ms access 2007 - Join query VB.net datareader -

July 15, 2014

my query on 2 different tables user table , zone table creating problem:

cmd.commandtext = "select  zone_name, zone_difference user_master inner join zones on user_master.zone_id = zones.id user_master.uname " & """" & usr_gl & """"  dim reader_q oledbdatareader  reader_q = cmd.executereader()

here, zone name , difference zones table , zone_id (from customer) , id (zones) in relation, user name (uname) coming outside usr_gl variable e.g. "admin"

it saying no value given 1 or 2 parameters. checked table columns , data. same query running independently access database.

is there wrong executing here?

yes, trying concatenate strings , no-no in code

cmd.commandtext = "select  zone_name, zone_difference " & _                   "user_master inner join zones on user_master.zone_id = zones.id " & _                   "where user_master.uname ?"  cmd.parameters.addwithvalue("@p1", usr_gl) dim reader_q oledbdatareader reader_q = cmd.executereader()

string concatenation considered bad practice because many problems arise correct string formatting (with quotes, decimals, dates) first problem sql injection worst of all. using parametrized queries should avoid of problems

Search This Blog

New Mian

ms access 2007 - Join query VB.net datareader -

Comments

Post a Comment

Popular posts from this blog

jquery - How can I dynamically add a browser tab? -

node.js - Getting the socket id,user id pair of a logged in user(s) -

keyboard - C++ GetAsyncKeyState alternative -