Prolem with parameter!

  • Thread starter Thread starter rcoco
  • Start date Start date
R

rcoco

I'm having an error message sounding like :
Prepared statement '(@id text)SELECT * from isp_email.staff where @id
like +txtname.' expects parameter @id, which was not supplied.
This message appear when I press button to select a row at run time.
What could be the problem?

SqlCommand myCommand = new SqlCommand();
myCommand.Connection=con;
myCommand.CommandText="SELECT * from isp_email.staff where @id like
+txtname.Text";
SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
myparam.Value=ID;
myCommand.Parameters.Add(myparam);
SqlDataAdapter myAdapter=new SqlDataAdapter(myCommand);
DataSet ds = new DataSet();
myAdapter.Fill(ds);
con.Open();
myCommand.ExecuteNonQuery();
dgupdate.DataSource=ds;
dgupdate.DataBind();
con.Close();
Thank you.
 
I believe the statement needs to be

myCommand.CommandText="SELECT * from isp_email.staff where id like"
+ txtname.Text;

Remove the parameter code.
Move the last " to after like.
 
I forgot to add % to the SQL statement. It should be:

myCommand.CommandText="SELECT * from isp_email.staff where id like %" +
txtname.Text + "%";

my apologies...
 
you code allows sql injection it should be:

myCommand.CommandText=@"
select *
from isp_email.staff
where id like @id + '%'";
SqlParameter myparam = new SqlParameter("@id",SqlDbType.Text);
myparam.Value=txtname.Text;
myCommand.Parameters.Add(myparam);


-- bruce (sqlwork.com)
 
Back
Top