Automatically construct an sql statement.

Is it possible to bind several textboxes to the WHERE clause of an sql statement so that the WHERE section of an sql statement can be dynamically generated based on the contents of the text boxes?

For example, if a there is a "Condition" textbox and the user entered in "A1," then the WHERE clause would look like "WHERE condition = 'A1'"

Is is this possible? And if so, how?

[403 byte] By [Jaden] at [2007-11-11 10:22:09]

«« Application Architect | Overland Park, KS
»» [bcb]clx

# 1 Re: Automatically construct an sql statement.

You could do this:

Dim WhereClause As String = String.Format("WHERE condition = '{0}'", txtCondition.Text)

That, however, leaves you vulnerable to SQL injection (http://www.google.com/search?q=sql+injection). A more secure approach is to use a parameterized SQL statement:

Dim cmd As New SqlCommand("SELECT col1, col2 FROM TableName WHERE condition = ?")
cmd.Parameters.AddWithValue("@condition", txtCondition.Text)

Phil Weber at 2007-11-11 20:48:06 >

This is a Technology portal site for all the developer, It's a community, here you can post your question when you are learning, working, and soso...we'll make it better than yesterday Everyday...

Automatically construct an sql statement.

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic