-
March 6th, 2006, 12:43 PM
#1
Can find the record.
Below is the code i use for finding a record. I am getting the error "No value given for one or more required parameters". Please help.
PHP Code:
private void Find()
{
// to find a record in the database that matches the search
// either lastname, salesorder, systemId or activationkey can be used to find.
// The user would clear all the fields and type in one or more of these feilds
// The user clicks on find to find the record which matches the entered criteria.
if (this.integerTextBoxSystemID.Text !="" ||
this.textboxLastName.Text !="" ||
integerTextBoxSalesOrderNumber.Text !="" ||
this.textBoxActivationKey.Text !="")
{
try
{
string strFind;
String strLastName = "ContactLastName=" + textboxLastName.Text + " ";
String strSalesOrder = "SalesOrder=" + integerTextBoxSalesOrderNumber.Text + " ";
String strSystemID = "SystemID=" + integerTextBoxSystemID.Text + " ";
String strActivationKey = "ActivationKey=" + textBoxActivationKey.Text + " ";
String strWhere = ((textboxLastName.Text!="") ? strLastName + " and " : "" ) +
((integerTextBoxSalesOrderNumber.Text != "") ? (strSalesOrder + " and ") : "") +
((integerTextBoxSystemID.Text != "") ? strSystemID + " and " : "") +
((textBoxActivationKey.Text != "") ? strActivationKey : "") ;
int nFindLocation = strWhere.LastIndexOf("and");
if(nFindLocation > 0)
{
strWhere = strWhere.Substring(0,nFindLocation -2);
}
strFind = "select * from Customers where " + strWhere;
oleDbDataAdapter1.SelectCommand.CommandType = CommandType.Text;
oleDbDataAdapter1.SelectCommand.CommandText = strFind;
if(oleDbConnection1.State == ConnectionState.Open)
{
this.oleDbDataAdapter1.SelectCommand.ExecuteReader();
}
}
catch (Exception ex)
{
MessageBox.Show("Error finding the record: "+ex.Message,"Find Error",MessageBoxButtons.OK,MessageBoxIcon.Information);
} //try-catch
}
}
þ|êâšë rä†è rëþ|ïëš †hª† hë|þëd
-
March 6th, 2006, 12:53 PM
#2
Re: Can find the record.
At first I think it is a bad practise to build sql statement dynamically. It gives the chance of sql injections especially in your code, because you do not check the input of the textboxes.
The error ist quite simple. You forget the ' in your where statement. For instance
Code:
String strLastName = "ContactLastName=" + textboxLastName.Text + " "
will give "ContactLastName=Smith" instead of "ContactLastName='Smith' ".
Therefore you will get an SqlException.
Useful or not? Rate my posting. Thanks.
-
March 6th, 2006, 01:51 PM
#3
Re: Can find the record.
That was pretty evident once you pointed it out.. Thanks
þ|êâšë rä†è rëþ|ïëš †hª† hë|þëd
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|