here is my code
objConn = newSqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
objCmd = new SqlCommand("SELECT * FROM catalogue WHERE Title =" +Request.QueryString["detail"], objConn);
objConn.Open();
objRdr = objCmd.ExecuteReader();
DataList1.DataSource = objRdr;
DataList1.DataBind();
objRdr.Close();
objConn.Close();
I am trying to select records from the database where they match the query string.
However when I run it, i get an error at objRdr =objCmd.ExecuteReader();, incorrect Syntax Near, and the name of thequery string
Anyone have an idea?
ThanksHi,
Assuming Title is a string/char/vchar (or whatever) type in the database, you would have to enclose the value in quotes would you not? Like so:
... WHERE Title ='" + Request.QueryString["detail"] +"'", objConn);Just a guess though. I did not actually setup a test scenario.
James Steele|||
|||The error is due to the syntax in your sql statement. You can put a single quota around your value or use a parameterized query for better secure your code.
objConn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
objCmd = new SqlCommand("SELECT * FROM catalogue WHERE Title=@.detail, objConn);objCmd.Parameters.Add(New SQLParameter("@.detail", Request.QueryString["detail"]);
objConn.Open();
objRdr = objCmd.ExecuteReader();
DataList1.DataSource = objRdr;
DataList1.DataBind();
objRdr.Close();
objConn.Close();
i had that problem before...
try changeRequest.QueryString["detail"]
toRequest.QueryString("detail")
No comments:
Post a Comment