sql - Error While Using "Like' in VB -


i have form takes input user in textbox display ("contains") record/data on grid. however, unable achieve input data thing. have been trying solve while now. dtatbase ms access. else works fine. appreciated.

here code: don't values in form grid whatsoever query.

p.s: beginner :) thanks!

imports system.data.oledb  public class form1      dim dbconnection oledbconnection     dim dbcommand oledbcommand     dim dbdataadapter oledbdataadapter     dim connectstring string = "provider = microsoft.jet.oledb.4.0;" & "data source=atg.mdb"     dim dtatg datatable     dim searchq, sqlstr string      private sub form1_load(byval sender system.object, byval e system.eventargs) handles mybase.load      end sub      private sub button2_click(byval sender system.object, byval e system.eventargs) handles button2.click         dim dtatg new datatable() ''// create new datatable          searchq = textbox1.text         dbdataadapter = new oledbdataadapter         sqlstr = "select * atg term " & """%" & cstr(textbox1.text) & "%"""          dbdataadapter.fill(dtatg)          datagrid1.datasource = dtatg     end sub  end class

what rdbms using?

select * atg term '% expression %'

don't pass values text boxes directly query strings.

  1. you didn't list selection criteria, aka columns, need specify @ least 1 column between select , or use select asterisk did above.
  2. in you're clause using asterisks instead of modulo aka percent signs. in sql field wildcard % not *.
  3. you're trying build string values text box. unless text box has validation in event enter:

123'; drop table atg;

so rendered string be:

select * atg term '% 123'; drop table atg; %'

now technically invalid sql, first 2 statements in query, if executed delete table database. solution check form input before pass value sql query , use sql parameters construct query without worrying people passing in malicious statements:

read here oledb samples using sql parameters

passing malicious statements through interfaces cause problems rdmbs via sql known sql injection.


Comments

Post a Comment

Popular posts from this blog

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

java - Output of Eclipse is rubbish -

i want write program in eclipse language different english. when display output using system.out program, displays output correctly in console editor. when accept input console , output it, output rubbish. how can solve it. many thnaks i'm not sure if problem, have character encoding problem. make sure you're using unicode, utf-8. you can read more @ official docs converting non-unicode text .
Read more

jquery - Confused with JSON data and normal data in Django ajax request -

i read json internet still have not got grasp of it. reading article http://webcloud.se/log/ajax-in-django-with-jquery/ i not understood first part function using json def xhr_test(request, format): if request.is_ajax(): if format == 'xml': mimetype = 'application/xml' if format == 'json': mimetype = 'application/javascript' data = serializers.serialize(format, examplemodel.objects.all()) return httpresponse(data,mimetype) # if want prevent non xhr calls else: return httpresponse(status=400) my main problems are from function getting format variable does format json mean data given function json or data recived json can give me simple example ouput of function data = serializers.serialize(format, examplemodel.objects.all()) how use data when response in jquery function if don't use json in above function how input , response chnage thanks ...
Read more