Database VB.net

Question

How to retrieve the data from Database in VB.net

I am using SELECT* FROM tbl1 WHERE Col1 = 'Chaitra'

My requirement is there is one Textbox, I have retrieved text from that textbox & assigns to a variable called str1.

Now I have to compare this variable with database (SELECT* FROM tbl1 WHERE Col1 = str1).

Can we write like this? or is there any other way to do this?

Answer 1

Use parameters to prevent Sql-Injection

Dim t As New DataTable()
Using c As New SqlConnection(connectionString)
      c.Open()
      Using a As New SqlDataAdapter("SELECT* FROM tbl1 WHERE Col1 = @Col1", c)
          'use the appropriate SqlDbType'
          a.SelectCommand.Parameters.Add("@Col1", SqlDbType.NChar, 5, "Col1")
          a.SelectCommand.Parameters("@Col1").Value = str1
          a.Fill(t)
      End Using
End Using
Return t

Edit: according to your comment that you want to query MS Access

Dim t as New DataTable
Dim adapter As OleDbDataAdapter = New OleDbDataAdapter()
Dim command As OleDbCommand

Using connection As New OleDbConnection(connectionString)
    ' Create the SelectCommand.
    command = New OleDbCommand("SELECT * FROM Users " & _
        "WHERE UserName = ?", connection)

    command.Parameters.Add("UserName", OleDbType.VarChar, 20).Value = userName 'userName is a string variable

    adapter.SelectCommand = command
    connection.Open()
    adapter.Fill(t) 't is the DataTable that holds all columns of the User
End Using

http://msdn.microsoft.com/en-us/library/bbw6zyha.aspx