Confused with the select command, need help

  • Thread starter Thread starter Gene
  • Start date Start date
G

Gene

I'm confused with the select command,
sometimes, I need to use # and sometimes use &.
For example,
select * from employee where name ='" & TextBox13.Text & "'"
The problem is I don't know when to use which symbol ( # or & )
Can anyone help???
or Are there any website teaching this???
Did msdn.com provide a solution for me????
 
Hi Gene,

Are you talking about concatenating strings?
You can use + or & (i guess this is an leftover from VB).
When do you use #?
 
I don't think i'm talking about concatenating strings,
what i trying to ask is the the symbols in the sql statement in commandtext
sqldataadapter.selectcommand.commandtext = "select .........."
if i use date in the sql statement, i have to use #,
and sometimes others.
I'm confused with this.
 
Hi Gene,

It depends on database server you are using.
You should rater use parametrized commands (you pass values as parameters
rather than put them in sql command).
Which database are you using?
 
Hi Gene,

Generally, use # for dates, single quotes for strings. A good way to test
what may be needed is to to use sql server's query analyzer or the like
routine in MS Access to test the string. Also, you may sometimes have to
use chr(39) in place of ' when the number of single quotes become a problem
(likewise for chr(34) in place of ").

HTH,

Bernie Yaeger
 
thx,
I'm using sql server 2000
Would you mind telling me more about that (pass values as parameters
rather than put them in sql command) ?
 
THX for answer,
I'm new to sql server, I use MS Access before.
but I'll try to use sql servers' query analyzer
 
Hi Gene,

Simple example:
instead of

[C#]
sqlcommand.CommandText = "SELECT * FROM Category WHERE CategoryID = 1";

you would use
sqlcommand.commandtext = "SELECT * FROM Category WHERE CategoryID =
@CategoryID ";
sqlcommand.Parameters.Add("@CategoryID", SqlDbType.Int);
sqlcommand.Parameters["@CategoryID"].Value = 1;

So, instead of putting parameter values into sql command, you use
parameters.
This way is faster if you need to execute more same commands with different
parameters (server parses command only once) and way more secure.

There is plenty of info in .net help.
For beginning you might check
Using Parameters with a DataAdapter
help topic.
 
Oh, I see~
THX!!!

Miha Markic said:
Hi Gene,

Simple example:
instead of

[C#]
sqlcommand.CommandText = "SELECT * FROM Category WHERE CategoryID = 1";

you would use
sqlcommand.commandtext = "SELECT * FROM Category WHERE CategoryID =
@CategoryID ";
sqlcommand.Parameters.Add("@CategoryID", SqlDbType.Int);
sqlcommand.Parameters["@CategoryID"].Value = 1;

So, instead of putting parameter values into sql command, you use
parameters.
This way is faster if you need to execute more same commands with different
parameters (server parses command only once) and way more secure.

There is plenty of info in .net help.
For beginning you might check
Using Parameters with a DataAdapter
help topic.

--
Miha Markic - RightHand .NET consulting & development
miha at rthand com
www.rhand.com

Gene said:
thx,
I'm using sql server 2000
Would you mind telling me more about that (pass values as parameters
rather than put them in sql command) ?
Click to expand...
Click to expand...
 
Back
Top