Reputation: 524
What is wrong with my this code, i think the select query is wrong?
What is wrong with my this code, i think the select query is wrong :
i have a textbox1, textbox2 and textbox3
when i type employee id in textbox1 and Email in textbox2 then in textbox3 the password will be retrieved according to employee id and email in database...
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
'Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId" = TextBox1.Text And "Email" = TextBox2.Text, SQLData)
Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True")
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId =" & TextBox1.Text & "And" & "Email" = TextBox2.Text, SQLData)
SQLData.Open()
Dim dtrReader As System.Data.SqlClient.SqlDataReader = cmdSelect.ExecuteReader()
If dtrReader.HasRows Then
While dtrReader.Read()
TextBox3.Text = dtrReader("Password")
End While
Else
TextBox3.Text = ("No customer found for the supplied ID.")
End If
dtrReader.Close()
SQLData.Close()
End Sub
Upvotes: 0
Views: 115
Answers (4)
Reputation: 43974
It would have been useful if you had posted the actual error message.
However, I think your SQL query is missing some spaces. It should be:
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId = " & TextBox1.Text & " And " & "Email = '" & TextBox2.Text & "'", SQLData)
Edit
As pointed out in other answers you should really be using parameters. I have provided a link to the MSDN article on using Parameters with the SQLCommand class
Upvotes: 0
Reputation: 958
- Why not giving your controls proper names?
- Never ever build your query string by string concatination, use SqlParameter instead (Especially in a ASP.NET application!), to avoid sql injection.
- Maybe you want to use HttpServerUtility.HtmlDecode too, to avoid injection of javascript and other nasty stuff on postback.
- Use usings for disposable objects like SqlConnection and SqlDataReader
- Yeah its definitely your SQL. There have to be syntax errors, because the query string is not concatenate correctly.
Upvotes: 2
Reputation: 46415
You haven't got quotes around the values, nor added any extra whitespace.
Really your query should have parameters in:
SELECT Password FROM a1_admins WHERE EmployeeId = @employeeID And Email = @email
Upvotes: 1
Reputation: 5976
Try this (note the quotes) - assuming that EmloyeeId is an int and Email is some kind of varchar
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId =" & TextBox1.Text & " And Email = '" & TextBox2.Text & "'", SQLData)
Upvotes: 0
Related Questions
- What is wrong with the query?
- Select statement have got error in VB.Net with mysql
- My mysql query is correct but in vb.net is wrong
- what is wrong with this select query
- My code is producing incorrect result. Can anyone please tell me what I am doing wrong?
- What is wrong with my query in asp.net?
- What is wrong with this query in asp.net?
- whats wrong in this vb.net code?
- What's wrong in this SELECT query?
- what is wrong in my this vb.net code