How to use xxxDataSource control with customised select SQL

  • Thread starter Thread starter Rabbit
  • Start date Start date
R

Rabbit

Hi,

I'm developing asp.net application which I would use AccessDataSource
control to retreive data, now when I come to design the SELECT query, i
don't know how to create a pattern matching type of query.

My query is something like "SELECT * FROM tbl_User WHERE username Like ?",
in which the parameter based on a textbox control, so that user can enter
their own search pattern with the knowledge of using "%". My question is how
to embed the % onto the parameter automatically for user, so they don't need
to remember this kind of technical syntax.

Anyone can help is highly appreciated!
 
Hi,

I'm developing asp.net application which I would use AccessDataSource
control to retreive data, now when I come to design the SELECT query, i
don't know how to create a pattern matching type of query.

My query is something like "SELECT * FROM tbl_User WHERE username Like ?",
in which the parameter based on a textbox control, so that user can enter
their own search pattern with the knowledge of using "%". My question is how
to embed the % onto the parameter automatically for user, so they don't need
to remember this kind of technical syntax.

Anyone can help is highly appreciated!
Click to expand...
Before setting the value of the parameter add the "%" to the data the user
entered:
YourCommand.Parameters["yourParameter"].Value = yourTextBox.Text + "%";

However this will only work with APPENDED "%" and LIKE will also work as LIKE
"%String" and LIKE "%String%".

Creating queries on web sites (and in GUI apps) using user entered data is
dangerous business, opening you up to SQL Injection attacks on your database.
Search the web for "SQL injection" before you consider doing this. You will
even find instructions for executing the attacks.

Otis Mukinfus
http://www.arltex.com
http://www.tomchilders.com
 
Back
Top