database query in c# -
i facing problem access data given user if specifying query directly running fine
protected void button1_click(object sender, eventargs e) { try { string v = (enterid.text); cn.open(); sqlcommand sda = new sqlcommand("select name professor branch=***"+ v +"***", cn); sda.commandtype = commandtype.text; sqldatareader dr = sda.executereader(); while (dr.read()) { v = dr[0].tostring(); selectname.items.add(v); } dr.close(); } catch (exception ex) { messagebox.show(ex.message); } { cn.close(); } }
you need use quotes:
"select name professor branch='***"+ v +"***'" however must use parameters , not concatenate strings in query.
Comments
Post a Comment