'll return values that will begin with a certain letter.

this letter will be entered in a textbox and on btn click will return the info to a listbox...

how can this be done??!

i used the below code to retrieve all info from the db, is the syntax for above similar??

Dim strsql = "SELECT * FROM tblContacts"

Try

conClass = New SqlConnection(conStr)

cmdMbr = New SqlCommand(strsql, conClass)

conClass.Open()

rdrMbr = cmdMbr.ExecuteReader

ListBox1.Items.Clear()

While rdrMbr.Read ' if there is data in the database rows then

ListBox1.Items.Add(rdrMbr.Item("FirstName") & " " & rdrMbr.Item("Surname") & " " & rdrMbr.Item("Address1") & ", " & rdrMbr.Item("Address2") & ", " & rdrMbr.Item("Address3") & " " & rdrMbr.Item("Postcode") & " " & rdrMbr.Item("Phone"))

' show the info in the fieldname String

End While

rdrMbr.Close()

cmdMbr.Dispose()

conClass.Close()

Catch ex As Exception ' if the above does not happen/work then display error in msgbox

ListBox1.Items.Clear()

MsgBox(ex.Message)

End Try

graycode

From the sounds of it you want to change your sql statement to look somthing like the following.

sql = "Select * From tblContacts where <fieldName> like '" + textBox1.text.Trim() + "%'"

This assumes of course that you are doing the appropriate validation on the textbox input.

Sabrecat

and by validation you mean what exactly? and whats the difference between

SELECT * from tblContacts WHERE FirstName =(""&textbox1.text&"", dbconnection) and

SELECT * from tblContacts WHERE FirstName = ""+textbox1.text.Trim()+"%""??

graycode

The only problem with this is it exposes your application to sql injection attack, which is not good.

You want to avoid concatenating SQL whenever possible.

So the solution is to use a parameter like the example below:

SqlConnection conn = null;
SqlCommand cmd = null;
try
{
conn = new SqlConnection( CONNECT + "Pooling=False;" );
conn.Open();

// This code below just creates test table and inserts some test values...
xsql_noerror( conn, "drop table tblTest" );
xsql( conn, "create table tblTest(f1 varchar(255))" );
xsql( conn, "insert into tblTest(f1) values ('aaa')" );
xsql( conn, "insert into tblTest(f1) values ('bbb')" );
xsql( conn, "insert into tblTest(f1) values ('ccc')" );

// This code demos how to use LIKE with parameter (the safe way to avoid concatenation).
cmd = conn.CreateCommand();
cmd.CommandText = "select * from tblTest where f1 like @p1"; // Create parameter @p1
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add("@p1", SqlDbType.VarChar, 255); // Set @p1 to matching type for field f1
cmd.Parameters[0].Value = "a%"; // Set parameter value with % at end for matching.
SqlDataReader dr = cmd.ExecuteReader(); // Fetch our data reader.
while (dr.Read())
{
System.Diagnostics.Debug.WriteLine(dr[0].ToString());
}
dr.Dispose();
cmd.Dispose();
}
catch( SqlException sqlEX )
{
System.Diagnostics.Debug.WriteLine( "sqlEX.Number=" + sqlEX.Number );
System.Diagnostics.Debug.WriteLine( "sqlEX.Message=" + sqlEX.Message );
}
finally
{
conn.Dispose();
}



Matt Neerincx [MSFT]
Matt Neerincx
reply 4

You can use google to search for other answers

 

More Articles

• mapping issue in ado.net when executeNonQuery is called
• DB_E_BADROWHANDLE(0x80040E04)]??when using [OleDbDataAdapter.fil...
• Executing Oracle function using ADO.Net
• Test if a MDB is Corrupted
• DOA2016.DLL
• help: I need to view all the tables in a SQL Server Dataset
• access sql server database with vb
• Images from the database
• Please Help ME!!! Web Service about Client side load Server side ...
• DataAdapters - Please help Im confused
Bookmark and Share
Welcome to Bokebb   New Update  
 

New Articles

• Table Adapter, set foreign key fields on
• Question about data access with datasets
• insert row into table with autoincrement
• Trusted_Connection Problem with VS2005
• The provider could not determine the Dec
• Error : VFPOLEDB1.0 is not registered on
• ADO Recordset Getting Closed in C#
• {"Object must implement IConvertibl
• Pulling Data From Two Different Databases
• odbccommand object returning DBNull
• Application Blocks
• Data Sources Window
• retrieve schema info for a SQL statement
• Number of Query values and destination f
• SQL server 2005 data base with visual st

Hot Articles

• ADO Datareader Bug? Datareader creates a
• Update without Parameter
• How to insert null values into the datab
• ExecuteNonQuery asynchronously
• Should I reinstall?
• Get SAP data
• data objects and their limitations
• Same Problem on using System.Transactions
• Connecting SqlExpress from .net 1.1
• Program hangs on remote connection when
• i need help with passing parameters in t
• database MDI application Dataset update
• Create Table in SQL - VB does not show i
• DataView with DateTime comparation
• Microsoft.ApplicationBlocks.Data.SqlHelp

Recommend Articles

• Best way to create multiline T-SQL in .N
• How do I display the Connection string b
• Internal .Net Framework Data Provider er
• ODBC or OLEDB
• Same Problems
• Merging two datatables with different co
• Data Relation Causing a Performance Hit???
• Add rows to DataTable
• Connection problem to an Excel File with
• Save data as xml file
• Typed Dataset Question #2
• .Net 2.0 Web App linking to SQL 2000
• ODBC Wizard can't create insert/update/d
• My database doesn't update !!!???
• Confused on the setup of VS with SQL Ser
index |  sitemap         Powered by xichy{at}163.com