Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

calling querystring within a db query syntax

Status
Not open for further replies.

ifntech

Programmer
Nov 4, 2004
80
US
This is what I was trying, the syntax will not run. What is the proper way to request myvalue within the select command.
VS underlines & myvalue &

<!--<script >
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
Dim myvalue as string = request.querystring("value")
End Sub
</script>-->
<asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>" SelectCommand="SELECT * From table WHERE (table.column1 = N' & myvalue & '">
</asp:SqlDataSource>
 
It seems this option of putting '"& myvlaue &"' is turned off in this version of Web Developer 2005. Is there any way I can turn it on?
 
Try proper capitalization?

Request.QueryString("value")
 
Code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) [b]Handles Me.Load[/b]
         Dim myvalue as String = Request.QueryString("value")

    End Sub

need to indicate what I bolded for the page load event to fire
 
need to indicate what I bolded for the page load event to fire
Only if the poster is using the code behind model (which I'm
assuming they are not as they have script tags in their example).

I'd suggest that the poster should look into using Parameterised queries rather than the method they've started using as it's leaving them open to SQL Injection attacks even when they do get it working.



____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Does not seem to help either.
' "& myvalue &" ' is the proper code ... isn't it? The code in the page looks like

<script>
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim myvalue as String = Request.QueryString("value")

End Sub

</script>
<asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>" SelectCommand="SELECT * From table WHERE (table.column1 = N' "& myvalue &" '>
</asp:SqlDataSource>

with same result.
 
try

Code:
<asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
            ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>" SelectCommand="SELECT * From table WHERE (table.column1 = N'<%= myvalue %>'>
        </asp:SqlDataSource>
 
Just to clarify my first point:
Microsoft said:
When you set the value of the AutoEventWireup attribute to true, the ASP.NET runtime does not require events to specify event handlers like Page_Load or Page_Init. This means that the Handles keyword in Visual Basic .NET does not have to be used in the server script in the Web Form.

Also, have a look at using paramaterised queries like I suggested above:




____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.
 
It compiles but retrieves no information from query. Are there any other additions to the code?
 
I have taken a look on parametrized queries, and tried code:
<%= myvalue %>
<# myvalue %>
<# Eval(myvalue) %>
<# Text(myvalue) %>
<# Bind(myvalue) %>
They all compile but don't show the query information at all.
 
Code so far -

<asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>" SelectCommand="SELECT * From table WHERE (table.column1 = N'<%= myvalue %>'>
</asp:SqlDataSource>
Are there any changes to be made for retrieving information from the query?
 
ca8msm gave a great link on creating SelectParameters, and that is what is needed to solve this problem.

Your SqlDataSource should read like this:
Code:
    <asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
            ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>" 
            SelectCommand="SELECT * From table WHERE (table.column1 = N + @MyValue">
            <SelectParameters>
                <asp:QueryStringParameter Name="MyValue" QueryStringField="value" Type="String" />
            </SelectParameters>            
    </asp:SqlDataSource>

Check the SQL statement, I'm not sure if N + @MyValue will work, but this is the right direction.

 
I have looked at the link. Even added as bookmark. This code is not recognized by the web developer 2005. It doesn't even compile with ' " & myvalue & " ',it errors it out. But the variable ' & myvalue & ' compiles.

The code you gave, again, compiles, but does not retrieve the query from database.
 
Code 1:
<asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>"
SelectCommand="SELECT * From table WHERE (table.column1 = N'&MyValue&'">
<SelectParameters>
<asp:QueryStringParameter Name="MyValue" QueryStringField="value" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Compiles.
Code 2:
<asp:SqlDataSource ID="SqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:testConnectionString1 %>"
ProviderName="<%$ ConnectionStrings:testConnectionString1.ProviderName %>"
SelectCommand="SELECT * From table WHERE (table.column1 = N'@MyValue'">
<SelectParameters>
<asp:QueryStringParameter Name="MyValue" QueryStringField="value" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Compiles.
But they don't retrieve.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top