Query a Junction Table from MS Access Database in a ASP / C# Webpage

Question

I'm writing a ASP page where: Student Logs in -> Student Reaches Welcome Page w/ Link to Show them Their Enrolled Courses -> Linked Page Shows Course Info, Description etc.

I have MS Access database that has 3 tables: Students (containing student info), Courses (course info such as ID, description, and so forth), and EnrolledCourses (where EnrolledCourses is a junction table - I think that's the right term - of Students and Courses representing courses that students have signed up for).

I need to display what courses they are enrolled in and the course information so data from the EnrolledCourses which tells the enrolled courses and data from Courses which gives the details of the course. I'm having troubles figuring out what the query would be to pull that information up. This is what I have come up with so far:

{               
        //Give the command SQL to execute   
    comm.CommandText = "SELECT Courses.Id, Courses.CourseSubject, Courses.CourseName, Courses.CourseNumber, Courses.CourseDescription FROM Courses, StudentToCourse, Students WHERE Courses.Id = StudentToCourse.Courseid AND Session["id"] = StudentToCourse.Studentid";

}

Just wondering if this is on the right track? I keep getting a compilation error of: Compiler Error Message: CS1002: ; expected

Answer 1

Can you try this:

    comm.CommandText = "SELECT Courses.Id, Courses.CourseSubject, Courses.CourseName, Courses.CourseNumber, Courses.CourseDescription
FROM Courses, StudentToCourse, Students WHERE Courses.Id = StudentToCourse.Courseid AND StudentToCourse.Studentid = " + Session["id"];

But it has vulnerabilities. You should add parameters like:

comm.CommandText = "... StudentToCourse.Studentid=@studentID";
comm.Parameters.AddWithValue("@studentID", Session["id"]);

That's better/more secure.