StrataFrame Forum

select XXXXXx where in Bo

http://forum.strataframe.net/Topic17540.aspx

By Eric Leissler - 7/2/2008

Hi,

why this code

Me.ActeursBO1.FillDataTable("select * from acteurs where login = " & alltrim(Me.ColorizedTextBox1.Text))

deosn't run 

I have the error
 

column name not valid :'eric'

eric is the  login text   that i wrote in the colorizedtext??

i try  the code

me.acteursBO1.seek(" login = " & me.colorizedtext1.text)

and its dosent  run. its the same error

What i have to do ???

Thanks

Eric

 
By Trent L. Taylor - 7/2/2008

The problem is that you are trying to build a command string (which is generally not good practice) and not providing quotes.  You will want to create a parameterized query, otherwise your users can accidentally break your query code (i.e. add a quote in the text box, etc.)

Public Sub FillByLoginName(Byval loginName as String)

    '-- Establish Locals
    Dim cmd As New SqlCommand("SELECT * FROM acteurs WHERE login = @loginName")

    '-- Create the parameters
    cmd.Parameters.AddWIthvalue("@loginName", loginName).SqlDbType = SqlDbType.VarChar

    '-- Execute the query
    me.FillDataTable(cmd)
End Sub

Also, instead of programming queyr logic into a form, you should really create a method, like above, in the BO itself and then pass that over to the BO to execute the query instead of placing that logic in your form.

By Eric Leissler - 7/2/2008

thank's

i will try

Eric

By Michel Levy - 7/2/2008

Eric,

C'est exactement comme pour le SQL Pass-Through en VFP: il te manque des simples quotes autour de ta valeur alltrim(Me.ColorizedTextBox1.Text).

Comme tu l'as écrit, ta chaine de requete est select * from acteurs where login = eric
alors que tu devrais avoir select * from acteurs where login = 'eric'
donc une requete qui serait

Me.ActeursBO1.FillDataTable("select * from acteurs where login = '" & alltrim(Me.ColorizedTextBox1.Text)) &"'"

Mais il vaut mieux prendre l'habitude des requètes paramétrées comme te le montre Trent