How to Use a parameter within SQL in Vb 2010 (web developer)

StackOverflow https://stackoverflow.com/questions/13432499

Pergunta

I am trying to work out SQL code in VB but I am having problems I have a simple database with the table admin with the columns UserName and Password.

I want to be able to read data from a text box and then input it into a SQL string… the SQL string works (I've tested it) and I can get it to output with a simple SELECT statement but I can't seem to get the SQL to read my Parameter.

Help?

Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    Call Password_Check(txtTestInput.Text)
End Sub

Public Sub Password_Check(ByVal Answer As String)

    Dim con As New SqlConnection
    Dim cmd As New SqlCommand
    Dim parameter As New SqlParameter("@Username", Answer)
    Try

        con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("Database1ConnectionString1").ConnectionString
        con.Open()
        cmd.Connection = con
        cmd.CommandText = " SELECT Password FROM Admin WHERE (UserName = @Username)"
        cmd.Parameters.Add(parameter)
        Dim lrd As SqlDataReader = cmd.ExecuteReader()

        While lrd.Read()
            Dim sothing As String

            sothing = lrd("Password").ToString
            If lrd("Password").ToString = txtPassword.Text Then
                lblTestData.Text = "passwordSuccess"
            ElseIf lrd("Password").ToString <> txtPassword.Text Then
                lblTestData.Text = "passwordFail...:("
            End If
        End While

    Catch ex As Exception
        lblTestData.Text = "Error while retrieving records on table..." & ex.Message
    Finally
        con.Close()
    End Try

End Sub
Foi útil?

Solução

in your code above: --> Dim parameter As New SqlParameter("@Username", Answer)

Can I suggest two options:

Dim parameter As New SqlParameter("@Username", sqldbtype.nvarchar)

parameter.value = Answer

or

cmd.CommandText = string.format("SELECT Password FROM Admin WHERE (UserName = {0})", Answer)

Full Code:

Public Sub Password_Check(ByVal Answer As String)

    Dim con As New SqlConnection
    Dim cmd As New SqlCommand
    Dim parameter As New SqlParameter("@Username", SqlDbType.NVarChar)
    parameter.Value = Answer
    Try

        con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("Database1ConnectionString1").ConnectionString
        con.Open()
        cmd.Connection = con
        cmd.CommandText = "SELECT Password FROM Admin WHERE (UserName = @Username)"
        cmd.Parameters.Add(parameter)
        Dim lrd As SqlDataReader = cmd.ExecuteReader()

        While lrd.Read()
            Dim sothing As String

            sothing = lrd("Password").ToString
            If lrd("Password").ToString = txtPassword.Text Then
                lblTestData.Text = "passwordSuccess"
            ElseIf lrd("Password").ToString <> txtPassword.Text Then
                lblTestData.Text = "passwordFail...:("
            End If
        End While

    Catch ex As Exception
        lblTestData.Text = "Error while retrieving records on table..." & ex.Message
    Finally
        con.Close()
    End Try

End Sub

Outras dicas

Regarding to your Database system it is possible that it does not support parameter names. Have you tried ? Wat DB System you used?

cmd.CommandText = " SELECT Password FROM Admin WHERE (UserName = ?)"
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top