Sumit
Reputation: 1
What's wrong in this SELECT query?
Dim cmdSelect As New SqlCommand("SELECT DISTINCT [seat_remain] FROM [a1_ticket] WHERE serv_code =" & lab5.Text & "ORDER BY [Ticket_no] DESC", SQLData)
Upvotes: 0
Views: 110
Answers (2)
Darin Dimitrov
Reputation: 1038710
You are using string concatenation for constructing your SQL query instead of parametrized queries or stored procedures. That's what is wrong with it. Here's how to improve it:
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT DISTINCT [seat_remain] FROM [a1_ticket] WHERE serv_code = @serv_code ORDER BY [Ticket_no] DESC", SQLData)
cmdSelect.Parameters.AddWithValue("@serv_code", lab5.Text)
Now your query will work and not only this but it is safe against SQL injection.
Upvotes: 8
Cyril Gandon
Reputation: 17048
Missing quote :
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT DISTINCT [seat_remain] FROM [a1_ticket] WHERE serv_code ='" & lab5.Text & "' ORDER BY [Ticket_no] DESC", SQLData)
Upvotes: 3
Related Questions
- Syntax error (missing operator) in query
- SQL query is not working
- What is wrong with the query?
- what is wrong with this select query
- What is wrong with the following query?
- Vb, SQL statement error. Can't figure it out
- regarding an sql query error
- What was the problem in this query?
- What's wrong in my this SQL Server 2005 query?
- What is wrong with my this code, i think the select query is wrong?