user3344443
user3344443

Reputation: 485

Operator '&' is not defined for type 'string' and 'system.guid'

I have some VB code trying to execute a sql in a function

Public Shared Function getBackgroundInfo(ByVal aID As Guid) As pd_ABC

    Dim SQLCMD As New SqlCommand
    Dim BackgroundInfoDS As New DataSet()

    SQL = "select * from tblABC where ID = '" & aID & "'"

.....

both my ID and aID is GUID type, but visual studio shows an error on where ID = '" & aID & "'" I wonder if there is a better way to do this? Or do I need to use parameterized query? Thanks for suggestions!

Upvotes: 0

Views: 4474

Answers (2)

Jon Egerton
Jon Egerton

Reputation: 41589

"select * from tblABC where ID = '" is a string, aID is a guid.

When you add aID into your string, use aID.ToString().

I would definitely recommend a parameterized version of your code though - for safety, code quality and general good practice.

Upvotes: 4

MarcinJuraszek
MarcinJuraszek

Reputation: 125650

You can call ToString() on Guid instance to get string representation of a guid:

SQL = "select * from tblABC where ID = '" & aID.ToString() & "'"

And answering your other question

Or do I need to use parameterized query?

You don't need to, but you probably should. It's safer and more readable to use parameterized queries.

Upvotes: 1

Related Questions